Run script as root at login (no sudoer user, shell session)
Solution 1
Just to go back to the sudoers method, I think you were almost there before you gave up. Looking at your latest comments, I'd just like to address something that will probably fix things for you:
If you run a script as root, you don't need to call sudo from within it.
I have a script like this:
#! /bin/bash
echo $USER
whoami
If I run sudo ./myscript
I see root
returned for both those. The session that script is running in is a root shell.
In short that means that everything you do in your script already has root permissions. You don't need to call sudo
(not that it should hurt - root
usually has sudo
permissions).
So write your script, chown
it to root
and chmod
it to 700
(so only root can run, read, or edit it) and then just allow your user[s] to run it through sudoers. That should work.
If it's not working, it's likely a bigger issue with the script, not the permissions framework. I'd suggest giving a user full sudo
access (adding to admin group is the easiest way) and then running your script.
Solution 2
Step 1. create a script with the bind command using any editor. For example:
sudo emacs bind_user_directories.sh
contents:
#!/bin/bash
#NOTE: this file would be placed in /usr/local/sbin/ folder as bind_user_directories.sh
#alternatively it could be placed in /etc/init.d/ ... (I guess)
### BEGIN INIT INFO
# Provides: bind_user_directories
# Required-Start:
# Required-Stop:
# Should-Start: $named
# Default-Start: 0 2 3 4 5 6 (I guess...)
# Default-Stop: 1
# Short-Description: mount --bind for a user
# Description: runs mount --bind command for certain pre-defined directories for a specific user
### END INIT INFO
# What is this?
DESC="bind_user_directories"
# See how we were called.
case "$1" in
start)
log_progress_msg "bind directories for user..."
sudo mount --bind /source/path /target/path
log_progress_msg "done: bind directories for user"
;;
stop)
log_progress_msg "umount --bind directories for user..."
sudo umount /target/path
log_progress_msg "done: unbind directories for user"
;;
restart)
$0 stop
sleep 1
$0 start
;;
*)
#log_success_msg "Usage: bind_user_directories {start|stop|restart}"
log_success_msg "Usage: service bind_user_directories <start|stop|restart>"
exit 1
;;
esac
exit 0
Step 2. save bind_user_directories.sh and make it executable:
chmod a+x bind_user_directories.sh
Step 3. link it to a suitable location such as /usr/local/sbin:
sudo ln -s bind_user_directories.sh /usr/local/sbin/bind_user_directories.sh
Step 4. create the upstart script:
sudo emacs /etc/init/bind_user_directories.conf
contents:
description "runs mount --bind command for certain pre-defined directories for a specific user"
start on filesystem and net-device-up IFACE!=lo
stop on runlevel [!023456]
console output
respawn
respawn limit 10 5
exec /usr/local/sbin/bind_user_directories.sh start
If this works for you, please let me know. You can check system log for messages after logging in. (I didn't test it yet and I have never implemented anything like this before.) If you improve to the solution, please share your final solution here. Thanks.
Related videos on Youtube
Antonio Sánchez
Updated on September 18, 2022Comments
-
Antonio Sánchez over 1 year
Much like
/etc/profile
and~/.profile
but ran by root instead of the user is doing login./etc/rc.local
runs after boot but I need running the script before login. The user is not a sudoer one.Thanks!
-
Eliah Kagan over 12 yearsThere may be a way to do this, but it wouldn't be like
/etc/profile
or~/.profile
because running code in those scripts is done by the user's shell and is subject to control of the user, whereas if you don't want the user to have the power to run programs asroot
themselves, then this will have to be done by some running service external to the user's processes. ...It might help if you could tell us the purpose of the script you want to run. -
Antonio Sánchez over 12 yearsI need to perform one specific (--bind) mount for one specific user. I have tried fstab with owner and user options, but it does not work. /etc/rc.local is one option but it always performs the mount whether the user logs in or not. I have currently granted sudoer privileges for 'mount' to the user, but this is a workaround and don't like granting any privileges to standard users. I think I will use rc.local instead. Thanks!
-
enzotib over 12 yearsYou could create a root script with only that particular
mount
command, and give to the user the privilege to run only that script (configuring/etc/sudoers
). A command with given options can be set directly insudoers
. -
Antonio Sánchez over 12 yearsI have already tried that way. The thing is that when the time comes for running 'mount' inside the script, again 'sudo' is mandatory, because the script is ran by 'user' and not by 'root', so at the end of the day 'mount' must be granted too for 'user' and instead of just one only sudoers rule now I have two. This is my experience, so please, bear in mind tha I'm not an expert and maybe I have done something wrong. Thanks!
-
-
Eliah Kagan over 12 yearsBut what Antonio Sánchez is looking for is how to make a script run as
root
at the time a particular user logs in. -
Antonio Sánchez over 12 yearsThe script must run independently the session is graphic or standard shell. I have updated the title to remark this. I have read something about Upstart, but it looks complicated for the (apparently) simple task it is. Anyway and up to now Upstart seems to be the only way to do it. If you know Upstart, would it be difficult to learn enough as to get this job done? Thanks!
-
Adam Ryczkowski about 10 yearsYes, it works! It is a great alternative to the
mdm
s/etc/mdm/PostLogin/
scripts in Ubuntu's world!! -
Adam Ryczkowski over 7 yearsDo you have any similar solution in systemd?... Cf. askubuntu.com/questions/847930/…