Obtendo acesso a uma variável dentro de uma cláusula sudo em um script com EOF

Question

Obtendo acesso a uma variável dentro de uma cláusula sudo em um script com EOF

#1 resposta do (3 votos)
#2 resposta do (2 votos)

2

PROBLEMA:

Eu preciso ter uma variável aqui chamada $ user:

chown $user:$user "$HOME"/.bashrc

mas não tem acesso a ele de fora do sudo e EOF :

for user in "$@"
do
    if [ "$user" = root ]
    then
        continue
    fi
    sudo -i -u "$user" bash <<'EOF'
    sleep 5
    cp -f $CURRENTDIR/.bashrc "$HOME"/.bashrc
    chown $user:$user "$HOME"/.bashrc
    sleep 5
    chmod 644 "$HOME"/.bashrc
    sleep 5
    wget https://raw.github.com/trapd00r/LS_COLORS/master/LS_COLORS -O "$HOME"/.dircolors
    sleep 5
    echo 'eval $(dircolors -b $HOME/.dircolors)' >> "$HOME"/.bashrc
    . "$HOME"/.bashrc
EOF
done

PERGUNTA:

Como posso obter acesso ao $ user no meu script?

Aqui está o script completo:

#!/bin/bash -x

SCRIPTNAME='basename "$0"'

if [ "$#" -eq 0 ]
then
    echo "No arguments supplied"
    echo "Usage: $SCRIPTNAME user1name user2name\(optional\) user3name\(optional\)"
    sleep 10
    exit 27
fi

sleep 5
echo "Setting up server.........."
sleep 10

DIRBASHRCROOT="$HOME"/.bashrcroot
DIRBASHRC="$HOME"/.bashrc
#CURRENTDIR="./"
BASHRC=.bashrc
NANORC=.nanorc
BASHRCROOT=.bashrcroot
ROOT=root
USER1="$1"
USER2="$2"
USER3="$3"
USER_PROGRAMMER=""
SOURCE=sources.list
var=0
for i in "$@"
do
    if [ "$i" = root ]
    then
        break
    elif [ "$i" != root ]
    then
        var='expr $var + 1'
        if [ $var -eq 3 ]
        then
            USER_PROGRAMMER=root
        fi
    fi
done
if [ $USER_PROGRAMMER != "" ]
then
    echo "$USER_PROGRAMMER is set and ready!"
fi
sleep 5
echo "Please select/provide the port-number for ssh in iptables:"
read port
PORT=$port
################# Make my variable global for all ########################3↓
echo "export CURRENTDIR=\"/tmp/svaka\"" >> /root/.bashrc
touch /etc/profile.d/bashProgrammer.sh
echo "export CURRENTDIR=\"/tmp/svaka\"" >> /etc/profile.d/bashProgrammer.sh
. /root/.bashrc
. /etc/profile
. /etc/profile.d/bashProgrammer.sh
################ Users and access settings #####################

checkIfUser()
{
    for name in "$@"
    do
        if id -u "$name" #>/dev/null 2>&1
        then
            echo "User: $name exists....setting up now\!"
            sleep 5
        else
            echo "User: "$name" does not exists....creating now\!"
            useradd -m -s /bin/bash "$name" #>/dev/null 2>&1
            sleep 5
        fi
    done
}
checkIfUser $1 $2 $3
################33 user passwords
userPass()
{
    for i in "$@"
    do
        if [ "$i" = root ]
        then
            continue
        fi
        if [[ $(passwd --status "$i" | awk '{print $2}') = NP ]]
        then
            echo "$i doesn't have a password."
            echo "Changing password for $i:"
            echo $i:$i"YOURSTRONGPASSWORDHERE12345Áá" | chpasswd
            if [ "$?" = 0 ]
                then
                echo "Password for user $i changed successfully"
                sleep 5
            fi
        fi
    done
}
userPass $1 $2 $3
################################################ setting up iptables ####################3

cat << EOT >> /etc/iptables.test.rules
*filter

IPTABLES CODE HERE

COMMIT
EOT
sleep 5
iptables-restore < /etc/iptables.test.rules
sleep 5
iptables-save > /etc/iptables.up.rules
sleep 3
printf "#!/bin/bash\n/sbin/iptables-restore < /etc/iptables.up.rules" > /etc/network/if-pre-up.d/iptables
chmod +x /etc/network/if-pre-up.d/iptables
sleep 6
###################################################33 sshd_config
cp -f "$CURRENTDIR/sshd_config" /etc/ssh/sshd_config
sed -i "s/Port 34504/Port $PORT/g" /etc/ssh/sshd_config
chmod 644 /etc/ssh/sshd_config
/etc/init.d/ssh restart
#################################################3333 Remove or comment out DVD/cd line from sources.list

sed -i '/deb cdrom:\[Debian GNU\/Linux/s/^/#/' /etc/apt/sources.list
####################################################33 update system
apt update && apt upgrade -y
##########################################3 Disable login www #########
passwd -l www-data
###############################################################
############################# check if programs installed and/or install
if [ ! -x /usr/bin/git ] || [ ! -x /usr/bin/wget ] || [ ! -x /usr/bin/curl ] || [ ! -x /usr/bin/gcc ] || [ ! -x /usr/bin/make ]
then
    echo "Some tools with which to work with data not found installing now......................"
    apt install -y git wget curl gcc make
fi

#####################################################3 update sources.list
cp -f $CURRENTDIR/$SOURCE /etc/apt/sources.list
chmod 644 /etc/apt/sources.list
wget http://www.deb-multimedia.org/pool/main/d/deb-multimedia-keyring/deb-multimedia-keyring_2016.8.1_all.deb
dpkg -i deb-multimedia-keyring_2016.8.1_all.deb
wget -q https://www.virtualbox.org/download/oracle_vbox_2016.asc -O- | sudo apt-key add -
apt update && apt upgrade -y
apt install -y vlc vlc-data browser-plugin-vlc mplayer youtube-dl libdvdcss2 libdvdnav4 libdvdread4 smplayer mencoder
sleep 5
apt update && apt upgrade -y
sleep 5
#################################### firmware
apt install -y firmware-linux-nonfree firmware-linux
sleep 5
################ NANO SYNTAX-HIGHLIGHTING #####################3
if [ ! -d "$CURRENTDIR/nanorc"  ]
then
    if [ "$UID" != 0 ]
    then
        sudo -u "$ROOT" bash <<'EOF'
        sleep 5
        git clone https://github.com/nanorc/nanorc.git
        sleep 5
        cd nanorc
        make install-global
        sleep 5
        cp -f "$CURRENTDIR/.nanorc" /etc/nanorc
        chown root:root /etc/nanorc
        chmod 644 /etc/nanorc
        if [ "$?" = 0 ]
        then
            echo "Implementing a custom nanorc file succeeded\!"
        else
            echo "Nano setup DID NOT SUCCEED\!"
        fi
EOF
    else
        echo "Doing user: $USER....please, wait\!"
        git clone https://github.com/nanorc/nanorc.git
        sleep 5
        cd nanorc
        sleep 5
        make install-global
        sleep 5
        cp -f "$CURRENTDIR/$NANORC" /etc/nanorc
        chown root:root /etc/nanorc
        chmod 644 /etc/nanorc
        if [ "$?" = 0 ]
        then
            echo "Implementing a custom nanorc file succeeded\!"
        else
            echo "Nano setup DID NOT SUCCEED\!"
        fi
    fi
fi

echo "Finished setting up nano\!"
################ LS_COLORS SETTINGS #############################

if [ "$UID" != 0 ]
then
    echo "This program should be run as root, exiting\! now....."
    exit 1
   # sudo -i -u "$ROOT" bash <<'EOF'
   # BASHRCROOT=.bashrcroot
   # cp "$CURRENTDIR/$BASHRCROOT" "$HOME"/.bashrc
   # wget https://raw.github.com/trapd00r/LS_COLORS/master/LS_COLORS -O "$HOME"/.dircolors
   # echo 'eval $(dircolors -b $HOME/.dircolors)' >> "$HOME"/.bashrc
   # . "$HOME"/.bashrc
#EOF
else
    cp -f "$CURRENTDIR/$BASHRCROOT" "$HOME"/.bashrc
    chown root:root "$HOME"/.bashrc
    chmod 644 "$HOME"/.bashrc
    sleep 5
    wget https://raw.github.com/trapd00r/LS_COLORS/master/LS_COLORS -O "$HOME"/.dircolors
    sleep 5
    echo 'eval $(dircolors -b $HOME/.dircolors)' >> "$HOME"/.bashrc
    sleep 5
    . "$HOME"/.bashrc
fi
for user in "$@"
do
    if [ "$user" = root ]
    then
        continue
    fi
    sudo -i -u "$user" bash <<'EOF'
    sleep 5
    cp -f $CURRENTDIR/.bashrc "$HOME"/.bashrc
    chown $user:$user "$HOME"/.bashrc
    sleep 5
    chmod 644 "$HOME"/.bashrc
    sleep 5
    wget https://raw.github.com/trapd00r/LS_COLORS/master/LS_COLORS -O "$HOME"/.dircolors
    sleep 5
    echo 'eval $(dircolors -b $HOME/.dircolors)' >> "$HOME"/.bashrc
    . "$HOME"/.bashrc
EOF
done

echo "Finished setting up your system\!"
echo rm -rf /tmp/svaka

bash programming shell shell-script variable

por somethingSomething 01.09.2018 / 23:37

2 respostas

3

Você também pode usar sudo -Es e preservar o ambiente do usuário chamador. Por exemplo:

$ a=hi sudo -Es env | grep -i ^a=
a=hi

Por man sudo :

 -E, --preserve-env
             Indicates to the security policy that the user wishes to preserve their 
             existing environment variables.  The security policy may return an 
             error if the user does not have permission to preserve the environment.

 -s, --shell
             Run the shell specified by the SHELL environment variable if it is set 
             or the shell specified by the invoking user's password database entry.  
             If a command is specified, it is passed to the shell for execution via 
             the shell's -c option.  If no command is specified, an interactive 
             shell is executed.

por 02.09.2018 / 02:13

Tags bash programming shell shell-script variable

Como faço para criar uma função alias do emacs? Como ser notificado de atualizações de pacotes Debian sem usar o apt?

score 2 · Accepted Answer

Como uma solução geral, você pode passar variáveis de ambiente adicionais para um comando sudo usando possivelmente vários pares VAR=value na linha de comando a ser executada.

Neste caso específico, para passar a variável $user , você pode usar:

sudo -i -u "$user" user="$user" bash <<'EOF'
...
chown $user:$user "$HOME"/.bashrc
...
EOF

(Você também pode passar variáveis como $CURRENTDIR usando este método ao invés de empurrar isso através do rcfiles, já que parece que você está fazendo isso do resto do script.)

Você precisa de algumas permissões específicas para sudo para permitir que você defina variáveis de ambiente adicionais. Como esta seção da página do sudo afirma:

If the setenv option is set in sudoers, the command to be run has the SETENV tag set or the command matched is ALL, the user may set variables that would overwise be forbidden. See sudoers(5) for more information.