2

I have a shell script as given below.

#!/bin/bash
sudo -u testuser -H sh -c "
mkdir /usr/local/testdir;
if [ $? -eq 0 ];then
    echo "Successfull";
else
    echo "Unsuccessfull";
fi
"

I have given privileges to user testuser to execute shell script with sudo, but without asking password.For this I add the below line in /etc/sudoers file,

testuser ALL=(ALL) NOPASSWD: ALL

And it works fine that, I could run commands with sudo, but without asking password. But the above shell script always giving out put ass follows,

mkdir: cannot create directory `/usr/local/testdir': Permission denied
Successfull

And it is not creating directory testdir inside /usr/local. Please advice me what modification shall I need to do to work this script fine.

Thanks.

Improve this question
4
  • ok, so as far as I can see this has nothing to do with sudo. Simply the user doesn't have the right to create the directory. Are you familiar with unix file permissions? Commented Jul 29, 2013 at 9:06
  • But, I can create directory in that location with command sudo mkdir /usr/local/testdir, that is without prompting password ! Commented Jul 29, 2013 at 9:36
  • Note that you should restrict NOPASSWD sudo access to individual scripts only, otherwise anyone getting access to that user's account basically becomes root... Commented Nov 18, 2013 at 13:16
  • this question illustrates the difference between sudo make-me-a-sandwich vs sudo -u honey make-me-a-sandwich; the former will always succeed; the latter may or may not. Commented May 6, 2015 at 23:43

1 Answer 1

Reset to default
4

Two problems:

1.) You told:

sudo -u testuser -H ...

what's mean: run the command as testuser, and he doesn't has permissions to write into the /usr/local therefore you getting permission denied.

When you remove the -u testuser, the command will run as root (as default) (without password for the testuser) and will create the directory.

Seems, you simply misunderstand how the sudo and /etc/sudoers works. The -u user mean

-u user' The -u (user) option causes sudo to run the specified command as a user other than root. To specify a uid instead of a user name, #uid. When running commands as a uid, many shells require that the '#' be escaped with a backslash ('\'). Security policies may restrict uids to those listed in the password database. The sudoers policy allows uids that are not in the password database as long as the targetpw option is not set. Other security policies may not support this.

2.) second problem the Successfull message.

You're using double quotes for sh -c. The Variable expansion is done BEFORE the sh -c even starts. So use single quotes, and will get the correct Unsuccessfull message:

sudo -u testuser -H sh -c '
mkdir /usr/local/testdir
if [ $? -eq 0 ];then
    echo "Successfull";
else
    echo "Unsuccessfull";
fi
'

and use the next as a solution:

sudo -H sh -c '
mkdir /usr/local/testdir
if [ $? -eq 0 ];then
    echo "Successfull";
else
    echo "Unsuccessfull";
fi
'
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thanks you very much. This worked for me. I am a very beginner in shell scripting. Need to learn lot.Thanks again.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.