bash - Sudo as www-data, unable to cd

07
2014-07
  • user984976

    I have a .procmailrc setup which pipes emails into a script. The core of my problem is that the email is received as user 'magic', and the script that I need to process the email needs to be run as www-data.

    The mail is received as user 'magic', and the .procmailrc pipes it to:

    /home/magic/email_reader_passthru

    Within this file I have the following command:

    sudo -u www-data -s "cd /var/www/live/app && Console/cake emailReader"

    I have also given 'magic' the ability to sudo as 'www-data' in /etc/sudoers

    magic   ALL = (www-data) NOPASSWD:ALL

    However, I always end up with the error message:

    /bin/bash: cd /var/www/live/app && Console/cake emailReader: No such file or directory

    In testing, if I am logged into ssh as user magic and I try to execute:

    sudo -u www-data -s 'cd /var/www/live/app'

    I get the same problem, and I am unsure why. It seems like I can't perform cd from inside a sudo -s command?

    • Answers
  • LatinSuD

    It seems to me that -s behaviour is not well defined accross different distributions of sudo. You should probably specify a certain shell like sh this way:

    sudo -u www-data sh -c "cd /var/www/live/app && Console/cake emailReader"

    Explanation: that command above invokes sudo, which invokes shell sh, which parses these commands: cd /var/www/live/app && Console/cake emailReader


    • Related Question

    bash - Sudo - is there a command to check if I have sudo and/or how much time is left?
  • valadil

    (Originally posted on Stack Overflow. They suggested I try here instead. Here's the original post: http://stackoverflow.com/questions/3858208/sudo-is-there-a-command-to-check-if-i-have-sudo-and-or-how-much-time-is-left)

    See title. I want a command that lets me query sudo. Ideally it would return success if I still have sudo and false if sudo has expired. Getting the time left might also be useful (although if I was concerned I could just do sudo -v to revalidate.) Oh and it shouldn't have to ask for a password.

    The closest thing I've found is "sudo -n true", but the -n option is only present on my Centos 5 machine at work. -n fails if it has to ask for a password. Is there any other way to get this functionality? Assume I don't actually have root on all the machines I work with, so I can't install new versions of sudo to my liking.

    For what it's worth I'm doing this so I can get my prompt to indicate sudo status. I like knowing which terminals are actively sudo-able. I also have a prompt that changes colors when I'm root, but I don't use root very often so that's of limited use.


    • Related Answers
  • Xanny

    The -n option is available in newer versions of sudo, but as you stated that's not an option. There's no real way to do what you're looking for short of just trying sudo and seeing if it comes back with a password. If your concern is you want a visual indication, why not start do sudo /bin/bash to start a root bash session? Note that this is insecure, but it's also somewhat insecure if someone realizes your prompt changes on sudo.

  • wags007

    I know this is a really old question but here is I did in a script today:

    CAN_I_RUN_SUDO=$(sudo -n uptime 2>&1|grep "load"|wc -l)
if [ ${CAN_I_RUN_SUDO} -gt 0 ]
then
    echo "I can run the sudo command"
else
    echo "I can't run the Sudo command"
fi
  • chuenniger

    This is a simpler solution:

    # check root permissions
if [[ $UID != 0 ]]; then
    echo "Please start the script as root or sudo!"
    exit 1
fi
  • Dysaster

    According to the sudo manual, the sudo session is determined according to the time stamp file (/usr/lib/sudo/<username>), so you may be able to figure out how much time is left by checking the date/time of the time stamp file. However, in my system, the time stamp file is in fact a directory, and there are three files with cryptic content in them (and also some weird time stamps, but /usr/lib/sudo/<username> seemed to have a timestamp that coincided with the time I gave sudo my password. I think /usr/lib/sudo/<username>/0 has the time stamp of the most recent sudo execution.

  • Aquarius Power

    The command below will show a colored indication that you have sudo granted, so you remember to do a sudo -k before going away from the machine. It is useful also on non colored terminals.

    As we can have sudo active and inactive on different terminal sessions, I created this that you can put at the end of your ~/.bashrc

    function FUNCpromptCommand () { 
    sudo -n uptime 2>/dev/null 1>/dev/null
  local bSudoOn=`if(($?==0));then echo true; else echo false; fi`

    history -a; # append to history at each command issued!!!
    local width=`tput cols`;
    local half=$((width/2))
    local dt="[EndAt:`date +"%Y/%m/%d-%H:%M:%S.%N"`]";
  if $bSudoOn; then dt="!!!SUDO!!!$dt"; fi
    local sizeDtHalf=$((${#dt}/2))
    #printf "%-${width}s" $dt |sed 's" "="g'; 
    echo
    output=`printf "%*s%*s" $((half+sizeDtHalf)) "$dt" $((half-sizeDtHalf)) "" |sed 's" "="g';`

    local colorLightRed="\e[1;31m"
  local colorNoColor="\e[0m"
    if $bSudoOn; then
        echo -e "${colorLightRed}${output}${colorNoColor}"
    else
        echo -e "${output}"
    fi
}
export PROMPT_COMMAND=FUNCpromptCommand

    At terminal type bash to test it. It will also add a whole line each time you execute a command, that has the information of the time the last command ended, so you can go lunch and know when the last command ended :).

    You can play with this code to fit your needs. There is the PS1 variable also (that is the actual small prompt single line), but I think it is better to not mess with it.

  • Andreas Rehm

    How about the man page

    man sudo

    List your available commands:

    sudo -l

    sudo itself has no time or date limits... see:

    man sudo
man sudoers