不再是根被使用sudo运行的脚本中间 [英] Stop being root in the middle of a script that was run with sudo

问题描述

有是命令的列表，只有当它们与须藤 pfaced $ P $成功。结果
还有另一个命令列表，只有当用户运行他们没有须藤成功。

There is a list of commands that only succeed when they are prefaced with sudo.
There is another list of commands that only succeed when the user runs them without sudo.

我想从同一个脚本执行所有这些命令。结果
我想，以避免执行以下操作：

I want to execute all of these commands from the same script.
I'd like to avoid having to do the following:

#!/usr/bin/env bash
sudo sudo_command_one;
sudo sudo_command_two;
sudo sudo_command_three;
non_sudo_command;
sudo sudo_command_four;

这样做的理由，是因为须藤有超时，并且这些命令可能会需要很长的时间。我不想与具有偶尔重新输入sudo的密码所累。我也许可以延长超时须藤的无限期，但也未尝我会preFER避免，如果有一个更简单的方法。

The reason for this, is because sudo has a time-out, and these commands will likely take a long time. I don't want to be burdened with having to re-type the sudo password occasionally. I could perhaps extend the time-out of sudo indefinitely, but that is also something I would prefer to avoid if there is an easier way.

所以，我要像这样运行脚本：

Therefore, I'm going to run the script like this:

sudo ./script

但是，这将prevent从工作的非sudo的命令。结果
什么是我需要缺少的命令：

But this will prevent the non-sudo commands from working.
What are the missing commands I need:

#!/usr/bin/env bash
sudo_command_one;
sudo_command_two;
sudo_command_three;
[turn sudo off for a moment]
non_sudo_command;
[ok, turn sudo back on]
sudo_command_four;

不幸的是，命令的顺序不能重新排列，这样我运行所有命令sudo的第一，其次是所有的非sudo的命令（反之亦然）。

Unfortunately, the order of the commands cannot be rearranged so that I run all the sudo commands first, followed by all the non-sudo commands(or vice versa).

推荐答案

在脚本中须藤运行，使用：

In a script run by sudo, use:

su -c "shell command; shell command" $SUDO_USER 

这脚本来执行命令，谁调用sudo的用户正常范围内。

within that script to execute commands as the normal user who invoked sudo.

这工作，因为须藤设置环境变量 SUDO_USER 原来的用户名。

This works because sudo sets the environment variable SUDO_USER to the original username.

如果你有一大堆命令来作为原始用户运行，你可以使用一个hereis文档。

If you have a bunch of commands to run as the original user, you could use a hereis document.

下面是一个示例脚本文件作为概念验证：

Here is an example script file as proof of concept:

myscript.sh

myscript.sh

#!/bin/bash
echo "Part 1"
echo "now running as:"
whoami
echo "SUDO_USER is:"
echo $SUDO_USER
su $SUDO_USER <<EOF
echo "Part 2"
echo "now running as:"
whoami
echo "SUDO_USER is:"
env | grep ^SUDO_USER
sleep 5
EOF
echo "Part 3"
echo "now running as:"
whoami
echo "SUDO_USER is:"
echo $SUDO_USER

和这里的一对须藤./myscript.sh

Part 1
now running as:
root
SUDO_USER is:
paul
Part 2
now running as:
paul
SUDO_USER is:
SUDO_USER=paul
Part 3
now running as:
root
SUDO_USER is:
paul

警告：这种技术并不嵌套sudo的工作这么好。如果须藤嵌套的两倍，例如

Warning: This technique doesn't work so well with nested sudo. If sudo is nested twice, e.g.

sudo su

echo $SUDO_USER
---> me

sudo su
echo $SUDO_USER
---> root

SUDO_USER将返回根，而不是原来的用户名。然后通过su $ SUDO_USER将保持以root身份运行。要小心避免这种情况，它应该工作正常。

SUDO_USER will return root, not the original username. su $SUDO_USER would then keep running as root. Be careful to avoid that scenario, and it should work ok.

这篇关于不再是根被使用sudo运行的脚本中间的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！