linux - sudo command with equal sign (=) gets confused for environment variable
2014-07
redood
I'm trying to run various commands through sudo, where the equal sign (=) is a part of the command. Under certain cases, it seems that sudo confuses that sign for setting and environment variable.
I see this in sudo(8) man:
Environment variables to be set for the command may also be passed on the command line in the form of VAR=value...
This is a problem for me, for example, if I try to run a command like:
sudo -i "cd /tmp; /usr/bin/hadoop fs -D dfs.replication=2 -ls"
It actually goes into a root shell instead of executing the command, since the command is misinterpreted. I see this in sudo.log:
Apr 29 16:11:40 : my_user : TTY=pts/7 ; PWD=/home/my_user ; USER=root ; ENV=cd /tmp; /usr/bin/hadoop fs -D dfs.replication=2 -ls ; COMMAND=/bin/bash
As you can see, the command is actually misinterpreted as trying to set ENV.
If I remove the preceeding cd /tmp; it will work. However, for some of my stuff, I have to run a cd command or something similar first.
This seems to be because of the equal sign which causes sudo to think I'm setting ENV. If I remove the equal sign (i.e. remove -D dfs.replication=2 ), then it works, and logged correctly:
Apr 29 16:08:46 : my_user : TTY=pts/7 ; PWD=/home/my_user ; USER=root ; COMMAND=/bin/tcsh -c cd /tmp; /usr/bin/hadoop fs -ls
So my question is: How do I escape this = character, and/or get sudo read the command as a whole command, instead of thinking an equal sign is setting an environment variable?
Thanks much!
daBeamer
Try executing a shell command via sudo rather than passing one directly. For example, do something like:
sudo bash -c "cd /root; ls -al"
Of course, this is a silly example since one could simply execute sudo ls -al /root, but hopefully it gets the point across.
Executing a shell command is much more explicit than passing one to sudo using the -i flag since that will execute the shell assigned to the root user on a given system. Furthermore, any potential issues with login resource files of the root user are avoided.
Bash (or your preferred shell) should parse out the = character properly. I went ahead and tested this on my end for completeness and didn't encounter any issues. If not, however, just escape the = by prefacing it with a \ character.
Jichao
On busy days, I'd like to run
$ ./configure && make && sudo make install && halt
on the night and go to bed, hoping the application would automatically be installed. But what I see the next day is the screen where sudo asks me for the password. So how could I run sudo with password in one command line, or is there any other method to do this?
John T
Yes, use the -S switch which reads the password from STDIN:
$echo <password> | sudo -S <command>
So for your case it would look like this:
$./configure && make && echo <password> | sudo -S make install && halt
of course, replace <password> with your password.
CarlF
You could replace your command line with this:
$sudo su
$./configure && make && make install && halt
You will be prompted for your password immediately, then the rest of the commands will run as superuser.
Natim
You could also configure sudo with visudo to allow you user to use make as sudo without password.
User_Alias USERS = your_user
Cmnd_Alias CMDS = /usr/bin/make
USERS ALL = (ALL) NOPASSWD: CMDS
Keith Thompson
Several of the other solutions have the disadvantage that they unnecessarily run ./configure and make as root.
This is a bit convoluted, but it should work:
sudo sh -c "su $USER -c ./configure && su $USER -c make && make install && halt"
Note the use of double quotes to allow $USER to be expanded by the (non-root) shell.
I might also add a sleep 60 before the halt command. I've sometimes done things like this, expecting the command to run for a long time, but something goes wrong and it terminates immediately; the sleep lets me kill the command before the system shuts down. Or you can use shutdown with a time argument.
TimE.
Setting up sudo like that is dangerous if someone happened to see the fact that sudo requires no password on your account. Unless you know what you are doing, don't do that. I've had it happen at my local A+ Training program with my experimental computer one too many times... -_-
What John T. said sounds good though, except there still is the risk of finding the password in shell history. What CarlF said sounds better, but if one command fails, the computer will still be running with superuser privileges.
desgua
If you want to take more care, you could make a script, change the permissions of the file so only root can read and edit and then just run it.
Example:
1) Create a file:
gedit ~/.easy.install
2) Paste this and save:
./configure && make && echo <password> | sudo -S make install && halt
3) Make it executable:
sudo chmod +x ~/.easy.install
4) Change the permissions of the file so only root can read and edit it:
sudo chmod 700 ~/.easy.install
5) Run:
~/.easy.install
Enjoy ;-)
Janar
Personally I do quite the same as John T answered on Nov 9 '09 at 2:47, I've also improved mine according to guidance of his answer, thanks.
Difference is that I tend make use of variables, something like:
AutoSuDo=$" $echo pass | sudo -S";
# Change AutoSuDo to something else.
# Note that string starts with space,
# useful only if used as first command in line
In that way I can easily use mine variable instead of sudo,
$AutoSuDo apt-get update;
That comes quite handy with some longer scripts. I mainly make use of these for personal computers of others, that I have to maintain.
I also recommend to pay attention on:
- desgua answer on Apr 19 '11 at 23:56
- user224306 comment on May 14 '13 at 17:38 for John T answer on Nov 9 '09 at 2:47