I want to know why my script won't run as root on Ubuntu 22.04. I want that it does it regardless of the user that executes it, without asking for any kind of authentication. This script should run all its commands as it were the root user, but only the real root user will be able to read it or write on it. To achieve that goal I've followed the instructions that I've found on this post :
Is there a way to make a shell script always run as root
So,this is what I did :
1) I've placed on /etc/xdg/autostart the desktop file called : check-nvidia-audio.desktop,with this content inside (and chmod +x) :
[Desktop Entry]
Version=1.0
Type=Application
Name=check_kernel
GenericName=Check the kernel version and unbind the NVIDIA audio driver
Comment=Check the kernel version and unbind the NVIDIA audio driver
Exec=sudo check-kernel
Icon=applications-biology
Path=/usr/sbin
Terminal=false
StartupNotify=false
2) on /usr/sbin,the script called check-kernel,with this content inside (and chmod +x) :
if [ "`id -u`" -ne 0 ]; then
echo "Switching from `id -un` to root"
exec sudo "$0"
exit 99
fi
Lets check the kernel version
function kernel-check() {
CURRENT_KERNEL_VERSION=$(uname --kernel-release | cut --delimiter="-" --fields=3-4)
echo CURRENT_KERNEL_VERSION = $CURRENT_KERNEL_VERSION
if [ "${CURRENT_KERNEL_VERSION}" = "liquorix-amd64" ]; then
echo "Kernel in use is already patched with the ACS patch and each NVIDIA audio device works great"
exit
else
echo "Kernel in use is not patched with the ACS patch so I have to unbind each NVIDIA audio device from its driver"
audio_device_list=( $(/usr/bin/iommu_viewer.sh | grep "Audio device.: NVIDIA" | awk '{ print $3 }' ) )
audio_group_list=( $(/usr/bin/iommu_viewer.sh | grep "Audio device.: NVIDIA" | awk '{ print $2 }' ) )
echo "audio nvidia gpu n. 1 =" ${audio_device_list[0]}
echo "audio nvidia gpu n. 2 =" ${audio_device_list[1]}
echo "iommu group nvidia gpu n. 1 =" ${audio_group_list[0]}
echo "iommu group nvidia gpu n. 2 =" ${audio_group_list[1]}
Lets check the audio of the nvidia gpu
if [ ${audio_group_list[0]} -eq ${audio_group_list[1]} ]; then
for audio_device in "${audio_device_list[@]}"
do echo "$audio_device" > "/sys/bus/pci/devices/$audio_device/driver/unbind"
done
fi
fi
}
kernel-check
3) this is how it looks my /etc/sudoers file :
Defaults env_reset
Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"
Defaults use_pty
Cmnd alias specification
ALL ALL = NOPASSWD: /usr/sbin/check-kernel
User privilege specification
root ALL=(ALL:ALL) ALL
Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
See sudoers(5) for more information on "@include" directives:
@includedir /etc/sudoers.d
When I reboot the PC nothing happens and when I try to execute the script manually,this is what happens :
:~$ check-kernel
Switching from ziomario to root
[sudo] password di ziomario:
or
:~$ sudo check-kernel
[sudo] password di ziomario:
this is a not an expected behavior. It should not ask for the password,since on the sudoers file,I have specified :
ALL ALL = NOPASSWD: /usr/sbin/check-kernel
it seems that it ignores it totally. Furthermore,this behavior does not respect what has been said here :
Is there a way to make a shell script always run as root
specifically this assuption :
Option B: let only that script to be run with sudo.
ALL ALL = NOPASSWD: /usr/local/bin/reset-swap
You would then call it as sudo reset-swap rather than reset-swap
If you get fancy, the script could elevate itself if it wasn't run as root, letting it be run without specifying the sudo prefix :
#!/bin/sh
if [ "`id -u`" -ne 0 ]; then
echo "Switching from `id -un` to root"
exec sudo "$0"
exit 99
fi
swapoff /dev/sdb
shred -n0 -z /dev/sdb
mkswap /dev/sdb
swapon /dev/sdb
Can you imagine where could be the mistake ? thanks.
NB1 : the links provided don't help me,because they propose to do :
myusername ALL = (root) NOPASSWD: /path/to/my/program
unfortunately for my project I can't fill my username there. This because I don't know what it is. I'm creating a custom distro and only the user that will install it can know what will be the username. I tried to do something like this,but it didn't work :
echo $USER ALL = (root) NOPASSWD: /usr/sbin/check-kernel
NB2 : this seems to work great :
Defaults env_reset
Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"
Defaults use_pty
User privilege specification
root ALL=(ALL:ALL) ALL
Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
See sudoers(5) for more information on "@include" directives:
ALL ALL = NOPASSWD: /usr/sbin/check-kernel
@includedir /etc/sudoers.d
myusername ALL = (root) NOPASSWD: /path/to/my/program
unfortunately for my project I can't fill my username there. This because I don't know what it is. I'm creating a custom distro and only the user that will install it can know what will be the username. I tried to do something like this,but it didn't work :
echo $USER ALL = (root) NOPASSWD: /usr/sbin/check-kernel
– Marietto Oct 19 '22 at 14:07ALL ALL = NOPASSWD: /usr/sbin/check-kernelto the very end of thesudoersfile. – Kamil Maciorowski Oct 19 '22 at 14:18