Bash Scripting: Require script to be run as root (or with sudo)

Question

I'm trying to write a bash script (in Ubuntu) that will backup a directory using tar.

How can I do a check in the script so that it can only be run as root (or with sudo)?

For instance, if a user runs the script, it should say that this script must be run with sudo privileges, and then quit. If the script is executed as root, it will continue past the check.

I know there has to be an easy solution, I just haven't been able to find it by googling.

Recently, I've seen things like systemd elevate privileges automatically with user password entered. I'd be interested in an answer that can not only alert the user they don't have the needed permissions, but offer to elevate it for them instead of forcing a restart. — flickerfly, Feb 05 '21 at 18:40

Scott Pack · Accepted Answer · 2009-07-08T18:06:07.580

50

To pull the effective uid use this command:

id -u

If the result is ‘0’ then the script is either running as root, or using sudo. You can run the check by doing something like:

if [[ $(/usr/bin/id -u) -ne 0 ]]; then
    echo "Not running as root"
    exit
fi

edited Jul 08 '09 at 18:06

answered Jul 08 '09 at 17:36

Scott Pack

14,717
10
51
83

7

I'd recommend fully-qualifying the path to id (e.g., /usr/bin/id). Otherwise a devious user could write their own script/binary that always returns 0 and then put it in a location that exists earlier in the executing users' path. – ktower Jul 08 '09 at 17:57
Agreed. Fixing with an edit. – Scott Pack Jul 08 '09 at 18:05
8

Anyone 'devious' trying to run the script won't be stopped by you using the full path to id. – theotherreceive Jul 08 '09 at 18:14
I agree with theother... it's a bash script. Qualifying the 'id' bin won't stop anyone who is seriously intent on getting around the check anyway. Better to leave it unqualified for portability. – Chris Jul 22 '09 at 11:37
2

This doesn't address the "sudo" requirement. – GregB May 09 '12 at 18:14

Brent · Answer 2 · 2009-07-08T17:55:37.587

21

I assume you know that by changing the ownership to root

chown root:root file

and setting the permissions to 700

chmod 700 file

you will accomplish the same thing - without the suggestion to run as sudo.

But I will post this answer for completeness.

edited Jul 08 '09 at 17:55

answered Jul 08 '09 at 17:43

Brent

22,219
19
68
102

4

This is a more appopriate solution than the accepted answer. - My $0.02 – Chris Jul 22 '09 at 11:38
Side note: checking the script into git becomes harder. To fix, `sudo git add ` – Chaim Eliyah Oct 30 '16 at 21:35

neuhaus · Answer 3 · 2021-11-29T13:54:25.160

9

The bash variable $EUID shows the effective UID the script is running at, if you want to make sure the script runs as root, check wether $EUID contains the value 0 or not:

if [[ $EUID -ne 0 ]]; then
    echo "$0 is not running as root. Try using sudo."
    exit 2
fi

This is better than the solution with /usr/bin/id (for bash scripts!) because it doesn't require an external command.

edited Nov 29 '21 at 13:54

answered Mar 24 '15 at 13:56

neuhaus

191
1
4

2

Instead of just exiting, could prompt the user for sudo login by replacing the `echo` line with `sudo "$0" "$@"`, and replace `exit 2` with `exit $?`. – schumacher574 Apr 15 '15 at 20:35
Good idea. However the question asked for a script that quit, not ran sudo by itself. – neuhaus Dec 06 '19 at 10:07

score 2 · Answer 4 · answered Jul 08 '09 at 18:02

What is your objective here, to inform the user that they should run the script as root or as some kind of security precaution?

If you just want to inform the user than any of the uid suggestions are fine, but they're as useful as tyres on a horse as a security precaution - there's nothing to stop a user from copying the script, taking out the if statement, and running it anyway.

If this is a security issue then the script should be set to 700, owned by root:root, so that it is not readable or executable by any other user.

Or, it could be the script requires access to files or commands only accessible to root in order to carry out its work, as in my case — chrisbunney, Sep 30 '11 at 15:01

score 2 · Answer 5 · answered Jul 22 '09 at 09:12

2

You can use whoami command as well.

if [ ! "`whoami`" = "root" ]
then
    echo "\nPlease run script as root."
    exit 1
fi

answered Jul 22 '09 at 09:12

Kiril

261
1
2
7

Actually the uid 0 is the special user account with full privilege. "root" is simply the most common label/name mapped to that UID. It doesn't *have* to be 'root' and an attacker may try to exploit this. – 0xSheepdog Jul 21 '16 at 20:11

score 0 · Answer 6 · answered Aug 13 '16 at 20:55

0

One simple way to make the script only runnable by root is to start the script with the line:
#!/bin/su root

answered Aug 13 '16 at 20:55

alexandre1985

205
1
2
7

score -1 · Answer 7 · answered May 15 '17 at 18:12

-1

"#!/bin/su root" allows users in super user mode to run the script without using the root password. If you want super users to run the script with results that of root, this does that.

answered May 15 '17 at 18:12

Lynnux

1

Bash Scripting: Require script to be run as root (or with sudo)

7 Answers7