0

I have the following alias in my .bashrc file,

alias genpass="tr -dc A-Za-z0-9 </dev/urandom | head -c 13 ; echo ''"
alias savepass='echo "$1: $(genpass)" >> .secret'
alias getlastpass='tail .secret -n 1

the intention of this alias is to generate a password and later being able to retrieve the last one. I'm storing the passwords in a file called .secret with the following permissions,

-rw------- 1 root root 92 Sep 17 12:48 .secret

so in a way that only root user can read and write the file.

So the problem that I'm facing here is the following one, when I try to run

sudo savepass

is returning me

bash: .secret: Permission denied

Which I assume is because when this alias is not been executed as root, which is the owner of this file.

I don't know how to solve this, so any help is welcome, and any criticism related to this form of storing password is also welcome. My final goal is to be able to store password from the terminal and be able to retrieve it later, in a save way. If you know a better way to do this, just let me know, it will also be a valid answer. Just keep in mind that I want to do this from the terminal without installing any fancy program, just bash script.

Gealber
  • 463
  • 5
  • 13
  • 1
    For decades, the `!alias` factoid in the bash IRC channel boiled down to "If you have to ask, use a function instead". It's sound advice; aliases have a lot of limitations and pitfalls that using a function instead avoids. – Charles Duffy Sep 17 '21 at 11:27
  • 1
    ...unlike aliases, functions can be exported through the environment. They can also be converted to textual form, so to pass one through `sudo`, you can use `sudo bash -c "$(declare -f yourfunction)"'; yourfunction "$@"' _ arg1 arg2 arg3...` to run `yourfunction arg1 arg2 arg3` in a shell started by `sudo`. – Charles Duffy Sep 17 '21 at 11:28

1 Answers1

1

If your unprivileged user can alter the file, why do you store it with root permissions? This does not give you any benefit. Store the file with the user id of the user who needs to read and write it and stop using sudo.

The problem in your solution is, that echo is run with root permissions. But the redirection is still done by the shell running the sudo. And that shell does not have root permissions.

If you still want to keep your approach, you have to run tee -a by sudo. For this you have to put the sudo in the alias. But now it might be better to write a function instead of an alias.

savepass () {
  echo "$1: $(genpass)" | sudo tee -a .secret
}

Btw: if you want to store your passwords in clear text files, use the netrc syntax, used by other tools, too.

Charles Duffy
  • 280,126
  • 43
  • 390
  • 441
ceving
  • 21,900
  • 13
  • 104
  • 178
  • Extremely useful answer, I wasn't aware of netrc syntax and also your explanation of why I'm having this issue is also correct. Thanks – Gealber Sep 17 '21 at 11:24
  • 2
    Shouldn't that bee `tee -a`, instead of `tail`? And re: using a function instead of an alias - this makes sense, because `$1` in an alias doesn't work. It's not possible to use positional parameters in aliases. – Benjamin W. Sep 17 '21 at 11:25
  • You are right @BenjaminW. the final solution would be ```savepass () { echo "$1: $(genpass)" | sudo tee -a .secret }```, just changing ```tail``` by ```tee```, it was maybe a typo of the person who answer the question. Doesn't allow me to propose an edit on the answer, because I'm just changing tail by tee, is a change less than 6 characters, so I hope someone read the comments. – Gealber Sep 17 '21 at 11:41
  • @BenjaminW. Yes tail was a typo. – ceving Sep 20 '21 at 06:40