Script to use sudo in a terminal, gksudo otherwise?

0

I'd like to write a script that does an administration task, and I would like to be able to run it either from a terminal or not. If it runs in a terminal, even a graphical one, I'd like it to ask for the password using sudo. If it is run in some other way (for example Alt+F2 dialog), it should use gksudo. Any solutions?

Answer

Based on the below, this is what I came up with:

#!/bin/sh

SUDO="/usr/bin/sudo"

if [ -t 1 ]; then
  "$SUDO" "$@";
else
  gksudo -- "$SUDO" "$@";
fi

The slightly awkward case for gksudo is to ensure that the options are parsed by sudo and not gksudo, because they have different command-line options.

Ryan C. Thompson

Posted 2010-08-05T16:43:26.123

Reputation: 10 085

Answers

1

Examine the output of env when you're running from the terminal and when launched by the gui. My guess is that Gnome (or whatever window manager you're using) is adding an environment variable or two.

Another option is to check to see if there's a tty associated with it using if [ -t 1 ] as shown in this answer (note the caveats in the comments).

Doug Harris

Posted 2010-08-05T16:43:26.123

Reputation: 23 578

[ -t 1 ] seems to work. – Ryan C. Thompson – 2010-08-07T00:54:33.953

Just a note that you might be redirecting output, using tee or similar, and [ -t 1 ] would return true, which is not what you want. [ -t 0 ] seems more appropriate, since it checks stdin. – domen – 2013-02-21T19:06:48.973

1

I believe the more common method is to simply state that the script requires sudo to execute, as in:

sudo ./script_name.sh

In this way, the entire script is run with administrative privileges. If you think about it from the security model standpoint, there's no reason why a script that needs sudo for at least part of it, shouldn't just run with sudo. Otherwise, it's just a nuisance.

However, if you insist on using sudo for only certain parts, you can place sudo in your actual bash script and it will prompt for the password and wait for entry until it continues executing the script. After getting at least one sudo password entry, all subsequent sudos will retain the elevated privileges and not prompt for the password again. It will also leave you entire terminal session with elevated privileges for future sudo not executed within the script.

As for gksudo, I think an option is to tell the individual to use the alt-f2 run dialog, and instead of typing sudo script_name.sh, type gksudo and then click the "Run with file" button and have them navigate to and select the script file they need to run. I know it's cumbersome. Hopefully someone has a more elegant solution.

Jonathan

Posted 2010-08-05T16:43:26.123

Reputation: 1 122

2I disagree with the statement on security. The author might be confident to wrap a simple portion with sudo, but if he runs the whole script with sudo, then the entire script needs to be inspected and proven free of security errors on every edit. It's safer to just have sudo for the minimal subset of commands. – Rich Homolka – 2010-08-05T18:08:13.850

0

if [ "$DISPLAY" ]; then
    gksudo foo
else
    sudo foo
fi

Close enough.

user1686

Posted 2010-08-05T16:43:26.123

Reputation: 283 655

Asked: 2010-08-05T16:43:26.123

Viewed: 1 938 times

Active: 2010-08-07T01:00:51.863