Bash - Sudo authentication using stdin and EOF
I'm having trouble authenticating with sudo -S
, bash -c
and EOF
.
In this code below:
- 1st
sudo
ok - 2nd authentication
sudo
ok but not with expected result - 3rd authentication
sudo
ok but not with expected result - 4th authentication
sudo
ok but I can't see to write the file - 5th
sudo
cannot authenticate
-
#!/bin/bash
pass="my_pass\n"
#echo -e $pass
ssh -T my_user@my_server << EOF
whoami
pwd
echo $HOSTNAME
(sleep 3; echo -e $pass; sleep 3) | sudo -S -u batchuser whoami
(sleep 3; echo -e $pass; sleep 3) | sudo -S -H -u batchuser bash -c "pwd"
(sleep 3; echo -e $pass; sleep 3) | sudo -S -u batchuser bash -c "echo $HOSTNAME"
(sleep 3; echo -e $pass; sleep 3) | sudo -S -u batchuser bash -c "touch test"
(sleep 3; echo -e $pass; sleep 3) | sudo -S -u batchuser bash -c << TEST1
sleep 10; echo -e $pass; sleep 3
whoami
pwd
TEST1
EOF
Output:
my_user@my_pc> ./test_ssh.sh
my_user@my_server password: <-- I wrote the password here
my_user
/home/my_user
my_pc <-- It not 'my_server'
Mot de passe de my_user: batchuser
Mot de passe de my_user: /home/my_user <-- It not '/home/batchuser'
Mot de passe de my_user: my_pc <-- It not 'my_server'
Mot de passe de I86671: touch: cannot touch `test': Permission denied
Mot de passe de my_user: Sorry, try again.
Mot de passe de my_user: Sorry, try again.
Mot de passe de my_user: Sorry, try again.
sudo: 3 incorrect password attempts
my_user@my_pc>
Do you know how I can pass the password using EOF
?
And why is bash -c
n't the output as expected?
source to share
The first problem is that in HereDocument, by default, environment variables are expanded in the calling shell. You can prevent this behavior by using "EOF"
quotation marks as the initial delimiter or escaping type variables \$HOSTNAME
. You should seriously read man bash
about Here Documents
. It's like three short paragraphs.
The problem with the second sudo is that although it is used -H
that only $HOME
installs the envvar but does not change the directory. "cd; pwd"
has to work it out.
From man sudo
:
-H, --set-home
Request the security policy to set the HOME environment variable to the home directory specified in the target user's database entry. Depending on the policy, this may be the default behavior.
The third sudo can be more problematic as this variable is nested even deeper. It \$HOSTNAME
will be the same for these, but for other envvars, you may need to put together a bunch of backslashes to protect them. Think about it \\\$UID
.
As for touch test
, you have to change directory somewhere where you have permission to write this file or handle permissions in some way.
The problem with the last sudo is that both pipe and HereDoc are set stdin
for both command sudo
and not for bash
, so some are messed up. Here's what you want:
(sleep 3; echo -e $pass; sleep 3) | sudo -S -u batchuser bash -c "
whoami
pwd
"
The last minor thing is that (imho) writing your code like this can improve readability as it is sleep
also not optional:
<<<$pass sudo -S -p "" bash -c "cd; pwd"
source to share