Why echo 'password' | sudo -S sudo -s does not work whereas echo 'password' | sudo -S mount -a works?

Robert Heller heller at deepsoft.com
Mon Feb 8 13:23:35 UTC 2021 

At Mon, 08 Feb 2021 13:37:51 +0100 "Ubuntu user technical support, not for general discussions" <ubuntu-users at lists.ubuntu.com> wrote:

> 
> Content-Type: text/plain
> 
> hi,
> Am Montag, den 08.02.2021, 11:29 +0800 schrieb 孙世龙 sunshilong:
> > > 
> > I hope to change the (effective) user as root and then execute
> > several(maybe, a lot) commands that normal could not handle, e.g:
> > chown.
> > 
> 
> are you aware that sudo (at least in Ubuntu) keeps the elevated
> privileges for 15min ? 

This is a standard / default behaiour, not specific to Ubuntu.

> 
> if you have a script with a ton of sudo calls only the first one will
> ask for the password, so as long as all your sudo related steps are
> done within 15min you should be fine without such echo hackery ...

Even better, just run the whole srcipt with sudo -- example:

gollum% df -h /scratch
Filesystem                        Size  Used Avail Use% Mounted on
/dev/mapper/vg_newgollum-scratch   40G   32G  5.6G  86% /scratch
gollum% cat procs/resizelvm.sh 
#!/bin/bash
mdev=`umount -v $1|awk '{print $1}'`
#echo "mdev=$mdev"
e2fsck -f -C 0 -p $mdev
lvresize -L$2 $mdev
resize2fs -p $mdev
e2fsck -f -C 0 -p $mdev
mount -v $1
gollum% sudo procs/resizelvm.sh /scratch +5G

> 
> in general it is not so clever from a security POV to store a user
> password in a shell variable or in cleartext on disk and it is also
> often considered malicious/rude behaviour to exec root stuff without
> the user knowing ... 
> 
> ... that said, what you really want in such cases is to use the
> SUDO_ASKPASS variable (that *must* point to a separate script) and
> "sudo -A" to make your sudo calls use it...
> 
> Create a script to ask the password (myaskpass.sh) i.e. for a graphical
> popup:
> 
> ---
> #!/bin/bash
> zenity --password --title=Authentication
> ---
> 
> Then make sure to have this export line at the beginning of your script
> and call sudo with -A:
> 
> ---
> export SUDO_ASKPASS="/path/to/myaskpass.sh"
> 
> sudo -A <command>
> ---
> 
> ciao
> 	oli

-- 
Robert Heller             -- Cell: 413-658-7953 GV: 978-633-5364
Deepwoods Software        -- Custom Software Services
http://www.deepsoft.com/  -- Linux Administration Services
heller at deepsoft.com       -- Webhosting Services

More information about the ubuntu-users mailing list