Loading
Running Complex Commands with sudo
If you use sudo to run commands as root, you've probably run into “permission denied” problems when only part of a pipeline or part of a command is running with root permissions.
This fails with “permission denied” because the file is writable only by root:
$ echo 12000 > /proc/sys/vm/dirty_writeback_centisecs
But, this fails too:
$ sudo echo 12000 > /proc/sys/vm/dirty_writeback_centisecs
Why? The /bin/echo program is running as root, because of sudo, but the shell that's redirecting echo's output to the root-only file is still running as you. Your current shell does the redirection before sudo starts.
The solution is to run the whole pipeline under sudo. There are a couple ways to do it, but I prefer:
echo "echo 12000 > /proc/sys/vm/dirty_writeback_centisecs" | sudo sh
That way, I can type everything before the pipe character, and see what I'm about to run as root, then press the up arrow and add the | sudo sh to do it for real. This is not a big deal for short, obvious pipelines, but when you're building up a more complicated command as root, it's safer to look at it first before you run it.
______________________
- Well spotted. I've corrected
48 min 50 sec ago - This is a great program. We
3 hours 49 min ago - No Air for Linux
5 hours 38 min ago - HEWLETT PACKARD created
5 hours 48 min ago - HEWLETT PACKARD created
5 hours 51 min ago - very helpful :)
6 hours 12 min ago - I'll give it a whirl
14 hours 46 min ago - TFPT, don't you mean TFTP!? I
23 hours 15 min ago - wunderbar!!
23 hours 34 min ago - Lubuntu on a USB key
1 day 13 hours ago
Comments
Why? The /bin/echo program
Why? The /bin/echo program is running as root, because of sudo, but the shell that's redirecting echo's output to the root-only file is still running as you. Your current shell does the redirection before sudo starts.
The solution is to run the whole pipeline under sudo. There are a couple ways to do it, but I prefer:
boediger
A whole article decribing a
A whole article decribing a single command line method? Surely more thought could have gone into this.
A whole article decribing a
A whole article decribing a single command line method? Surely more thought could have gone into this.
tee shirts?
man 1 tee
just as the above post explains, you can use tee. It is easier to visualise what's happening.
Proto's way is better.
Sorry, bad cut and paste. Proto's method shows:
Apr 3 12:00:09 xxxxxxxx sudo: xxxxxxx : TTY=pts/22 ; PWD=/tmp ; USER=root ; COMMAND=/bin/sh -c echo 0 >/proc/sys/net/ipv4/ip_forward
First set of xxxxxxxx is machine name, second is userid.
Proto's way is better
It gives better logging.
Using proto's method, auth.log shows:
Apr 3 12:00:12 xxxxxxxxx sudo: xxxxxxxx : TTY=pts/22 ; PWD=/tmp ; USER=root ; COMMAND=/usr/bin/tail /var/log/auth.log
Don's way just shows:
Apr 3 11:58:02 xxxxxxxx sudo: xxxxxxxx : TTY=pts/22 ; PWD=/tmp ; USER=root ; COMMAND=/bin/sh
sudo: cd: command not found
The one that drives me crazy is when I'm trying to change to a directory with only root access:
I always just give up at that point and change to the root user account with:
but I guess I could stack up the commands as shown above.
I do the same with: sudo sh
I do the same with:
sudo sh -c "echo 12000 > /proc/sys/vm/dirty_writeback_centisecs"
I use the same one: sudo -c
I use the same one: sudo -c ''. It is the more direct approach available, than using echo with sudo.
how about 'sudo -i' first?
how about 'sudo -i' first?
I am totally agree with you,
I am totally agree with you, It's really great.
another way
I like to use tee for this. Using your example, you could use
$ echo 12000 | sudo tee /proc/sys/vm/dirty_writeback_centisecsThis works for the same reason, it runs tee with sudo. You can also use
tee -ato append to file instead of overwriting it.