From manpage of sudo:
-S, –stdin
Write the prompt to the standard error and read the password from the
standard input instead of using the terminal device. The password must
be followed by a newline character.
What is the purpose of using sudo -S
instead of just sudo
?
-
Is it correct that
sudo
by default read password from standard input? -
What is the purpose of "Write the prompt to the standard error"? Does
sudo
by default write it to the standard output? -
Do they both require that the password must be followed by a newline character?
For example, in https://stackoverflow.com/a/39553081/156458, sudo -S true
still requires typing in password, so how does it solve the original question in that post? I found that link when I searched for solution to Shall I run a sudo-required script in some shell configuration file?
Thanks.
Update:
The reply by J.Taylor said
sudo
does not read the password from stdin by default – it reads it from the terminal interface.
I was wondering how to understand it in terms of implementation.
Is it correct that when a program reads from standard input, it reads from file descriptor 0 to which the standard input is always binded?
Why can't I tell whether sudo
uses standard input or terminal when usingsudo
without -S
?
How can a program (such as sudo -S
) achieve to read from terminal instead of standard input?
Best Answer
sudo
does not read the password from stdin by default - it reads it from the terminal interface. Usingsudo -S
allows you to pipe the password in from another command/file like this:printf "yourpassword\n" | sudo -S nano /etc/apt/sources.list
This could be used in a shell script to log in to sudo without being prompted for a password, but you need to be careful not to execute this kind of thing from the shell directly, because then your sudo password would be in the shell history.