If you're condemned to use sudo for systems administration on a daily basis you know the problem: working all the time with sudo is annoying. It's ok if you've got to enter sudo only here and there. But on some systems almost everything is only reachable via sudo.

At least it annoyed me, so I put the nightmare to an end. Autosudo consists of a couple of bash functions which - once enabled - learn each entered sudo command and create a temporary wrapper function for it so that you can leave "sudo" the next time you use the command. An example session:

[16.Jul 09:48:22] --- [~] ---
me@machine: % autosudo ena

[16.Jul 09:49:14] --- [~][autosudo]  ---
me@machine: % sudo less /var/log/splunk/ticket.log

+++ autosudo: added "less" to auto sudo commands +++

[16.Jul 09:50:32] --- [~][autosudo+1]  ---
me@machine: % less /var/log/splunk/ticket.log

[16.Jul 09:50:50] --- [~][autosudo+1]  ---
me@machine: % autosudo sh
+++ auto sudo enabled for:  less +++

[16.Jul 09:50:52] --- [~][autosudo+1]  ---
me@machine: % autosudo dis
+++ disabling auto sudo commands +++
    disabling less

[16.Jul 09:50:58] --- [~] ---
me@machine: % less /var/log/splunk/ticket.log
/var/log/splunk/ticket.log: Permission denied

What happens here? First, I enabled the feat with "autosudo ena". Next I called a sudo command "sudo less". Once completed the autosudo facility adds "less" as an autosudo wrapper and notifies me about it. From now on I can just use "less" instead of "sudo less" while achieving the same functionality. Finally I let it display a list of currently autosudo'ed commands ("autosudo sh") and then I disable it with "autosudo dis". Note that the plain "less" call in the end doesn't work anymore since after disabling autosudo "less" was not sudo wrapped anymore. Easy enough.

Here's the code:

autosudo () {
    # enable auto sudo
    case $1 in
            export AUTOSUDO=1
            export SUDOCMD=`type -p sudo`
            alias sudo=sudoexec
            unset AUTOSUDO
            unalias sudo
            echo "+++ disabling auto sudo commands +++"
            for cmd in $AUTOSUDOCMDS; do
                echo "    disabling $cmd"
                unset $cmd
            if test -n "$AUTOSUDO"; then
                echo "+++ auto sudo enabled for: $AUTOSUDOCMDS +++"
                echo "+++ auto sudo disabled +++"
            echo "Usage: autosudo <enable|disable|show>"

sudoexec () {
    # determine sudo cmd and if successfull, alias it away
    if test -n "$AUTOSUDO"; then
        if $SUDOCMD $*; then
            cmd=`echo "$*" | awk '{ print $1}'`
            if echo "$cmd" | egrep -v "^-" > /dev/null 2>&1; then
                cmd=`basename $cmd`
                cat <<EOF > $lambda
unalias $cmd
function        $cmd () {
  $SUDOCMD $cmd \$*
                export LAMBDA=$lambda
                AUTOSUDOCMDS="$AUTOSUDOCMDS $cmd"
                echo "+++ autosudo: added \"$cmd\" to auto sudo commands +++"

cleanlambda() {
    if test -n "$LAMBDA"; then
        rm -f $LAMBDA
        unset LAMBDA
PROMPT_COMMAND="if test -n \"\$LAMBDA\"; then source \$LAMBDA; cleanlambda; fi; PS1='\[\033]0;\u@$host:\w\007\]
\$(DATE) --- [\w]\$(SHAUTOSUDO)\$(JOBS) ---
\u@$host: $CURSOR '"

Some words about it: If you call "autosudo ena", then "sudo" will be made an alias to "sudoexec", one of the functions above. "sudoexec" then executes the sudo command as usual and if it returns success it extracts the command and puts it into a wrapper function which it writes into a temporary file. The filename gets exported into the variable $LAMBDA. The most important part is the extension to $PROMPT_COMMAND. I precede it with a little bit of code which looks for an environment variable $LAMBDA. If set it assumes it is a file and sources it. This makes the wrapper function available to the current bash environment.

16.07.2014 19:42 CC0 opensource Source

Ähnliche Beiträge:

Null Kommentar zu Autosudo

Aus welchem Land kommen Sie?
Ihr Kommentar erscheint erst, wenn wir ihn freigegeben haben!
Mit * markierte Felder sind Pflichtfelder.
Sofern Sie eine Emailadresse eingeben, wird diese automatisch nach einem Monat gelöscht.
Weitere Daten werden nicht aufgezeichnet.