如何在我的bash安裝腳本中使用用戶提供的root密碼

Question

我試圖安裝cronjob在親戚的機器上運行bash shell腳本。他們將運行安裝，我無法遠程訪問它（這是我的腳本是 - - 但這不是問題在這裏）。我使用kdialog來請求他們的root密碼，然後想用它來sudo各種命令。我的下面的代碼失敗了：a）揭示終端上的root p/w，以及​​b）未能將其管理到各種sudos。幫幫我？

#!/bin/bash 
kdialog --password "Please enter your root password to install theCronScript.sh and set up cron" 

# Sanity checks =========================================╕ 
if test -z "$BASH" ; then 
     printf "$SCRIPT:$LINENO: please run this script with the BASH shell\n">&2 
     exit 192 
fi 
#========================================================╛ 

# Global variables=======================================╕ 
PW="$?" 
THISDIR="$(pwd)" 
GETIPFILE='theCronScript.sh' 
CRONPERIOD='/15 * * * * ' 
TARGETCRONDIR='/etc/cron.hourly' 
#========================================================╛ 
echo "hi" 

# txt file exists check =================================╕ 
echo "Checking:" 
if [ ! -f "$THISDIR/$GETIPFILE" ]; then #there's no file to install 
    kdialog --msgbox "I cannot find $GETIPFILE to upload\nPlease check attachments in recent e-mails from Greg and download $GETIPFILE to $THISDIR" 
    exit 
else 
    if [ -f "$TARGETCRONDIR/$GETIPFILE" ]; then #the target already exists 
    kdialog --title "Replace or Keep" --warningyesno "A similar file already exists.\n Do you want to replace it (recommended)?\n(The original file will be saved with a different name _OLD)" 
    if [ $? = 0 ]; then # rename, then replace the existing file 
     #echo $PW is probably unneccessary beyond the first use but just in case... 
     RNGETIPFILE=$GETIPFILE'_OLD' 
     echo $PW | sudo -S mv $TARGETCRONDIR/$GETIPFILE $TARGETCRONDIR/$RNGETIPFILE #rename original file 
     echo $PW | sudo -S cp $THISDIR/$GETIPFILE $TARGETCRONDIR/$GETIPFILE #copy new version in 
     echo $PW | sudo -S chmod +x $TARGETCRONDIR/$GETIPFILE # 
     echo $PW | sudo -S crontab -l > mycron #write out current crontab 
     echo $PW | sudo -S echo $CRONPERIOD $TARGETCRONDIR >> mycron #echo new cron into cron file 
     echo $PW | sudo -S crontab mycron #install new cron file 
     rm mycron 
     $PW="" #clear password variable once it's no longer required 
    else # Don't replace, exit 
     exit 
    fi 
    else # Nothing to replace. Just copy it in 
     echo $PW | sudo -S "cp $THISDIR/$GETIPFILE $TARGETCRONDIR/$GETIPFILE" #copy new version in 
     echo $PW | sudo -S chmod +x $TARGETCRONDIR/$GETIPFILE # make sure it's executable 
     echo $PW | sudo -S crontab -l > mycron #write out current crontab 
     echo $PW | sudo -S echo $CRONPERIOD $TARGETCRONDIR >> mycron #echo new cron into cron file 
     echo $PW | sudo -S crontab mycron #install new cron file 
     rm mycron 
     $PW="" #clear password variable once it's no longer required 
    fi 
fi 

exit 0 
#========================================================╛ 

Answer 1

一個選項是通過外部GUI直接在sudo命令中詢問密碼。從sudo手冊頁：

-A, --askpass 
      Normally, if sudo requires a password, it will read it from the user's terminal. If the -A (askpass) option is specified, a (possibly graphical) 
      helper program is executed to read the user's password and output the password to the standard output. If the SUDO_ASKPASS environment variable is 
      set, it specifies the path to the helper program. Otherwise, if sudo.conf(5) contains a line specifying the askpass program, that value will be 
      used. For example: 

       # Path to askpass helper program 
       Path askpass /usr/X11R6/bin/ssh-askpass 

      If no askpass program is available, sudo will exit with an error. 

如果sudo是緩存的憑證，它只會要求輸入此密碼一次。一種方法我用得到這個緩存是，具有比緩存密碼等無副作用：

export SUDO_ASKPASS=/usr/bin/ssh-askpass 
sudo --askpass true 

根據您正在運行的發行，ssh-askpass可能是別的地方。 StackExchange上有一個example關於如何使用kdialog來獲取sudo askpass的密碼。作爲參考，在這裏是腳本：

$ cat myaskpass.sh 
#!/bin/bash 
kdialog --password "Please enter your password: " 
exit 0 

你將如何使用它：

export SUDO_ASKPASS=/path/to/myaskpass.sh 
sudo --askpass true