Just ran into a situation where I wanted to use su root -c "$*"
in a script, but only for certain commands within the script not all. So I wonder, when needing to use root privileges for several commands within a script, that are also in and amongst other commands that you normally wouldn't run as root, is it possible to call a command as a normal user within in the quoted string??
eg:
#!/bin/sh
set -eu
DIR1=/home/dave/.pkgsrc/
DIR2=/home/dave/.pkgsrc/pkgtools/osabi
DIR3=/home/dave/.pkgsrc/pkgtools/x11-links
su root -c " \
# remove osabi and x11-links before upgrade
pkg_delete osabi-NetBSD-9.2_STABLE x11-links-1.34 ; \
# update pkgsrc
cd $DIR1 && cvs update -dP ; \
# update repositories
pkgin update ; \
# upgrade packages
pkgin -y full-upgrade ; \
# build and install osabi
cd $DIR2 && su dave -c 'make -s' ; \
make install clean distclean clean-depends ; \
# build and install x11-links
cd $DIR3 && su dave -c 'make -s' ; \
make install clean distclean clean-depends ; \
# remove orphan packages and clean pkgin
pkgin -y autoremove && pkgin clean ; \
"
# optionally also update pkgsrc/wip repo as normal user here
cd ~/.pkgsrc/wip && git pull -r
exit
Don't focus on what is actually going on in this script or ask why I'm removing and re-installing osabi
and x11-links
. What I'd like to know is, how can I run the make -s
commands as a normal user within this list of commands being run as root? (I've been told by smarter people that you shouldn't run make
as root)
My goal here is to use su root -c "$*"
in place of something like sudo
or doas
and only enter my password once.
Where you could call sudo
/doas
for each command required to be run as root and still only enter your password once due to their "persistance" setting, with the su
method I'd be asked for my password each time.
Eg. is it possible to do something like this...
su root -c " \
run this root command ; \
$(su user -c 'run this command as a user') ; \
run another command as root
"
The alternative is to build persistance into the suas
script which I kinda guess would be more effort than it's worth?