Proper way to let user enter password for a bash script using only the GUI (with the terminal hidden)

bash scripts sudo gui kde4
24,595

The -A sudo option allows you to specify a helper program (in the SUDO_ASKPASS variable) that will ask for the password.

Create a script to ask the password (myaskpass.sh):

#!/bin/bash
zenity --password --title=Authentication

Then insert this line at the beginning of your script:

export SUDO_ASKPASS="/path/to/myaskpass.sh"

and replace all occurences of sudo <command> with:

sudo -A <command>

You can use whatever password asking program you want instead of zenity. I had to encapsulate it within a script because SUDO_ASKPASS must point to a file, so it won't work with the --password option required by zenity.

The above works like a charm if it runs from command line or if you choose Run in terminal after double click the script file in the file manager, but if you choose Run or try to launch it from a .desktop file every sudo will ask for the for password again.

If you don't want a terminal window at all, you can store the password in a variable and pipe it to sudo -S. Maybe there's some security concerns, but I think it's pretty safe (read the comments on this answer).

Insert this line at the beginning of your script:

PASSWD="$(zenity --password --title=Authentication)\n"

and replace all occurences of sudo <command> with:

echo -e $PASSWD | sudo -S <command>
Share:
24,595

Related videos on Youtube

MountainX
Author by

MountainX

You may be interested in the story of SE moderator Monica Cellio and how she was unfairly treated by the corporate management of this site. More info here. An update is available. Let's hope we can cultivate a more fair environment for content creators and moderators going forward.

Updated on September 18, 2022

Comments

  • MountainX
    MountainX over 1 year

    I have made a bash script that uses kdialog exclusively for interacting with the user. It is launched from a ".desktop" file so the user never sees the terminal. It looks 100% like a GUI app (even though it is just a bash script). It runs in KDE only (Kubuntu 12.04).

    My only problem is handling password input securely and conveniently. I can't find a satisfactory solution.

    The script was designed to be run as a normal user and to prompt for the password when a sudo command is first needed. In this way, most commands, those not requiring sudo rights, are run as the normal user. What happens (when the script is run from the terminal) is that the user is prompted for their password once and the default sudo timeout allows the script to finish, including any additional sudo commands, without prompting the user again. This is how I want it to work when run behind the GUI too.

    The main problem is that using kdesudo to launch my script, which is the standard GUI way, means that the entire script is executed by the root user. So file ownerships get assigned to the root user, I can't rely upon ~/ in paths, and many other things are less than ideal. Running the entire script as the root user is just a very unsatisfactory solution and I think it is a bad practice.

    I appreciate any ideas for letting a user enter the sudo password just once via GUI while not running the whole script as root. Thanks.

  • MountainX
    MountainX almost 11 years
    Thank you. That's very interesting. However, when using this the usual sudo timeout (e.g., 15 minutes) is lost. My script, which has over 50 sudo commands now prompts for the user's password 50+ times! I googled around a bit and I didn't see a solution. Do you know one?
  • Eric Carvalho
    Eric Carvalho almost 11 years
    Running this script from command line, the password is asked only once. Running from GUI (clicking .desktop or .sh in file manager) every sudo -A reasks the password. I'll try to figure this out.
  • Eric Carvalho
    Eric Carvalho almost 11 years
    I just updated my answer.
  • MountainX
    MountainX almost 11 years
    Thanks for the update. The alternative you suggest is something I had ruled out due to security concerns, but from reading the comments at the link you provided, I think it is probably secure enough. And it is an easy way to solve the issue. Thank you.
  • WinEunuuchs2Unix
    WinEunuuchs2Unix over 7 years
    Testing on my system it has to be sudo -s (lower-case s) and not sudo -S (upper-case s).
  • anthony
    anthony about 7 years
    Eric... did you figure out a solution to the problem?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Create zip files in /var/www/html using crontabs
How can I run sudo gedit as gksu gedit
sudo: ./abc.sh: command not found
Fast way to create gui for bash app
How to execute sudo commands with Expect & send commands in bash script?
Command to run GUI Frontend for apt-get update
How do I run commands as a non-root user in a script started with root permissions?
Where should I put my Bash scripts?
Run a command that requires sudo after a time has passed
How to enter password only once in a bash script needing sudo