如何检查在bash脚本中是否作为根运行?

时间:2021-09-30 11:29:15

I'm writing a script that requires root level permissions, and I want to make it so that if the script is not run as root, it simply echoes "Please run as root." and exits.

我正在编写一个脚本,它需要root权限权限,我想让它这样,如果脚本不是作为根运行的,它只是响应“请以root身份运行”,然后退出。

Here's some pseudocode for what I'm looking for:

下面是一些伪代码:

if (whoami != root)
  then echo "Please run as root"

  else (do stuff)
fi

exit

How could I best (cleanly and securely) accomplish this? Thanks!

我怎样才能最好地(干净安全地)完成这件事呢?谢谢!

Ah, just to clarify: the (do stuff) part would involve running commands that in-and-of themselves require root. So running it as a normal user would just come up with an error. This is just meant to cleanly run a script that requires root commands, without using sudo inside the script, I'm just looking for some syntactic sugar.

啊,只是澄清一下:(做的事情)部分会涉及到运行的命令,它们本身需要root。所以作为一个普通用户运行它会产生一个错误。这只是为了干净地运行一个需要root命令的脚本,而不需要在脚本中使用sudo,我只是在寻找一些语法糖。

13 个解决方案

#1


223  

The $EUID environment variable holds the current user's UID. Root's UID is 0. Use something like this in your script:

$EUID环境变量保存当前用户的UID。根的UID = 0。在你的脚本中使用这样的东西:

if [ "$EUID" -ne 0 ]
  then echo "Please run as root"
  exit
fi

#2


51  

In a bash script, you have several ways to check if the running user is root.

在bash脚本中,您有几种方法来检查运行的用户是否是root用户。

As a warning, do not check if a user is root by using the root username. Nothing guarantees that the user with ID 0 is called root. It's a very strong convention that is broadly followed but anybody could rename the superuser another name.

作为警告,不要检查用户是否根用户名。不能保证ID 0的用户名为root。这是一个非常严格的惯例,但任何人都可以为超级用户重命名另一个名字。

I think the best way when using bash is to use $EUID, from the man page:

我认为使用bash的最好方法是使用$EUID,从手册页:

EUID   Expands to the effective user ID of the current  user,  initialized
       at shell startup.  This variable is readonly.

This is a better way than $UID which could be changed and not reflect the real user running the script.

这是一种比$UID更好的方法,它可以更改,而不是反映运行脚本的实际用户。

if (( $EUID != 0 )); then
    echo "Please run as root"
    exit
fi

A way I approach that kind of problem is by injecting sudo in my commands when not run as root. Here is an example:

我处理这类问题的方法是在命令中注入sudo,而不是作为根运行。这是一个例子:

SUDO=''
if (( $EUID != 0 )); then
    SUDO='sudo'
fi
$SUDO a_command

This ways my command is run by root when using the superuser or by sudo when run by a regular user.

在使用超级用户或由常规用户运行的sudo时,我的命令是由root运行的。

If your script is always to be run by root, simply set the rights accordingly (0500).

如果您的脚本总是由root运行,只需相应地设置相应的权限(0500)。

#3


33  

if [[ $(id -u) -ne 0 ]] ; then echo "Please run as root" ; exit 1 ; fi

or

if [[ `id -u` -ne 0 ]] ; then echo "Please run as root" ; exit 1 ; fi

:)

:)

#4


28  

As @wrikken mentioned in his comments, id -u is a much better check for root.

正如@wrikken在他的评论中提到的,id -u对于root来说是一个更好的检查。

In addition, with proper use of sudo, you could have the script check and see if it is running as root. If not, have it recall itself via sudo and then run with root permissions.

此外,适当使用sudo,您可以让脚本检查并查看它是否以root身份运行。如果没有,请让它通过sudo恢复,然后使用root权限运行。

Depending on what the script does, another option may be to set up a sudo entry for whatever specialized commands the script may need.

根据脚本的不同,另一个选项可能是为脚本可能需要的任何特定命令设置sudo条目。

#5


28  

A few answers have been given, but it appears that the best method is to use is:

已经给出了一些答案,但似乎最好的方法是:

  • id -u
  • id - u
  • If run as root, will return an id of 0.
  • 如果以root身份运行,则返回id为0。

This appears to be more reliable than the other methods, and it seems that it return an id of 0 even if the script is run through sudo.

这似乎比其他方法更可靠,即使脚本是通过sudo运行的,它似乎返回一个id为0。

#6


16  

There is a simple check for a user being root.

对于root用户,有一个简单的检查。

The [[ stuff ]] syntax is the standard way of running a check in bash.

[[stuff]]语法是在bash中运行检查的标准方法。

error() {
  printf '\E[31m'; echo "$@"; printf '\E[0m'
}

if [[ $EUID -eq 0 ]]; then
    error "This script should not be run using sudo or as the root user"
    exit 1
fi

This also assumes that you want to exit with a 1 if you fail. The error function is some flair that sets output text to red (not needed, but pretty classy if you ask me).

这也假设你想退出,如果你失败了。错误函数是一些将输出文本设置为红色(不需要,但如果您问我)的天赋。

#7


8  

0- Read official GNU Linux documentation, there are many ways to do it correctly.

0-阅读官方的GNU Linux文档,有很多方法可以正确地完成它。

1- make sure you put the shell signature to avoid errors in interpretation:

1-确保您放置了shell签名以避免错误的解释:

 #!/bin/bash

2- this is my script

这是我的剧本。

#!/bin/bash 

if [[ $EUID > 0 ]]; then # we can compare directly with this syntax.
  echo "Please run as root/sudo"
  exit 1
else
  #do your stuff
fi

#8


7  

Very simple way just put:

非常简单的方法:

if [ "$(whoami)" == "root" ] ; then
    # you are root
else
    # you are not root
fi

The benefit of using this instead of id is that you can check whether a certain non-root user is running the command, too; eg.

使用这个而不是id的好处是,您可以检查某个非根用户是否正在运行该命令;如。

if [ "$(whoami)" == "john" ] ; then
    # you are john
else
    # you are not john
fi

#9


5  

If the script really requires root access then its file permissions should reflect that. Having a root script executable by non-root users would be a red flag. I encourage you not to control access with an if check.

如果脚本真的需要根访问,那么它的文件权限应该反映这一点。具有非根用户可执行的根脚本将是一个危险信号。我建议您不要使用if检查控制访问。

chown root:root script.sh
chmod u=rwx,go=r script.sh

#10


4  

try the following code:

试试下面的代码:

if [ "$(id -u)" != "0" ]; then
    echo "Sorry, you are not root."
    exit 1
fi

OR

if [ `id -u` != "0" ]; then
    echo "Sorry, you are not root."
    exit 1
fi

#11


2  

id -u is much better than whoami, since some systems like android may not provide the word root.

id -u比whoami好得多,因为像android这样的系统可能无法提供词根。

Example:

例子:

# whoami
whoami
whoami: unknown uid 0

#12


2  

One simple way to make the script only runnable by root is to start the script with the line:
#!/bin/su root

一个简单的方法,使脚本只可运行的根是开始脚本的一行:#!/bin/su根

#13


0  

Check for root, exit if fails:

检查根,退出如果失败:

    func_check_for_root() {
        if [ ! $( id -u ) -eq 0 ]; then
            echo "ERROR: $0 Must be run as root, Script terminating" ;exit 7
        fi
    }
    func_check_for_root

Then there is also whoami and 'who am i', if you want to know who called a script verses who is currently running a script:

如果你想知道谁说的是谁在运行一个脚本,那么还有whoami和“我是谁”。

    it@it-ThinkPad-W510:~$ who am i
    it       pts/19       2014-06-03 12:39 (:0.0)
    it@it-ThinkPad-W510:~$ sudo who am i
    [sudo] password for it: 
    it       pts/19       2014-06-03 12:39 (:0.0)

(see that even with sudo called it gives the users id)

(请注意,即使使用sudo,它也提供了用户id)

    it@it-ThinkPad-W510:~$ sudo whoami
    root

Hence,

因此,

    if [ "$(whoami)" == "user" ]; then
                echo "Executing the installer script"

    else
                echo "user is only allowed to execute the installer script"
    fi

#1


223  

The $EUID environment variable holds the current user's UID. Root's UID is 0. Use something like this in your script:

$EUID环境变量保存当前用户的UID。根的UID = 0。在你的脚本中使用这样的东西:

if [ "$EUID" -ne 0 ]
  then echo "Please run as root"
  exit
fi

#2


51  

In a bash script, you have several ways to check if the running user is root.

在bash脚本中,您有几种方法来检查运行的用户是否是root用户。

As a warning, do not check if a user is root by using the root username. Nothing guarantees that the user with ID 0 is called root. It's a very strong convention that is broadly followed but anybody could rename the superuser another name.

作为警告,不要检查用户是否根用户名。不能保证ID 0的用户名为root。这是一个非常严格的惯例,但任何人都可以为超级用户重命名另一个名字。

I think the best way when using bash is to use $EUID, from the man page:

我认为使用bash的最好方法是使用$EUID,从手册页:

EUID   Expands to the effective user ID of the current  user,  initialized
       at shell startup.  This variable is readonly.

This is a better way than $UID which could be changed and not reflect the real user running the script.

这是一种比$UID更好的方法,它可以更改,而不是反映运行脚本的实际用户。

if (( $EUID != 0 )); then
    echo "Please run as root"
    exit
fi

A way I approach that kind of problem is by injecting sudo in my commands when not run as root. Here is an example:

我处理这类问题的方法是在命令中注入sudo,而不是作为根运行。这是一个例子:

SUDO=''
if (( $EUID != 0 )); then
    SUDO='sudo'
fi
$SUDO a_command

This ways my command is run by root when using the superuser or by sudo when run by a regular user.

在使用超级用户或由常规用户运行的sudo时,我的命令是由root运行的。

If your script is always to be run by root, simply set the rights accordingly (0500).

如果您的脚本总是由root运行,只需相应地设置相应的权限(0500)。

#3


33  

if [[ $(id -u) -ne 0 ]] ; then echo "Please run as root" ; exit 1 ; fi

or

if [[ `id -u` -ne 0 ]] ; then echo "Please run as root" ; exit 1 ; fi

:)

:)

#4


28  

As @wrikken mentioned in his comments, id -u is a much better check for root.

正如@wrikken在他的评论中提到的,id -u对于root来说是一个更好的检查。

In addition, with proper use of sudo, you could have the script check and see if it is running as root. If not, have it recall itself via sudo and then run with root permissions.

此外,适当使用sudo,您可以让脚本检查并查看它是否以root身份运行。如果没有,请让它通过sudo恢复,然后使用root权限运行。

Depending on what the script does, another option may be to set up a sudo entry for whatever specialized commands the script may need.

根据脚本的不同,另一个选项可能是为脚本可能需要的任何特定命令设置sudo条目。

#5


28  

A few answers have been given, but it appears that the best method is to use is:

已经给出了一些答案,但似乎最好的方法是:

  • id -u
  • id - u
  • If run as root, will return an id of 0.
  • 如果以root身份运行,则返回id为0。

This appears to be more reliable than the other methods, and it seems that it return an id of 0 even if the script is run through sudo.

这似乎比其他方法更可靠,即使脚本是通过sudo运行的,它似乎返回一个id为0。

#6


16  

There is a simple check for a user being root.

对于root用户,有一个简单的检查。

The [[ stuff ]] syntax is the standard way of running a check in bash.

[[stuff]]语法是在bash中运行检查的标准方法。

error() {
  printf '\E[31m'; echo "$@"; printf '\E[0m'
}

if [[ $EUID -eq 0 ]]; then
    error "This script should not be run using sudo or as the root user"
    exit 1
fi

This also assumes that you want to exit with a 1 if you fail. The error function is some flair that sets output text to red (not needed, but pretty classy if you ask me).

这也假设你想退出,如果你失败了。错误函数是一些将输出文本设置为红色(不需要,但如果您问我)的天赋。

#7


8  

0- Read official GNU Linux documentation, there are many ways to do it correctly.

0-阅读官方的GNU Linux文档,有很多方法可以正确地完成它。

1- make sure you put the shell signature to avoid errors in interpretation:

1-确保您放置了shell签名以避免错误的解释:

 #!/bin/bash

2- this is my script

这是我的剧本。

#!/bin/bash 

if [[ $EUID > 0 ]]; then # we can compare directly with this syntax.
  echo "Please run as root/sudo"
  exit 1
else
  #do your stuff
fi

#8


7  

Very simple way just put:

非常简单的方法:

if [ "$(whoami)" == "root" ] ; then
    # you are root
else
    # you are not root
fi

The benefit of using this instead of id is that you can check whether a certain non-root user is running the command, too; eg.

使用这个而不是id的好处是,您可以检查某个非根用户是否正在运行该命令;如。

if [ "$(whoami)" == "john" ] ; then
    # you are john
else
    # you are not john
fi

#9


5  

If the script really requires root access then its file permissions should reflect that. Having a root script executable by non-root users would be a red flag. I encourage you not to control access with an if check.

如果脚本真的需要根访问,那么它的文件权限应该反映这一点。具有非根用户可执行的根脚本将是一个危险信号。我建议您不要使用if检查控制访问。

chown root:root script.sh
chmod u=rwx,go=r script.sh

#10


4  

try the following code:

试试下面的代码:

if [ "$(id -u)" != "0" ]; then
    echo "Sorry, you are not root."
    exit 1
fi

OR

if [ `id -u` != "0" ]; then
    echo "Sorry, you are not root."
    exit 1
fi

#11


2  

id -u is much better than whoami, since some systems like android may not provide the word root.

id -u比whoami好得多,因为像android这样的系统可能无法提供词根。

Example:

例子:

# whoami
whoami
whoami: unknown uid 0

#12


2  

One simple way to make the script only runnable by root is to start the script with the line:
#!/bin/su root

一个简单的方法,使脚本只可运行的根是开始脚本的一行:#!/bin/su根

#13


0  

Check for root, exit if fails:

检查根,退出如果失败:

    func_check_for_root() {
        if [ ! $( id -u ) -eq 0 ]; then
            echo "ERROR: $0 Must be run as root, Script terminating" ;exit 7
        fi
    }
    func_check_for_root

Then there is also whoami and 'who am i', if you want to know who called a script verses who is currently running a script:

如果你想知道谁说的是谁在运行一个脚本,那么还有whoami和“我是谁”。

    it@it-ThinkPad-W510:~$ who am i
    it       pts/19       2014-06-03 12:39 (:0.0)
    it@it-ThinkPad-W510:~$ sudo who am i
    [sudo] password for it: 
    it       pts/19       2014-06-03 12:39 (:0.0)

(see that even with sudo called it gives the users id)

(请注意,即使使用sudo,它也提供了用户id)

    it@it-ThinkPad-W510:~$ sudo whoami
    root

Hence,

因此,

    if [ "$(whoami)" == "user" ]; then
                echo "Executing the installer script"

    else
                echo "user is only allowed to execute the installer script"
    fi