123
40
On busy days, I'd like to run
$ ./configure && make && sudo make install && halt
on the night and go to bed, hoping the application would automatically be installed. But what I see the next day is the screen where sudo asks me for the password. So how could I run sudo with password in one command line, or is there any other method to do this?
Jichao
Posted 2009-11-09T02:37:00.447
Reputation: 5 245
185
Yes, use the -S switch which reads the password from STDIN:
$echo <password> | sudo -S <command>
So for your case it would look like this:
$./configure && make && echo <password> | sudo -S make install && halt
of course, replace <password> with your password.
John T
Posted 2009-11-09T02:37:00.447
Reputation: 149 037
You might want to use that if you have the password in a $VARIABLE (that you could have provision with sops for instance) – Natim – 2017-09-06T09:25:06.700
9 years later and still works like a charm :) – WinEunuuchs2Unix – 2018-09-23T21:20:25.857
looking for quick ways to run privileged commands on a remote host and this works thanks. – nelaaro – 2011-09-15T11:08:42.183
44Obviously, one would not want to run this if there is any danger of someone else seeing the password in the shell history. – Brett Daniel – 2009-11-09T03:16:10.337
15If you decided to use the 'echo <password> | sudo -S' option, to avoid exposing the password on the command history, start the command with a SPACE character. Of course, the best option is to pipe the password from a secure file. – Shannon Haworth – 2013-05-14T17:38:39.983
11
You could also configure sudo with visudo to allow you user to use make as sudo without password.
User_Alias USERS = your_user
Cmnd_Alias CMDS = /usr/bin/make
USERS ALL = (ALL) NOPASSWD: CMDS
Natim
Posted 2009-11-09T02:37:00.447
Reputation: 1 531
I figured out no need to declare aliases. Add my_user ALL=(ALL) NOPASSWD: /usr/bin/your_command is OK. Remember to add it to the end to overwrite other configs. – Junle Li – 2020-01-20T12:38:42.633
10
Several of the other solutions have the disadvantage that they unnecessarily run ./configure and make as root.
This is a bit convoluted, but it should work:
sudo sh -c "su $USER -c ./configure && su $USER -c make && make install && halt"
Note the use of double quotes to allow $USER to be expanded by the (non-root) shell.
I might also add a sleep 60 before the halt command. I've sometimes done things like this, expecting the command to run for a long time, but something goes wrong and it terminates immediately; the sleep lets me kill the command before the system shuts down. Or you can use shutdown with a time argument.
Keith Thompson
Posted 2009-11-09T02:37:00.447
Reputation: 4 645
10
You could replace your command line with this:
$sudo su
$./configure && make && make install && halt
You will be prompted for your password immediately, then the rest of the commands will run as superuser.
CarlF
Posted 2009-11-09T02:37:00.447
Reputation: 8 576
8an alternate (and probably preferred) version of this: sudo sh -c "./configure && make && make install && halt" – quack quixote – 2009-11-09T03:51:52.763
2But then wouldn't all the generated compile files have the superuser permissions? This would prevent you from running ./configure && make as a regular user later. – user45909 – 2013-08-04T23:35:20.400
Yes, user45909, you're quite right. I have personally never rerun ./configure && make except after downloading an update of the main package anyway, but I'm probabably not typical. – CarlF – 2013-08-06T19:48:18.783
9
Set HISTIGNORE to "sudo -S"
$ export HISTIGNORE='*sudo -S*'
Then pass your password safely to sudo:
$ echo "your_password" | sudo -S -k <command>
"HISTIGNORE" means to not save this command into the history. That is the history in memory or "~/.bash_history" file.
For example, the below will safely pipe your password to the sudo command, without retaining a history of your password.
“-S”, means to use stdin for the password,
“-k” means to ignore cached credentials to force sudo to always ask. This is for consistent behavior.
$ export HISTIGNORE='*sudo -S*'
$ echo "<your_password>" | sudo -S -k whoami
$ echo "<your_password>" | sudo -S -k cat /etc/shadow
$ echo "<your_password>" | sudo -S -k bash /tmp/myscript.sh
The downside to the above method is that if you want to see the commands you ran in the history later on they won't be there. Another method is to update the sudo authentication credential cache (default is enabled with 5 minutes timeout), then run the sudo separately. But the downside of this is that you'll need to be aware of the 5 minute cache.
For example:
$ export HISTIGNORE='*sudo -S*'
$ echo "<your_password>" | sudo -S -v
$ sudo whoami
$ echo "<your_password>" | sudo -S -v
$ sudo cat /etc/shadow
$ echo "<your_password>" | sudo -S -v
$ sudo /tmp/myscript.sh
Note I ran a sudo before each command to ensure that the sudo cache is updated, as the default is 5 mintues. Yes, whoami shouldn't take 5 minutes, but I figure might as well have it run before each command for consistency. You could also put "export HISTIGNORE='sudo -S'" in your ~/.bashrc file, then load it with ". ~/.bashrc" or logoff then login. However, I'm thinking using this for scripting purposes, so I'll keep it at the top of all my scripts for best security practices. Setting "echo "" | sudo -S -v" to a variable instead might also be a good idea, then just run the variable before each command that needs root privileges, see Janar's comment. "John T"'s comment should also include the "-k" parameter, as if you run "sudo -S" without "-k" and sudo authentication cache already has your credentials (and is still valid, default sudo authentication cache is 5 minutes) then bash will run your password as a command instead, which is bad.
user393365
Posted 2009-11-09T02:37:00.447
Reputation: 91
1Just as a small note on making things not available in the history, run your command with a single space at the front of it. For some reason this causes history to ignore it. – Matt Fletcher – 2017-08-02T08:20:19.440
5
You can do this too:
sudo -S <<< "password" command
Jahid
Posted 2009-11-09T02:37:00.447
Reputation: 161
only this one works for me in mac os. – Mehdico – 2019-09-19T19:30:19.383
4
Note, I've found that method doesn't work on an older version of sudo, specifically "Sudo version 1.6.7p5":
$ echo "<your_password>" | sudo -S -k whoami
Where as this method does work on older and new versions sudo:
$ echo "<your_password>" | sudo -S -v
$ sudo whoami
Darren DeHaven
Posted 2009-11-09T02:37:00.447
Reputation: 41
This is not an answer to the original question. To critique or request clarification from an author, leave a comment below their post - you can always comment on your own posts, and once you have sufficient reputation you will be able to comment on any post.
– DavidPostill – 2014-12-08T15:25:27.443@Darren DeHaven : Could you please explain how this become answer for the question asked here? – Renju Chandran chingath – 2014-12-08T15:50:04.203
2
If you want to take more care, you could make a script, change the permissions of the file so only root can read and edit and then just run it.
Example:
1) Create a file:
gedit ~/.easy.install
2) Paste this and save:
./configure && make && echo <password> | sudo -S make install && halt
3) Make it executable:
sudo chmod +x ~/.easy.install
4) Change the permissions of the file so only root can read and edit it:
sudo chmod 700 ~/.easy.install
5) Run:
~/.easy.install
Enjoy ;-)
desgua
Posted 2009-11-09T02:37:00.447
Reputation: 83
1echo <password> will still show up in the process list and if someone gets lucky with ps aux at the exact right moment, they can see the password in clear text. Better to save the password to a file and use < to redirect from the file into sudo. – bobpaul – 2018-04-18T17:26:19.010
1
Setting up sudo like that is dangerous if someone happened to see the fact that sudo requires no password on your account. Unless you know what you are doing, don't do that. I've had it happen at my local A+ Training program with my experimental computer one too many times... -_-
What John T. said sounds good though, except there still is the risk of finding the password in shell history. What CarlF said sounds better, but if one command fails, the computer will still be running with superuser privileges.
TimE.
Posted 2009-11-09T02:37:00.447
Reputation: 11
0
The problem is resolved. For example, to the user root:
echo -e 'password\npassword\n' | sudo passwd root
Jerson Martínez
Posted 2009-11-09T02:37:00.447
Reputation: 11
What does -e flag do, @jerson Martinez? – user674669 – 2019-04-25T18:00:23.277
1The -e flag for echo allows it to interpret certain sequences as having special meanings. – Jerson Martínez – 2019-04-26T15:03:38.757
0
Personally I do quite the same as John T answered on Nov 9 '09 at 2:47, I've also improved mine according to guidance of his answer, thanks.
Difference is that I tend make use of variables, something like:
AutoSuDo=$" $echo pass | sudo -S";
# Change AutoSuDo to something else.
# Note that string starts with space,
# useful only if used as first command in line
In that way I can easily use mine variable instead of sudo,
$AutoSuDo apt-get update;
That comes quite handy with some longer scripts. I mainly make use of these for personal computers of others, that I have to maintain.
I also recommend to pay attention on:
Janar
Posted 2009-11-09T02:37:00.447
Reputation: 33
Also see Prompt for sudo password and programmatically elevate privilege in bash script?, How to enter password only once in a bash script needing sudo, Request root privilege from within a script, Create a sudo user in script with no prompt for password..., How to prompt user for sudo password?, etc
– jww – 2018-03-30T17:55:12.450You need
haltto run as root. – Keith Thompson – 2012-08-08T06:54:35.1371Doesn't
sudohave a 15-minute timeout? Couldn't you run, say,sudo lsor something similar, enter your password, and then run the above command, havingsudoprivileges still active? (I can't test this at the moment, otherwise I'd post this as an answer.) – Matt – 2012-08-08T08:28:17.0902The timeout on
sudois configurable. Security-conscious people (aka paranoid, like me) set it to zero... :-) – dda – 2013-02-13T04:54:52.080