2

I'm trying to install a cronjob to run a bash shell script on a relative's machine. They will run the install and I can't access it remotely yet (that's what my script is for - but that's not the issue here). I use kdialog to request their root password and then want to use that to sudo various commands. My code below is failing by a) revealing the root p/w on the terminal and b) failing to pipe it to the various sudos. Help?

#!/bin/bash
kdialog --password "Please enter your root password to install theCronScript.sh and set up cron"

# Sanity checks =========================================╕
if test -z "$BASH" ; then
        printf "$SCRIPT:$LINENO: please run this script with the BASH shell\n">&2
        exit 192
fi
#========================================================╛

# Global variables=======================================╕
PW="$?"
THISDIR="$(pwd)"
GETIPFILE='theCronScript.sh'
CRONPERIOD='/15 *   *   *   *   '
TARGETCRONDIR='/etc/cron.hourly'
#========================================================╛
echo "hi"

# txt file exists check =================================╕
echo "Checking:"
if [ ! -f "$THISDIR/$GETIPFILE" ]; then #there's no file to install
  kdialog --msgbox "I cannot find $GETIPFILE to upload\nPlease check attachments in recent e-mails from Greg and download $GETIPFILE to $THISDIR"
  exit
else
  if [ -f "$TARGETCRONDIR/$GETIPFILE" ]; then #the target already exists
    kdialog --title "Replace or Keep" --warningyesno "A similar file already exists.\n Do you want to replace it (recommended)?\n(The original file will be saved with a different name _OLD)"
    if [ $? = 0 ]; then # rename, then replace the existing file
      #echo $PW is probably unneccessary beyond the first use but just in case...
      RNGETIPFILE=$GETIPFILE'_OLD'
      echo $PW | sudo -S mv $TARGETCRONDIR/$GETIPFILE $TARGETCRONDIR/$RNGETIPFILE #rename original file
      echo $PW | sudo -S cp $THISDIR/$GETIPFILE $TARGETCRONDIR/$GETIPFILE #copy new version in
      echo $PW | sudo -S chmod +x $TARGETCRONDIR/$GETIPFILE #
      echo $PW | sudo -S crontab -l > mycron #write out current crontab
      echo $PW | sudo -S echo $CRONPERIOD   $TARGETCRONDIR >> mycron #echo new cron into cron file
      echo $PW | sudo -S crontab mycron  #install new cron file
      rm mycron
      $PW="" #clear password variable once it's no longer required
    else # Don't replace, exit
      exit
    fi
  else # Nothing to replace. Just copy it in
      echo $PW | sudo -S "cp $THISDIR/$GETIPFILE $TARGETCRONDIR/$GETIPFILE" #copy new version in
      echo $PW | sudo -S chmod +x $TARGETCRONDIR/$GETIPFILE # make sure it's executable
      echo $PW | sudo -S crontab -l > mycron #write out current crontab
      echo $PW | sudo -S echo $CRONPERIOD   $TARGETCRONDIR >> mycron  #echo new cron into cron file
      echo $PW | sudo -S crontab mycron #install new cron file
      rm mycron
      $PW="" #clear password variable once it's no longer required
  fi
fi

exit 0
#========================================================╛
4

1 回答 1

2

sudo一种选择是通过外部 GUI在命令中直接询问密码。从sudo手册页:

 -A, --askpass
             Normally, if sudo requires a password, it will read it from the user's terminal.  If the -A (askpass) option is specified, a (possibly graphical)
             helper program is executed to read the user's password and output the password to the standard output.  If the SUDO_ASKPASS environment variable is
             set, it specifies the path to the helper program.  Otherwise, if sudo.conf(5) contains a line specifying the askpass program, that value will be
             used.  For example:

                 # Path to askpass helper program
                 Path askpass /usr/X11R6/bin/ssh-askpass

             If no askpass program is available, sudo will exit with an error.

如果sudo是缓存凭据,它只会询问此密码一次。我用来缓存的一种方法是,除了缓存密码之外没有副作用:

export SUDO_ASKPASS=/usr/bin/ssh-askpass
sudo --askpass true

根据您正在运行的发行版,ssh-askpass可能在其他地方。StackExchange 上有一个示例,说明如何使用它kdialog来获取sudoaskpass 的密码。作为参考,这里是脚本:

$ cat myaskpass.sh 
#!/bin/bash
kdialog --password "Please enter your password: "
exit 0

以及如何使用它:

export SUDO_ASKPASS=/path/to/myaskpass.sh
sudo --askpass true
于 2014-11-25T15:07:42.920 回答