Why 2>/dev/null isnt't working?

Question

I want to ask the user for sudo password at the beggining of my script and then make a test if this password is correct before running the rest of the script.

So after searching a while, I got this test script:

SUDO_PWD=whatever
sudo -k   # <- So I can test it
echo $SUDO_PWD | sudo -Svp '' 2>/dev/null 
sudo_response=$(SUDO_ASKPASS=/bin/false sudo -A whoami @>/dev/null) 
if [ "$sudo_response" = "root" ]; then 
    echo "sudo" 
else  
    echo "no sudo" 
fi

But both messages appear in console even with @>/dev/null redirection. Why ?

Do you realize that echo $SUDO_PWD will show the password to anyone and everyone able to run ps?!?! — Andrew Henle, Nov 14 '22 at 12:55
Would it not be easier to let the user run your script with sudo? That way it's not you and your script that is asking the user for their password and storing it in a variable, but sudo. — Kusalananda, Nov 14 '22 at 12:58
@AndrewHenle not in this case. I've added an answer with the complete script. Run it and you'll see. The pipe redirects echo output to sudo command and it's not shown in the terminal. I also tested for some functionality I may not be aware of with sleep infinity in the end and watch ps -eF | grep <mysudopassword> and it didn't show anything. If there some ps option that may expose the password, please let me know. :) — Nelson Teixeira, Nov 15 '22 at 07:22
@roaima I think that @> /dev/null should redirect all outputs (error and stdout) to /dev/null. Isn't that it ? — Nelson Teixeira, Nov 15 '22 at 07:28
@Kusalananda You're correct. I mixed up @ and &. Thanks for pointing that up. — Nelson Teixeira, Nov 15 '22 at 07:39
NelsonTeixeira indeed just as Kusalanander wrote, you need &> not @> — Chris Davies, Nov 15 '22 at 08:01

score 5 · Accepted Answer · edited Nov 15 '22 at 08:43

5

If you want to not have any output (ie. no std output & no errors), you need to use redirections like that:

your_command > /dev/null 2>&1
your_command &> /dev/null

For showing only errors and discard standard output:

your_command > /dev/null

And to show only standard output and discard errors:

your_command 2> /dev/null

edited Nov 15 '22 at 08:43

Chris Davies

116,213
16
160
287

answered Nov 14 '22 at 12:51

ramius

853

Thanks. I could make it work with your explanation :) – Nelson Teixeira Nov 14 '22 at 22:01
I made some edits to clarify your answer. It wasn't imediately obvious to me. Let's see if other people users aprove my edit. :) – Nelson Teixeira Nov 14 '22 at 22:04
1

Yes no problem, thanks for your clarifications. I'm happy this helps you ! – ramius Nov 15 '22 at 06:25

score 0 · Answer 2 · answered Nov 15 '22 at 07:15

In case someone gets interested in the final version of the check sudo password script, I'll leave it here:

#!/bin/bash
echo "Informe superuser password:"
. getpass.sh
echo ""
sudo -k
echo $PASSWORD | sudo -Svp '' 2> /dev/null
SUDO_ANSWER=$(SUDO_ASKPASS=/bin/false sudo -A whoami 2> /dev/null)
if [ "$SUDO_ANSWER" != "root" ]; then
    echo "Invalid superuser password. Exiting."
    exit
fi
echo "Sudo password correct. Excuting rest of the script."

getpass.sh is a bash script I got a long time ago in the internet, that gets a password in the terminal echoing asterisks instead of chars. For the sake of completeness I'll leave the code here:

#!/bin/bash
stty -echo
CHARCOUNT=0
while IFS= read -p "$PROMPT" -r -s -n 1 CHAR
do
    # Enter - accept password
    if [[ $CHAR == $'\0' ]] ; then
        break
    fi
    # Backspace
    if [[ $CHAR == $'\177' ]] ; then
        if [ $CHARCOUNT -gt 0 ] ; then
            CHARCOUNT=$((CHARCOUNT-1))
            PROMPT=$'\b \b'
            PASSWORD="${PASSWORD%?}"
        else
            PROMPT=''
        fi
    else
        CHARCOUNT=$((CHARCOUNT+1))
        PROMPT='*'
        PASSWORD+="$CHAR"
    fi
done
PROMPT=""
stty echo

Your own question is "why?". This answer does not answer the question. — Kamil Maciorowski, Nov 15 '22 at 07:37

Why 2>/dev/null isnt't working?

2 Answers2