0

I am trying to create a bash script that starts with the user executing a sudo -s command.

This is my script:

#!/bin/bash
SSH_USER=testuser
SUDO_PASSWD=secretpassword
FILE=/www/a/logs/service.log

MACHINES=( 'machine1' );
for HOST in ${MACHINES[@]}; do
    ssh -t -l "$SSH_USER" "$HOST" "echo '$SUDO_PASSWD' | sudo -Ss chmod 777 $FILE"
done

I feel like this script should not prompt me for the password but it does. I do not want to have to input the password 30 different times. I have tried multiple versions where I hard code the password into the script but I still get prompted to enter in a password. HELP ME PLEASE. I'm VERY new at creating bash scripts and need some serious guidance.

Improve this question
10
  • I've tried to fix the formatting of your code, which was broken. Please check that I didn't change the content inadvertently. Commented Jan 18, 2014 at 23:11
  • 1
    Most importantly: don't hardcode your root password! That's exactly the kind of thing that you shouldn't do if you're the least bit concerned about security. Commented Jan 18, 2014 at 23:30
  • I know, hard coding my password is the ultimate no-no but I need to do it this one time. This script isnt a cronjob is will be ran one time and that is it. Once the script runs I will delete its contents. Commented Jan 18, 2014 at 23:38
  • I am now seeing the error "[sudo] password for testuser: Connection to <server> closed Commented Jan 18, 2014 at 23:41
  • But did the chmod happen? Not sure that's actually an error. Commented Jan 18, 2014 at 23:48

2 Answers 2

Reset to default
3

The idea you have there will never work as sudo(1) does not read passwords from standard input unless it's a terminal. Hardcoding passwords into a script is also very bad idea, as pointed out repeatedly in comments.

If you really want to make this happen (I recommend against it), you should do edit /etc/sudoers in your target machine to let you run sudo(1) without it asking a password for things you need to be done without a password. For that you should not let yourself run any chmod command lines without a password, but instead create a script in target machine (for example ´/usr/local/bin/do-my-promiscuous-chmod`) then tell sudo to let you run just that script without asking a password.

For example adding the following to /etc/sudoers will let user "foo" run /usr/local/sbin/do-unsafe without a password and with root privileges:

foo ALL = (root) NOPASSWD: /usr/local/sbin/do-unsafe
Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

The following command works for me and I enter one password - ssh -l graeme localhost "echo mypassword | sudo -Ss chmod 777 test". Sudo will read a password from stdin if you give it the -S option, as in the question.
True. I should have my glasses on.
Thanks for everyones help. Ive decided to get a key to make this process easier.
the script file /usr/local/sbin/do-unsafe Needs an executing privilege? If so, it is worth mentioning.
0

Agree with Sami, no hardcoding password in scripts.

more suggestions.

If the script needn't run as root, and can be run by some other application admin account, such as DBA, you should nominate to that user only to limit the permissions, such as:

foo ALL = (dba) NOPASSWD: /usr/local/sbin/do-unsafe

Secondly, don't give any files with 777 permissions, it is unsafe. Think some others way, such as ACL permission set. 

chmod 777 $FILE
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.