[sf-lug] sudo

Akkana Peck akkana at shallowsky.com
Wed Nov 8 19:20:09 PST 2017

Alex Kleider writes:
> Here is what I have come up with so far:
> #!/bin/bash
> export ap_ip=
> sudo sh -c 'echo "$ap_ip  library library.lan rachel rachel.lan" >> /etc/hosts'
> This seems to work except for the fact that the variable ap_ip
> does not get inserted, only the other part of the line.

I'm not sure why the export doesn't pass ap_ip through to the su
shell. Seems like that should work, but you're right, it doesn't.
But you could replace the single quotes with double quotes,
and get rid of the inner double quotes:

sudo sh -c "echo $ap_ip  library library.lan rachel rachel.lan >> /etc/hosts"

That won't preserve your extra whitespace. If the whitespace is
important, you could try single-quoting everything except the variable:

sudo sh -c "echo $ap_ip ' library library.lan rachel rachel.lan' >> /etc/hosts"

with an appropriate number of spaces after the first single quote.

This will expand $ap_ip before it passes the string to sh -c,
so make sure $ap_ip can't be set to anything evil. (Of course, that
holds for anything you run from a script and pass to sudo sh -c,
which can open the door to all sorts of fun security holes).

> [1] It so happens that the Raspberry Pi does not ask for a password
> when an sudo command is issued (not sure how that is- not seen it
> on any other Linux system.)

It's because the default "pi" user is in /etc/sudoers with NOPASSWD: ALL.
man sudoers for lots more information on how that works.


More information about the sf-lug mailing list