Question

0

Run shell script as root user while being a regular user

rated 0 times [ 0] [ 0] / answers: 1 / hits: 553 / 2 Years ago, sun, april 10, 2022, 11:19:58

My goal: I have a bash script that needs to be run as a root user in a way that wouldn't be killable by a regular user--me. However, as a regular user, I need to be able to start the script (there might be cases where this unkillable script shouldn't be executed).

Is there a way to achieve it?

I imagine the following workflow: I log in to my regular account, execute the bash script, which then starts a specific program. This program becomes unkillable by me because it was started from an administrator account.

The way I do it now: I log in to my regular user, do su admin and insert a complicated password, and run the program in unattached way (i.e. with &). I then close the terminal and continue with the opened program and go on with my day.

What I tried: grant my user rights to execute the script created by the admin, but this of course makes me able to kill the script afterwards, since I own that process. I would like that the process would be owned by another user..

Answers

Only authorized users can answer the question. Please sign in first, or register a free account.

ranquctive

Add To Favorites

Follow

Total Points: 391

Total Questions: 103

Total Answers: 104

Location: South Sudan

Member since Thu, Feb 4, 2021

3 Years ago

ranquctive questions

1 Setting up the $DISPLAY environment variable on WSL2 to use Qt software

Wed, Jul 6, 22, 19:44, 2 Years ago

1 Dell Precision 3660 shuting down for overheating

Sun, Nov 21, 21, 22:40, 3 Years ago

1 Gnome shell restart is not working in Ubuntu 22.04 using ALT+F2

Thu, Oct 14, 21, 08:23, 3 Years ago

1 How do I check if command failed... with a pipe?

Sun, Apr 3, 22, 17:43, 2 Years ago

1 Battery life limitation with Ubuntu 20.04 and AMD

Thu, Mar 3, 22, 03:08, 2 Years ago

View All

answered 2 Years ago ndeecru · Accepted Answer

You could write a helper script and have it executed every 1 minute via root's crontab. This would act as a bridge between root and the regular user.

bridge.sh

#!/bin/bash



FILENAME="/tmp/starter-file-with-unique-name"



if [ -f $FILENAME ] ;

then

    /usr/bin/specific-program

    rm $FILENAME

    ## you could do some logging here if you want

fi

Now your regular used just needs to create that starter file (eg. touch /tmp/starter-file-with-unique-name). Within the next 60 seconds, cron will execute bridge.sh, which will detect the starter file and then execute the specific program.

crontab entry example

* * * * * /usr/local/bin/bridge.sh

Can't wait up to 60 seconds?

If you want to have your specific program started immediately, you can add a loop to bridge.sh, with something like sleep 1. In this case root should not execute the script every 1 minute, but only once, maybe use @reboot in crontab, or create a systemd service for it.