Hi.

I'm just writing a script that adds a new User in Linux, samba, mysql and in a record in a mysql-db. This script obviously has to be run as root. I am aware of the security issues when saving a root password in a bash variable, but I guess typing it over and over again isn't much less secure. And this post isn't about the security aspect, so please try and help me with the real question.

In a pure bash environment I can use the following code to look if I'm root, and if not, restart the same script with "su"



This will cause su to ask the user for the password.

Now I want to run this in a graphical environment. Of course, I can use "kdesu" instead of "su", but I'm not sure, kdesu is even there. But there is zenity. Now I tried:


But su responds with "standard in must be a tty".

sudo on the other hand doesn't seem to have the same problem, so e.g. in Ubuntu this works fine, as the user is always a sudoer. But by default sudo isn't installed in Mandriva 2008 and the user is no sudoer, so my script won't work on the servers I maintain without installing and configuring sudo first or installing kdesu...

So: Is there any way to execute a bash script as a user, having zenity ask for the root PW and execute something with this PW which is stored in a variable?

Thanks a lot.

PeterPanic

Try using gksu/gksudo or an existing GUI password dialog box (there's a couple more, a gnome one and a kde one at least) that's designed for this.

Yes, but is any of them installed with every Mandriva - no matter what window manager I use?

And... doest that mean, there's no way to use su? The other thing is: I'd like to run some commands as root and some as a normal user, so if I could use su I could just issue one command as root and the otherone normally. Perhaps I'll use sudo and configure it from a bash script... :-( Hmmm...

consolehelper is the system Mandriva tools use for this. You can create a command that, when run as normal user, will automatically prompt for root's password and then run with root privileges. If X is active it will pop up a GUI password prompt, at a console it'll just ask for it at the console.

Perhaps you could use "expect"…

Ah, thanks a lot, both of you. I'll look that up.

Some things that are worth pointing out:

There is a user group called 'wheel' that will be present on every Mandriva install. There is also the 'sudo' utility which allows certain commands to be run as root by ordinary users. This is configured by running 'visudo' as root. One approach to your scripting problem would be:

1. Add all of the users that need to be able to use your script into the 'wheel' group

2. Use 'visudo' and uncomment the line which allows members of the 'wheel' group to run any command without having to enter the root password

3. At the start of your script have something like this:



This allows you to restrict script execution to members of the wheel group.

It's not best practice in terms of security to give a bunch of users free rein over your system, which is essentially what I'm suggesting here that you do!

A better solution would be to have a read through the man pages for the sudo and visudo commands and see if you can work out how to add a group of your own and have the members of that group restricted to running only a limited number of commands, i.e. only the commands that are executred inside your script.