I have a small bash script:
#!/bin/bash
touch dummy.txt
If I execute this script with sudo then it will create dummy.txt which will be root protected.
What I want to do is:
Regardless of whether this script is executed using sudo or a normal user, the file dummy.txt should not be root protected.
You could test if the script is being run via sudo using the EUID and SUDO_USER variables, and then execute touch as SUDO_USER if true - something like
#!/bin/bash
if [[ $EUID -eq 0 ]] && [[ -n $SUDO_USER ]]; then
sudo -u "$SUDO_USER" touch dummy.txt
else
touch dummy.txt
fi
== used for string comparison. Since $EUID is supposed to return integer value, I'd recommend you use -ed comparison. Spaces are allowed in usernames , so probably quote the $SUDO_USER variable. Otherwise, good answer - this is something I personally would use.
– Sergiy Kolodyazhnyy
Nov 18 '16 at 08:09
sudo -u if it detects that it's running as root. The OP talked about having multiple commands in one script. But be careful to avoid an infinite loop on errors.
– Peter Cordes
Nov 18 '16 at 09:34
[[...]] so not strictly necessary to quote the variable within the if statement @Serg and I gues -ed was a typo for -eq
– Arronical
Nov 18 '16 at 09:39
-eq. Didn't know [[ doesn't have word splitting. Thanks. Personally, I'd still quote for the sake of good scripting habits
– Sergiy Kolodyazhnyy
Nov 18 '16 at 10:06
== catch, don't know why I didn't spot that (it was late here...)
– steeldriver
Nov 18 '16 at 12:57
(( EUID == 0 )) && [[ -n $SUDO_USER ]]. Note the optional omitting of the dollar sign and the use of == instead of the, IMO ugly, -eq.
– Dennis Williamson
Nov 18 '16 at 22:46
sudo su - doesn't leave SUDO_USER in the environment, so this would leave a root-protected file in that case.
– muru
Dec 08 '16 at 06:06
If your script is not meant to be run as root, the safest way to solve the problem is to abort the execution of the script at the very beginning:
if [ "$EUID" = 0 ]; then
echo "This script must NOT be run as root"
exit 1
fi
Optionally, you can re-execute your script as a fallback user (e.g. sudo -u FALLBACK_USER "$0") instead of simply aborting.
Trying to fix the quirks of individual commands will make your script unnecessarily complex and hard to debug. Every time you modify it, you'll have to do all the testing twice (as a regular user, then as root), and fix all the root-related bugs that arise. It's not a future-proof solution, so to say.
By default files created with root accound have permissions like so:
-rw-r--r-- 1 root root 0 11月 17 23:25 rootfile.txt
Here file belongs to root user and root group, and is readable and writable by root, but only readable by others.
Simplest approach would be just to chown the file back to the original user.
chown username:group_name dummy.txt
You can use $SUDO_USER variable that is accessible only when sudo is called, like so:
chown "$SUDO_USER":"$SUDO_USER" dummy.txt
If you're running script as regular user, the chown part is not needed at all, so you might want to consider using if-statement or && test to test for the case when script is run as root, and do something along these lines:
#!/bin/bash
touch dummy.txt
[ $UID -eq 0 ] && chown "$SUDO_USER":"$SUDO_USER" dummy.txt
The above is recommended approach. There are others, like using chmod to change read-write-execute permissions for users and group, but it's not recommended.
sudo , then no - you can't ignore it. Your option is either run script as regular user ( which I don't understand why you dont do , since you're simply creating a file for your user here ) or change file ownership like i show in my answer.
– Sergiy Kolodyazhnyy
Nov 18 '16 at 07:05
chownandchmodin your script to set ownership and permissions as desired. – fkraiem Nov 18 '16 at 09:33