How to send sudo password in a shell script

Question

My shell script (don't have EXPECT, and is not possible) runs a shell script impersonating another user. Let's say the following script is named toto1.sh and is run with a user called MYUSERNAME1.

#!/bin/sh
su - MYUSERNAME2 ./app/sh/toto2.sh

My script stops, prompting a password request...

How can I send the password for MYUSERNAME2?

Consider setting up passwordless sudo for this particular case. — simlev, Sep 14 '18 at 10:37
I can not, security question. I'm really stuck with the command su — ercey, Sep 14 '18 at 13:10
I do not have the right, the script is invoked by an external application that does not have to have full rights ... — ercey, Sep 14 '18 at 14:46
As a general rule, it is better to avoid writing password down inside scripts. — simlev, Sep 14 '18 at 14:52
i know it, but this is my last solution ... how can I do it? — ercey, Sep 14 '18 at 15:04

score 4 · Answer 1 · answered Sep 14 '18 at 15:24

4

If you have sudo available, the solution has already been posted in a number of places:

echo <password> | sudo -S -u <user> <command>

From man sudo:

-S, --stdin Write the prompt to the standard error and read the password from the standard input instead of using the terminal device. The password must be followed by a newline character.

answered Sep 14 '18 at 15:24

simlev

3,782
3
14
33

1

"The password must be followed by a newline character." - Useful info for scripts! – SurpriseDog Jul 06 '20 at 00:42

score 2 · Answer 2 · answered May 26 '21 at 08:25

Approach 1 - Read from file

You can save the password in a read-only file for the user and pass the contents to the sudo command.

This will avoid password being stored in shell history

# Save the password in the hidden file
echo "password" > ~/.password

# Update the permissions to allow only the user to read it
chmod 400 ~/.password 

# Pass the password over STDIN to sudo
☠ cortex ☠ [~] cat ~/scripts/login_file.sh
cat ~/.password | sudo -S su

# Execute the script
☠ cortex ☠ [~] bash ~/scripts/login_file.sh 
[sudo] password for cortex: 
☠ cortex ☠ [~]

Approach 2 - Save to temporary environment variable

With this approach, you need to enter on the shell or in the script.

☠ cortex ☠ [~] cat ~/scripts/login.sh 
my_password='password'                  # SET PASSWORD
echo "$my_password" | sudo -S su        # INVOKE sudo WITH PASSWORD

Combine with the script

Use any of the approaches mentioned above and authenticate sudo Then invoke the commands with root access.

☠ cortex ☠ [~] cat ~/scripts/login.sh 
# SET PASSWORD
my_password='password'

# INVOKE sudo WITH PASSWORD
echo "$my_password" | sudo -S su;

# INVOKE COMMANDS WITH ROOT ACCESS
sudo -i <<'EOF'
    echo "Now i am $(whoami)"
    echo "$(id)"
EOF

☠ cortex ☠ [~] bash ~/scripts/login.sh 
[sudo] password for cortex: Now i am root
uid=0(root) gid=0(root) groups=0(root)

Cut the clutter with `ALIAS`

Make the sudo to internally get the password and authenticate itself. You need not require to input the password over STDIN every time

# Create the alias with the Approach 1
☠ cortex ☠ [~] echo "alias sudo=\"cat ~/.password | sudo -S\"" >> ~/.bashrc 

# OR Create the alias with the Approach 2
☠ cortex ☠ [~] echo "alias sudo=\"echo \"password\" | sudo -S\"" >> ~/.bashrc 

# Re-load the environment
☠ cortex ☠ [~] . ~/.bashrc 

# Use sudo directly - No need to pass on password everytime
☠ cortex ☠ [~] sudo whoami
root

How to send sudo password in a shell script

2 Answers2

Approach 1 - Read from file

Approach 2 - Save to temporary environment variable

Combine with the script

Cut the clutter with ALIAS

Cut the clutter with `ALIAS`