Clever Geek Handbook

Bash - Sudo authentication using stdin and EOF

I'm having trouble authenticating with sudo -S

, bash -c

and EOF

.

In this code below:

  • 1st sudo

    ok
  • 2nd authentication sudo

    ok but not with expected result
  • 3rd authentication sudo

    ok but not with expected result
  • 4th authentication sudo

    ok but I can't see to write the file
  • 5th sudo

    cannot authenticate

-

#!/bin/bash

pass="my_pass\n"
#echo -e $pass

ssh -T my_user@my_server << EOF
    whoami
    pwd
    echo $HOSTNAME
    (sleep 3; echo -e $pass; sleep 3) | sudo -S -u batchuser whoami
    (sleep 3; echo -e $pass; sleep 3) | sudo -S -H -u batchuser bash -c "pwd"
    (sleep 3; echo -e $pass; sleep 3) | sudo -S -u batchuser bash -c "echo $HOSTNAME"
    (sleep 3; echo -e $pass; sleep 3) | sudo -S -u batchuser bash -c "touch test"
    (sleep 3; echo -e $pass; sleep 3) | sudo -S -u batchuser bash -c << TEST1
        sleep 10; echo -e $pass; sleep 3
        whoami
        pwd
    TEST1
EOF

Output: 

my_user@my_pc> ./test_ssh.sh
my_user@my_server password:              <-- I wrote the password here
my_user
/home/my_user
my_pc                                      <-- It not 'my_server'
Mot de passe de my_user: batchuser
Mot de passe de my_user: /home/my_user     <-- It not '/home/batchuser'
Mot de passe de my_user: my_pc             <-- It not 'my_server'
Mot de passe de I86671: touch: cannot touch `test': Permission denied
Mot de passe de my_user: Sorry, try again.
Mot de passe de my_user: Sorry, try again.
Mot de passe de my_user: Sorry, try again.
sudo: 3 incorrect password attempts
my_user@my_pc>

Do you know how I can pass the password using EOF

?
And why is bash -c

n't the output as expected?

+3


source to share


1 answer


The first problem is that in HereDocument, by default, environment variables are expanded in the calling shell. You can prevent this behavior by using "EOF"

quotation marks as the initial delimiter or escaping type variables \$HOSTNAME

. You should seriously read man bash

about Here Documents

. It's like three short paragraphs.

The problem with the second sudo is that although it is used -H

that only $HOME

installs the envvar but does not change the directory. "cd; pwd"

has to work it out.

From man sudo

:

-H, --set-home

Request the security policy to set the HOME environment variable to the home directory specified in the target user's database entry. Depending on the policy, this may be the default behavior.

The third sudo can be more problematic as this variable is nested even deeper. It \$HOSTNAME

will be the same for these, but for other envvars, you may need to put together a bunch of backslashes to protect them. Think about it \\\$UID

.



As for touch test

, you have to change directory somewhere where you have permission to write this file or handle permissions in some way.

The problem with the last sudo is that both pipe and HereDoc are set stdin

for both command sudo

and not for bash

, so some are messed up. Here's what you want:

(sleep 3; echo -e $pass; sleep 3) | sudo -S -u batchuser bash -c "
    whoami
    pwd
"

The last minor thing is that (imho) writing your code like this can improve readability as it is sleep

also not optional:

<<<$pass  sudo -S -p "" bash -c "cd; pwd"
+1


source






More articles:


All Articles