2

I have a script that checks if Java version 8 is installed on my system. If not, the script installs it. Also once it makes sure that correct java version is installed it checks if $JAVA_HOME variable is set properly.

I am doing this by adding JAVA_HOME path to my /etc/environment file. Everything till here works.

In the next step however, when I try to reload the /etc/environment file using source command, it does not load the new file.

I believe this is due to user running the script. I am running the script as root user. However I need to run source /etc/environment as non-root user and the have rest of the commands run as root.

I have tried sudo with the -u and su with -u -c commands, however this has not worked for me. Any pointers to how this could be done would be great help. Thanks

Subhasis Bose
  • 131
  • 1
    "I believe this is due to user running the script" that sounds unlikely - can you [edit] your question to show the commands you are using, and explain how you arrived at that conclusion? – steeldriver Apr 10 '19 at 12:58
  • 2
    I feel that the approach to run an entire script as root except for one specific command that should be run as another user is inherently flawed. I would do it the other way around: run the script as user, and prefix all the commands inside the script that should run with root privileges with sudo. This way you're sure not to execute any command as root "by mistake". Note that the script will still ask for your password only once, since, after the first sudo command, sudo remembers your password for 15 minutes (by default). – Malte Skoruppa Apr 10 '19 at 13:12
  • You can use sudo to gain rights for the user. And running from root, you shouldn't need to enter password. – Soren A Apr 10 '19 at 13:18
  • @MalteSkoruppa Thanks for your response, I tried your approach and it worked for me. I now have all the the commands that needed root privileges prefixed with sudo, and it worked like a charm. I do not know why I did not think of doing this. If you make your comment an answer, I would be happy to accept it as solution. Thanks again. – Subhasis Bose Apr 11 '19 at 04:59
  • @SubhasisBose Happy to help, I posted my comment as an answer. This way it'll hopefully help more people in the future. :) – Malte Skoruppa Apr 11 '19 at 08:18

1 Answers1

1

I feel that the approach to run an entire script as root except for one specific command that should be run as another user is inherently flawed. I would suggest to do it the other way around: run the script as user, and prefix all the commands inside the script that should run with root privileges with sudo.

This way, you're sure not to accidentally execute any command as root which you could have run as a normal user instead.

Note that the script will still ask for your password only once, since, after the first sudo command, sudo remembers your password for 15 minutes (by default). That is, unless your script runs for more than 15 minutes. Even then, it's possible to increase sudo's default timeout, but that's perhaps beyond the scope of this question.

Of course, it all depends on your situation. There may be situations where doing it the other way around is better: You can also run the script as root and drop root privileges by prefixing the command that should run with the privileges of username with sudo -u username. Also see the comments under this answer for a short discussion of the pros and cons. (Note that said answer itself suggests that it is usually better to run the entire script as root and dropping privileges where needed, instead of running the entire script as user and acquiring root privileges where necessary. I beg to differ. It certainly all depends on your situation. From a security standpoint, the latter approach is safer. But if that is not a concern, the former approach has some slight advantages from a technical standpoint. See the discussion under the linked answer.)

Malte Skoruppa
  • 13,196
  • 5
  • 57
  • 65