How to login as root from Bash and do stuff

bash shell sudo su here-document

93,027

Solution 1

You can pipe the password and send it in the command inside the script.

echo "password" | sudo -S

But it is not a good idea to send the password in the command line. If you need more information on how to login as root from the script, you can look at the answer provided here.

However, if it is for experimental purposes, we can use the expect to enter the password from command line. The script needs be modified like below.

#!/usr/bin/expect -f 
spawn sudo -s <<EOF 
expect "assword for username:" 
send -- "user-password\r" 
expect eof

The last line is needed since we need to press the Enter after inputting the password. As Tian suggested, it is not a good idea to send the root password in the shell script.

Solution 2

Embedding the root password in the script isn't a good idea, from a security point of view, this is probably why su attempts to get it initially from a terminal.

Using sudo is a better route to take, it's more flexible, you can configure it to allow only particular commands, or even certain users to run a program/script with or without using a password (man sudo).

@Ketan's reference is also worth reading.

Solution 3

I GOT ANSWER FROM here

Doing this kind of stuff is not safe or standard practice (in fact many consider it disasterous), it is really not a good idea to put a password in a script. A more standard approach would be simply to expect the whole script to be executed with root privileges, or just to have the script prompt for a password. You can also allow various commands to be run via sudo without a password by particular users by using the NOPASSWD option in /etc/suoders.

However, now that you are aware of the risks, it is possible to use sudo -kS to have sudo read the password from stdin:

sudo -kSs << EOF
password
whoami
echo "Not a good idea to have a password encoded in plain text"
EOF

93,027

MLSC

Updated on September 18, 2022

Comments

MLSC over 1 year

This is my simple bash:

cat test.sh

#!/bin/bash 
echo "hello"
su - root -c /path/to/script.sh <<EOF
password                              
EOF
whoami
echo "good bye"

But I get this error:

./test.sh
hello
su: must be run from a terminal
<current-user>
good bye

(OR)

cat test2.sh
#!/bin/bash 
echo "hello"
sudo su <<EOF
password                              
EOF
whoami
echo "good bye"

Again another error

(OR)

cat test3.sh
#!/bin/bash 
echo "hello"
su root <<EOF
password                              
EOF
whoami
echo "good bye"

again error...

when I try:

#!/bin/bash
echo "hello"
sudo -s <<EOF
<password>
echo Now I am root
id                                                                      
echo "yes!"
EOF
whoami
echo "good bye"

Then the output is:

./script.sh
hello
[sudo] password for <user>:

I also changed my script to:

#!/usr/bin/expect -f
spawn sudo -s <<EOF
expect "assword for user:"
send -- "password\r"
expect eof

and output is:

spawn sudo -s <<EOF
[sudo] password for user:
/bin/bash: <<EOF: command not found

Also which sh output is /bin/sh

How can I resolve the error in these three scripts?

Ketan Maheshwari about 10 years

See this: stackoverflow.com/questions/20616022/…
X Tian about 10 years

when it asks you for a password, then give it your own password (not root password). If you run it again, it can cache the password and not ask again (depends on config). and remove <password> line
MLSC about 10 years

no...I don't want use caching...you are right..but for first time I want enter password and do stuff

Ramesh about 10 years

Is the option that I specified working?
MLSC about 10 years

No really, the error is:sudo: root: command not found
Ramesh about 10 years

Take a look at this link. Apparently, you need the -s flag only. stackoverflow.com/questions/11636840/…
MLSC about 10 years

good..question: doesn't need to enter password?
Ramesh about 10 years

Which flavor of Linux distribution you are using? My guess is, if it is debian based, sudo -s should not prompt you to enter the password. Anyways, it is worth trying the script in the link that I provided. If it is asking for password, then you might need to embed the password from command line as I had earlier posted, which is obviously not a good idea.
MLSC about 10 years

ubuntu..and please see UPDATE2
Ramesh about 10 years

let us continue this discussion in chat
MLSC about 10 years

Ok see update2..I am in chat :)
MLSC about 10 years

sorry, how can I put message in chatroot? this is not enable for me!!!!!!I just see your comments
MLSC about 10 years

output of which sh >>> /bin/sh
Graeme about 10 years

Hmm, this answer looks familiar...
MLSC about 10 years

yes..I remove it.. and put it here and in superuser..ok?
MLSC about 10 years

really I put it here for helping others...I didn't want to bother you...please put the anser I'll remove it
Graeme about 10 years

No prob, maybe a link to the original would be good though. SE won't allow duplicate answers on the same question anyway, even if one is deleted.
Graeme about 10 years

If you are going to use the -S option with sudo, is a good idea to use -k too. This makes sure the password is not left on stdin, eg if the user has already recently entered in the parent shell.
Ramesh about 10 years

yeah, but if we use expect do we need -k set?
Graeme about 10 years

Don't think so, AFAIK expect won't send anything if there is no password prompt
Ramesh about 10 years

yeah, after expect I am using send to input the password in my script.
Graeme about 10 years

Daresay this is a good answer, might as well upvote it :)
MLSC about 10 years

pretty good..I am thankful really...you can do it in superuser if you want :D
Graeme about 10 years

No, you go ahead. I don't really go on there anyway. I updated the original answer though.