bash - Sudo as www-data, unable to cd
2014-07
I have a .procmailrc setup which pipes emails into a script. The core of my problem is that the email is received as user 'magic', and the script that I need to process the email needs to be run as www-data.
The mail is received as user 'magic', and the .procmailrc pipes it to:
/home/magic/email_reader_passthru
Within this file I have the following command:
sudo -u www-data -s "cd /var/www/live/app && Console/cake emailReader"
I have also given 'magic' the ability to sudo as 'www-data' in /etc/sudoers
magic ALL = (www-data) NOPASSWD:ALL
However, I always end up with the error message:
/bin/bash: cd /var/www/live/app && Console/cake emailReader: No such file or directory
In testing, if I am logged into ssh as user magic and I try to execute:
sudo -u www-data -s 'cd /var/www/live/app'
I get the same problem, and I am unsure why. It seems like I can't perform cd from inside a sudo -s command?
It seems to me that -s
behaviour is not well defined accross different distributions of sudo. You should probably specify a certain shell like sh
this way:
sudo -u www-data sh -c "cd /var/www/live/app && Console/cake emailReader"
Explanation: that command above invokes sudo, which invokes shell sh
, which parses these commands: cd /var/www/live/app && Console/cake emailReader
(Originally posted on Stack Overflow. They suggested I try here instead. Here's the original post: http://stackoverflow.com/questions/3858208/sudo-is-there-a-command-to-check-if-i-have-sudo-and-or-how-much-time-is-left)
See title. I want a command that lets me query sudo. Ideally it would return success if I still have sudo and false if sudo has expired. Getting the time left might also be useful (although if I was concerned I could just do sudo -v to revalidate.) Oh and it shouldn't have to ask for a password.
The closest thing I've found is "sudo -n true", but the -n option is only present on my Centos 5 machine at work. -n fails if it has to ask for a password. Is there any other way to get this functionality? Assume I don't actually have root on all the machines I work with, so I can't install new versions of sudo to my liking.
For what it's worth I'm doing this so I can get my prompt to indicate sudo status. I like knowing which terminals are actively sudo-able. I also have a prompt that changes colors when I'm root, but I don't use root very often so that's of limited use.
The -n option is available in newer versions of sudo, but as you stated that's not an option. There's no real way to do what you're looking for short of just trying sudo and seeing if it comes back with a password. If your concern is you want a visual indication, why not start do sudo /bin/bash to start a root bash session? Note that this is insecure, but it's also somewhat insecure if someone realizes your prompt changes on sudo.
I know this is a really old question but here is I did in a script today:
CAN_I_RUN_SUDO=$(sudo -n uptime 2>&1|grep "load"|wc -l) if [ ${CAN_I_RUN_SUDO} -gt 0 ] then echo "I can run the sudo command" else echo "I can't run the Sudo command" fi
This is a simpler solution:
# check root permissions
if [[ $UID != 0 ]]; then
echo "Please start the script as root or sudo!"
exit 1
fi
According to the sudo manual, the sudo session is determined according to the time stamp file (/usr/lib/sudo/<username>
), so you may be able to figure out how much time is left by checking the date/time of the time stamp file. However, in my system, the time stamp file is in fact a directory, and there are three files with cryptic content in them (and also some weird time stamps, but /usr/lib/sudo/<username>
seemed to have a timestamp that coincided with the time I gave sudo my password. I think /usr/lib/sudo/<username>/0
has the time stamp of the most recent sudo
execution.
The command below will show a colored indication that you have sudo granted, so you remember to do a sudo -k
before going away from the machine. It is useful also on non colored terminals.
As we can have sudo active and inactive on different terminal sessions, I created this that you can put at the end of your ~/.bashrc
function FUNCpromptCommand () {
sudo -n uptime 2>/dev/null 1>/dev/null
local bSudoOn=`if(($?==0));then echo true; else echo false; fi`
history -a; # append to history at each command issued!!!
local width=`tput cols`;
local half=$((width/2))
local dt="[EndAt:`date +"%Y/%m/%d-%H:%M:%S.%N"`]";
if $bSudoOn; then dt="!!!SUDO!!!$dt"; fi
local sizeDtHalf=$((${#dt}/2))
#printf "%-${width}s" $dt |sed 's" "="g';
echo
output=`printf "%*s%*s" $((half+sizeDtHalf)) "$dt" $((half-sizeDtHalf)) "" |sed 's" "="g';`
local colorLightRed="\e[1;31m"
local colorNoColor="\e[0m"
if $bSudoOn; then
echo -e "${colorLightRed}${output}${colorNoColor}"
else
echo -e "${output}"
fi
}
export PROMPT_COMMAND=FUNCpromptCommand
At terminal type bash
to test it. It will also add a whole line each time you execute a command, that has the information of the time the last command ended, so you can go lunch and know when the last command ended :).
You can play with this code to fit your needs. There is the PS1 variable also (that is the actual small prompt single line), but I think it is better to not mess with it.
How about the man page
man sudo
List your available commands:
sudo -l
sudo itself has no time or date limits... see:
man sudo
man sudoers