Bash Scripting: Require script to be run as root (or with sudo)
Solution 1
To pull the effective uid use this command:
id -u
If the result is ‘0’ then the script is either running as root, or using sudo. You can run the check by doing something like:
if [[ $(/usr/bin/id -u) -ne 0 ]]; then
echo "Not running as root"
exit
fi
Solution 2
I assume you know that by changing the ownership to root
chown root:root file
and setting the permissions to 700
chmod 700 file
you will accomplish the same thing - without the suggestion to run as sudo.
But I will post this answer for completeness.
Solution 3
The bash variable $EUID
shows the effective UID the script is running at, if you want to make sure the script runs as root, check wether $EUID
contains the value 0 or not:
if [[ $EUID -ne 0 ]]; then
echo "$0 is not running as root. Try using sudo."
exit 2
fi
This is better than the solution with /usr/bin/id
(for bash scripts!) because it doesn't require an external command.
Solution 4
You can use whoami command as well.
if [ ! "`whoami`" = "root" ]
then
echo "\nPlease run script as root."
exit 1
fi
Solution 5
What is your objective here, to inform the user that they should run the script as root or as some kind of security precaution?
If you just want to inform the user than any of the uid suggestions are fine, but they're as useful as tyres on a horse as a security precaution - there's nothing to stop a user from copying the script, taking out the if statement, and running it anyway.
If this is a security issue then the script should be set to 700, owned by root:root, so that it is not readable or executable by any other user.
Jeremy Noonan
Updated on September 17, 2022Comments
-
Jeremy Noonan almost 2 years
I'm trying to write a bash script (in Ubuntu) that will backup a directory using tar.
How can I do a check in the script so that it can only be run as root (or with sudo)?
For instance, if a user runs the script, it should say that this script must be run with sudo privileges, and then quit. If the script is executed as root, it will continue past the check.
I know there has to be an easy solution, I just haven't been able to find it by googling.
-
flickerfly over 3 yearsRecently, I've seen things like systemd elevate privileges automatically with user password entered. I'd be interested in an answer that can not only alert the user they don't have the needed permissions, but offer to elevate it for them instead of forcing a restart.
-
-
ktower almost 15 yearsI'd recommend fully-qualifying the path to id (e.g., /usr/bin/id). Otherwise a devious user could write their own script/binary that always returns 0 and then put it in a location that exists earlier in the executing users' path.
-
Scott Pack almost 15 yearsAgreed. Fixing with an edit.
-
AWesley almost 15 yearsAnyone 'devious' trying to run the script won't be stopped by you using the full path to id.
-
Chris almost 15 yearsI agree with theother... it's a bash script. Qualifying the 'id' bin won't stop anyone who is seriously intent on getting around the check anyway. Better to leave it unqualified for portability.
-
Chris almost 15 yearsThis is a more appopriate solution than the accepted answer. - My $0.02
-
lakshmi over 12 yearsOr, it could be the script requires access to files or commands only accessible to root in order to carry out its work, as in my case
-
GregB about 12 yearsThis doesn't address the "sudo" requirement.
-
0xSheepdog almost 8 yearsActually the uid 0 is the special user account with full privilege. "root" is simply the most common label/name mapped to that UID. It doesn't have to be 'root' and an attacker may try to exploit this.
-
Chaim Eliyah over 7 yearsSide note: checking the script into git becomes harder. To fix,
sudo git add <file>
-
neuhaus over 4 yearsGood idea. However the question asked for a script that quit, not ran sudo by itself.