How to make a script run commands as root

Question

I'm new to Ubuntu and bash scripts, but I just made runUpdates.sh and added this to my .profile to run it:

if [ -f "$HOME/bin/runUpdates.sh" ]; then
    . "$HOME/bin/runUpdates.sh"
fi

The problem I'm having is, I want the script to run as if root is running it (because I don't want to type my sudo password)

I found a few places that I should be able to do sudo chown root.root <my script> and sudo chmod 4755 <my script> and when I run it, it should run as root. But it's not...

The script looks good to me. What am I missing? -rwxr-xr-x 1 root root 851 Mar 23 21:14 runUpdates.sh*

Can you please help me run the commands in this script as root? I don't really want to change the sudors file, I really just want to run the commands in this script at root (if possible).

#!/bin/sh

echo "user is ${USER}"

#check for updates
update=`cat /var/lib/update-notifier/updates-available | head -c 2 | tail -c 1`;
if [ "$update" = "0" ]; then
        echo -e "No updates found.\n";
else
        read -p "Do you wish to install updates? [yN] " yn
        if [ "$yn" != "y" ] && [ "$yn" != "Y" ]; then
                echo -e 'No\n';
        else
                echo "Please wait...";
                echo `sudo apt-get update`;
                echo `sudo apt-get upgrade`;
                echo `sudo apt-get dist-upgrade`;
                echo -e "Done!\n";
        fi
fi

#check for restart
restartFile=`/usr/lib/update-notifier/update-motd-reboot-required`;
if [ ! -z "$restartFile" ]; then
        echo "$restartFile";
        read -p "Do you wish to REBOOT? [yN] " yn
        if [ "$yn" != "y" ] && [ "$yn" != "Y" ]; then
                echo -e 'No\n';
        else
                echo `sudo shutdown -r now`;
        fi
fi

I added the user is to debug, it always outputs my user not root, and prompts for the sudo password (since I'm calling the commands with sudo) or tells me are you root? (if I remove sudo)

Also, is there a way to output the update commands stdout in real time, not just one block when they finish?

(I also tried with the shebang as #!/bin/bash)

Answer 1

Its not safe to do, you should probably use sudoers but if you really need/want to, you can do it with something like this:

echo <root password> | sudo -S echo -n 2>/dev/random 1>/dev/random
sudo <command> 

This works because sudo doesn't require a password for a brief window after successfully being used.

SUID root scripts were phased out many years ago if you really want to run scripts as root you need to wrap them in an executable, you can see an example on how to do this on my blog: http://scriptsandoneliners.blogspot.com/2015/01/sanitizing-dangerous-yet-useful-commands.html

The example is how to change executable permissions and place a filter around other executables using a shell script but the concept of wrapping a shell script works for SUID as well, the resulting executable file from the shell script can be made SUID.

https://help.ubuntu.com/community/Sudoers

Answer 2

setuid does not work on shell scripts for security reasons. If you want to run a script as root without a password, you can edit /etc/sudoers to allow it to be run with sudo without a password.

To "update in real time", you would run the command directly instead of using echo.