Exit sudo in the middle of a shell script
Solution 1
Have you considered modifying the script to prefix sudo
to the commands needing to be run as root? sudo
's inbuilt credential caching mechanism will mean you should only need to answer a password prompt once, unless the shell script runs for a very long time.
Solution 2
Don't use sudo su
or su - <user>
, because you open a subshell with this command. This won't work very well.
Please use
sudo "su commands"
for example sudo "ls /home"
if you really want use sudo su
, you can use it by typing for example
sudo su -c "ls /tmp"
if you have more then one command, separate it by ;
sudo su -c "ls /tmp/; whoami"
Related videos on Youtube
TomJ
Updated on September 18, 2022Comments
-
TomJ over 1 year
I have a shell script in which most of the commands need to be run under sudo; however, the last few commands need to be run as the current user. Is there a way I can exit sudo and switch to the currently logged in user?
If I was running it all from the command line, I could do something like:
sudo su [su commands] exit [user commands]
However,
exit
will stop the script at that command.-
Aaron Miller over 10 yearsHave you considered modifying the script to prefix
sudo
to the commands needing to be run as root?sudo
's inbuilt credential caching mechanism will mean you should only need to answer a password prompt once, unless the shell script runs for a very long time. -
Aaron Miller over 10 yearsFailing that, you might try adding
su $USER
after the root commands, and before those to be run as the current user; I'm pretty sure every bash that hasn't been twisted into complete perversity sets$USER
, so that should be able to serve as a generic method of producing a shell with the logged-in user's permissions. -
Tim over 10 yearsAre you sure everything happens as you write it?
sudo su
should open a root shell for you and the script should not advance until you leave it. Then[su commands]
will be executed (with your user account) and finallyexit
ends the script. Consider addingwhoami
at several positions to the script to see who is the active user at different points in the script. -
Aaron Miller over 10 yearsFailing that, what if you just
su -
instead ofsudo su
? That should prompt for the root password and then produce an elevated shell, but I'm uncertain how the followingexit
will behave in a shell script context -- this is why it's often preferable to use Perl or Python for these sorts of tasks; they may seem to present a higher bar to entry, but their much more predictable and less warty behavior more than repays the effort of gaining familiarity. -
Tim over 10 years@AaronMiller (2nd post) I would not do that. If everything is working as written by TomJ this would mean that after leaving this inner user shell the user (or script) would is given root privileges again.
-
Aaron Miller over 10 years@Tim Fair; I assumed from the structure of the asker's example that the user commands were followed by an implicit exit at EOF, but (assuming the user-level commands actually do come last) perhaps an explicit
exit
would be the safest option. (As long assu
,sudo
, &c. are invoked within the script, and it avoids invoking anything which can be hijacked to accept and execute arbitrary commands, I don't see a way for the invoker to get root privilege and misbehave with it. On the other hand, if security is a concern, I'd recommend using some language more predictable than shell.) -
TomJ over 10 yearsThe script initially needed to be run as sudo. So you would do
sudo script.sh
. I wanted to keep that syntax but drop the sudo for the last part, hence my attempt to use exit. However, I didn't realize that it would only prompt me once for sudo's password. So I'll just prefix the commands that need to run as sudo as such to solve the problem. -
Aaron Miller over 10 years@TomJ Fair enough; comment converted to answer.
-
-
Juliane Holzt over 10 yearsOr one can put the sequence of commands to be executed through sudo into a shell script and just do
sudo script
. -
Błażej Michalik almost 6 yearsThe "caching" mechanism you're describing may not necessarily be enabled on a given machine. I have it disabled.
-
xeruf about 3 yearsThere's two issues with that: 1) Caching may expire within the script or be disabled altogether 2) Canceling the script becomes tough, because you often can't cancel a sudo prompt with Ctrl-C