2

I need to run a bunch of scripts (with sudo) that use a single file.sh as a configuration file for all. Initially I've put the file.sh in /etc/profile.d and when I ran the scripts as root everything was ok (because when I connected to the machine it first sourced the file.sh and all vars in that file were available) but now, for security reasons, I need to run them with another user with sudo rights.

When running with sudo the "configuration file" in /etc/profile.d does not get sourced even if I'm root and do sudo - it's the same.

Using "sudo -E" is not an option, also this kind of solution "Defaults env_keep += "ftp_proxy http_proxy https_proxy no_proxy"" does not work for me as the vars in the file change a lot and it's easier to throw a file, with all the vars, in a location - like /etc/profile.d/ - instead to adding options to /etc/sudoers.

Later Edit (working):

Moved original sudo command to sudo.orig. Created a new sudo bash script

[root@NS1 bin]# cat sudo
#!/bin/bash
source /etc/profile.d/set_env_vmdeploy.sh
sh /usr/bin/sudo.orig "$@"

and gave it permissions

[root@NS1 bin]# chmod 4111 sudo
[root@NS1 bin]# ll sudo*
---s--x--x 1 root root     78 May  7 13:42 sudo
---s--x--x 1 root root 123832 Jul 31  2014 sudo.orig
Mogsdad
  • 44,709
  • 21
  • 151
  • 275
ady8531
  • 689
  • 5
  • 13
  • 24
  • Do you mean `than to modify other files` ? –  May 07 '15 at 10:10
  • I don't understand you question. I need some variables stored in a file.sh to be sourced/available when I run "sudo some_script.sh". – ady8531 May 07 '15 at 11:03
  • So you mean `then`? Sorry, it's just people use them interchangably and it completely changed the meaning of the sentence. –  May 07 '15 at 11:07
  • I guess you could put a wrapper around `sudo`... http://stackoverflow.com/questions/24200924/run-a-script-only-at-shutdown-not-log-off-or-restart-on-mac-os-x/24202568#24202568 – Mark Setchell May 07 '15 at 11:28
  • It's really hard to read code and output in comments. Please click `edit` underneath your original question and update it with any new, relevant information. – Mark Setchell May 07 '15 at 11:48
  • 2
    You didn't pass the arguments through from the wrapper to the original... `exec /usr/bin/sudo.orig "$@"` – Mark Setchell May 07 '15 at 12:00
  • Also, I am not sure that `exec` is actually the correct way to invoke `sudo.orig` in your case, since that *replaces* the current process into which you have sourced the environment. I know I used `exec` in the script I linked to, but that was different. Maybe you just need to run `sudo.orig` here, rather than `exec` it. – Mark Setchell May 07 '15 at 12:54

1 Answers1

4

If you want sudo to execute all the profile scripts in the child shell, you can tell it to invoke the shell as a login shell: sudo -i /usr/local/bin/my_script.sh. (Note that the child shell will start with the working directory set to /root, and also that this may have other unintended side effects.)

Alternatively, invoke bash explicitly with a command parameter: sudo /bin/bash -c "source ./config.sh; ./real_script.sh".

ajd
  • 982
  • 1
  • 8
  • 19
  • What I needed was what @Mark Setchell suggested – ady8531 May 09 '15 at 15:12
  • I would say that the method I suggest is significantly cleaner than renaming the sudo executable - among other things, it won't break next time you do an apt/yum update that overwrites your sudo binary. – ajd May 11 '15 at 02:32
  • I agree with you but for what I need it (tens of shell commands) it's easier than modifing all the commands by adding stuff at the end. I'm running sudo with ansible - so implementing your solution for this specific case would be an ton of work for me with adding -c "source /file.sh" for each shell command. Thanks – ady8531 May 11 '15 at 08:01