Sfdwhf

Square Root Distance from Integers

Boss asked me to sign a resignation paper without a date on it along with my new contract

What is the difference between "...", '...', $'...', and $"..." quotes?

In harmony: key or the flow?

Does the US government have any planning in place to ensure there's no shortages of food, fuel, steel and other commodities?

Does Skippy chunky peanut butter contain trans fat?

Is there a way to not have to poll the UART of an AVR?

What species should be used for storage of human minds?

Renting a 2CV in France

Coworker asking me to not bring cakes due to self control issue. What should I do?

Which RAF squadrons and aircraft types took part in the bombing of Berlin on the 25th of August 1940?

How to politely refuse in-office gym instructor for steroids and protein

What senses are available to a corpse subjected to a Speak with Dead spell?

Integration of two exponential multiplied by each other

Equivalent of "illegal" for violating civil law

How would an AI self awareness kill switch work?

Is there any danger of my neighbor having my wife's signature?

Plausible reason for gold-digging ant

Why do neural networks need so many training examples to perform?

When obtaining gender reassignment/plastic surgery overseas, is an emergency travel document required to return home?

What's the oldest plausible frozen specimen for a Jurassic Park style story-line?

Book where a space ship journeys to the center of the galaxy to find all the stars had gone supernova

Why did Luke use his left hand to shoot?

Does it take energy to move something in a circle?

Bash: sudo -S

What's the difference between <<, <<< and < < in bash?How to get dialog box input directed to a variable?sudo: source: command not foundBash script using `sudo` runs correctly from cli but not when clicked to runReset History inside a bash scriptRun sudo command within directoryWhy is my default shell from /etc/passwd not started by terminals in a Unity session?Get back default /bin/bashBash script not recordingCannot launch gimpsudo, problems with terminal emulator excepting my pass wordCant start session at login screen

0

I'm trying to use sudo with -S to issue the password via command line.

$ sudo -S <<< "mypassword" command

This works, but it doesn't allow for interactive commands. Like nano for example:

$ sudo -S <<< "mypassword" nano /tmp/foo

It automatically closes the nano session. Same with apt-get:

$ sudo -S <<< "mypassword" apt-get install foo

It closes before I can press "y" to install foo. I know I can pass -y with apt but overall, this is frustrating.

Also tried stuff like this, but it still fails to engage with interactive session:

$ sudo -S <<< "mypassword" -H -u root bash -c "apt-get install foo"

Is it possible to use -S with sudo without cancelling all interactive shells?

command-line bash sudo redirect

share|improve this question

edited 22 mins ago

Sergiy Kolodyazhnyy

73.1k9153317

asked 4 hours ago

LauraLaura

535

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Since with -S you're telling sudo to read from stdin, effectively blocking the child command's access to stdin. Why do you want to use -S and not a NOPASSWD rule?
  
  – Olorin
  4 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Just to point out the obvious, passing passwords in such way is bad idea for security reasons. Passwords can be intercepted and they get stored into shell's history as well. See security.stackexchange.com/a/184158/121824
  
  – Sergiy Kolodyazhnyy
  1 hour ago
  

  
  
  
  

add a comment | 

0

I'm trying to use sudo with -S to issue the password via command line.

$ sudo -S <<< "mypassword" command

This works, but it doesn't allow for interactive commands. Like nano for example:

$ sudo -S <<< "mypassword" nano /tmp/foo

It automatically closes the nano session. Same with apt-get:

$ sudo -S <<< "mypassword" apt-get install foo

It closes before I can press "y" to install foo. I know I can pass -y with apt but overall, this is frustrating.

Also tried stuff like this, but it still fails to engage with interactive session:

$ sudo -S <<< "mypassword" -H -u root bash -c "apt-get install foo"

Is it possible to use -S with sudo without cancelling all interactive shells?

command-line bash sudo redirect

share|improve this question

edited 22 mins ago

Sergiy Kolodyazhnyy

73.1k9153317

asked 4 hours ago

LauraLaura

535

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Since with -S you're telling sudo to read from stdin, effectively blocking the child command's access to stdin. Why do you want to use -S and not a NOPASSWD rule?
  
  – Olorin
  4 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Just to point out the obvious, passing passwords in such way is bad idea for security reasons. Passwords can be intercepted and they get stored into shell's history as well. See security.stackexchange.com/a/184158/121824
  
  – Sergiy Kolodyazhnyy
  1 hour ago
  

  
  
  
  

add a comment | 

I'm trying to use sudo with -S to issue the password via command line.

$ sudo -S <<< "mypassword" command

This works, but it doesn't allow for interactive commands. Like nano for example:

$ sudo -S <<< "mypassword" nano /tmp/foo

It automatically closes the nano session. Same with apt-get:

$ sudo -S <<< "mypassword" apt-get install foo

It closes before I can press "y" to install foo. I know I can pass -y with apt but overall, this is frustrating.

Also tried stuff like this, but it still fails to engage with interactive session:

$ sudo -S <<< "mypassword" -H -u root bash -c "apt-get install foo"

Is it possible to use -S with sudo without cancelling all interactive shells?

command-line bash sudo redirect

share|improve this question

edited 22 mins ago

Sergiy Kolodyazhnyy

73.1k9153317

asked 4 hours ago

LauraLaura

535

$ sudo -S <<< "mypassword" command

$ sudo -S <<< "mypassword" nano /tmp/foo

$ sudo -S <<< "mypassword" apt-get install foo

$ sudo -S <<< "mypassword" -H -u root bash -c "apt-get install foo"

share|improve this question

edited 22 mins ago

Sergiy Kolodyazhnyy

73.1k9153317

asked 4 hours ago

LauraLaura

535

share|improve this question

edited 22 mins ago

Sergiy Kolodyazhnyy

73.1k9153317

asked 4 hours ago

LauraLaura

535

edited 22 mins ago

Sergiy Kolodyazhnyy

73.1k9153317

edited 22 mins ago

Sergiy Kolodyazhnyy

73.1k9153317

asked 4 hours ago

LauraLaura

535

asked 4 hours ago

LauraLaura

535

1 Answer
1

active

oldest

votes

0

File descriptors are inherited

What you're using is <<< aka here-string, and that type of redirection is implemented via temporary files that are immediately unlinked (aka deleted). Knowing also that processes inherit file descriptors (and stdin among them) from parent to child, when sudo -S is performed, it reads its input from the temporary file that your original shell has passed to it (the one that reads sudo -S command). You can see that in action:

$ sudo -S bash -c 'ls -l /proc/self/fd/0' <<< "mypasswd"

lr-x------ 1 root root 64 Feb 26 13:12 /proc/self/fd/0 -> '/tmp/sh-thd.cUOOXU (deleted)'

Thus, nano reports Too many errors from stdin error in such case. What can be done is to manually re-wire where stdin is coming from.

$ sudo -S bash -c 'exec < /dev/tty; nano /tmp/foobar' <<< "mypasswd"



$ sudo -S bash -c 'nano /tmp/foobar < /dev/tty' <<< "mypasswd"

Either of the two commands will lauch nano properly and other commands as well. /dev/tty is the special file representing current terminal device, and it is effectively the same thing as stdin of "normal" interactive shell (and of course I am oversimplifying that statement).

Another variation on the theme is $ sudo -S bash -c 'nano /tmp/foobar 0>&1' <<<"mypasswd". stdout effectively points to the same terminal device (unless you've explicitly provided a redirection to have stdout point somewhere else). Thus, if we make stdin point to be the duplicate of stdout, it's effectively the same solution as above. (And if you're wondering why I highlighted dup part, that's because dup2() syscall is the one responsible for all the juggling of file descriptors under the hood)

---

Caution

However, note that I don't encourage using sudo -S in interactive shell, since passwords will remain in shell's history

$ sudo -S bash -c 'sleep 3m' <<< "ohnomypassword"

^C

$ history 2

 2016  sudo -S bash -c 'sleep 3m' <<< "ohnomypassword"

 2017  history 2

sudo -S is more appropriate for use with other processes, where sudo -S would expect input via pipeline, ideally from zenity --password or dialog --passwordbox "foobar text" 200 200 (see extra1 and extra2 about dialog).

share|improve this answer

edited 23 mins ago

answered 52 mins ago

Sergiy KolodyazhnyySergiy Kolodyazhnyy

73.1k9153317

add a comment | 

Your Answer

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "89"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1121283%2fbash-sudo-s-mypassword-interactive-shell-issue%23new-answer', 'question_page');
}
);

Post as a guest

Name

Email

Required, but never shown

0

File descriptors are inherited

What you're using is <<< aka here-string, and that type of redirection is implemented via temporary files that are immediately unlinked (aka deleted). Knowing also that processes inherit file descriptors (and stdin among them) from parent to child, when sudo -S is performed, it reads its input from the temporary file that your original shell has passed to it (the one that reads sudo -S command). You can see that in action:

$ sudo -S bash -c 'ls -l /proc/self/fd/0' <<< "mypasswd"

lr-x------ 1 root root 64 Feb 26 13:12 /proc/self/fd/0 -> '/tmp/sh-thd.cUOOXU (deleted)'

Thus, nano reports Too many errors from stdin error in such case. What can be done is to manually re-wire where stdin is coming from.

$ sudo -S bash -c 'exec < /dev/tty; nano /tmp/foobar' <<< "mypasswd"



$ sudo -S bash -c 'nano /tmp/foobar < /dev/tty' <<< "mypasswd"

Either of the two commands will lauch nano properly and other commands as well. /dev/tty is the special file representing current terminal device, and it is effectively the same thing as stdin of "normal" interactive shell (and of course I am oversimplifying that statement).

Another variation on the theme is $ sudo -S bash -c 'nano /tmp/foobar 0>&1' <<<"mypasswd". stdout effectively points to the same terminal device (unless you've explicitly provided a redirection to have stdout point somewhere else). Thus, if we make stdin point to be the duplicate of stdout, it's effectively the same solution as above. (And if you're wondering why I highlighted dup part, that's because dup2() syscall is the one responsible for all the juggling of file descriptors under the hood)

---

Caution

However, note that I don't encourage using sudo -S in interactive shell, since passwords will remain in shell's history

$ sudo -S bash -c 'sleep 3m' <<< "ohnomypassword"

^C

$ history 2

 2016  sudo -S bash -c 'sleep 3m' <<< "ohnomypassword"

 2017  history 2

sudo -S is more appropriate for use with other processes, where sudo -S would expect input via pipeline, ideally from zenity --password or dialog --passwordbox "foobar text" 200 200 (see extra1 and extra2 about dialog).

share|improve this answer

edited 23 mins ago

answered 52 mins ago

Sergiy KolodyazhnyySergiy Kolodyazhnyy

73.1k9153317

add a comment | 

0

File descriptors are inherited

What you're using is <<< aka here-string, and that type of redirection is implemented via temporary files that are immediately unlinked (aka deleted). Knowing also that processes inherit file descriptors (and stdin among them) from parent to child, when sudo -S is performed, it reads its input from the temporary file that your original shell has passed to it (the one that reads sudo -S command). You can see that in action:

$ sudo -S bash -c 'ls -l /proc/self/fd/0' <<< "mypasswd"

lr-x------ 1 root root 64 Feb 26 13:12 /proc/self/fd/0 -> '/tmp/sh-thd.cUOOXU (deleted)'

Thus, nano reports Too many errors from stdin error in such case. What can be done is to manually re-wire where stdin is coming from.

$ sudo -S bash -c 'exec < /dev/tty; nano /tmp/foobar' <<< "mypasswd"



$ sudo -S bash -c 'nano /tmp/foobar < /dev/tty' <<< "mypasswd"

Either of the two commands will lauch nano properly and other commands as well. /dev/tty is the special file representing current terminal device, and it is effectively the same thing as stdin of "normal" interactive shell (and of course I am oversimplifying that statement).

Another variation on the theme is $ sudo -S bash -c 'nano /tmp/foobar 0>&1' <<<"mypasswd". stdout effectively points to the same terminal device (unless you've explicitly provided a redirection to have stdout point somewhere else). Thus, if we make stdin point to be the duplicate of stdout, it's effectively the same solution as above. (And if you're wondering why I highlighted dup part, that's because dup2() syscall is the one responsible for all the juggling of file descriptors under the hood)

---

Caution

However, note that I don't encourage using sudo -S in interactive shell, since passwords will remain in shell's history

$ sudo -S bash -c 'sleep 3m' <<< "ohnomypassword"

^C

$ history 2

 2016  sudo -S bash -c 'sleep 3m' <<< "ohnomypassword"

 2017  history 2

sudo -S is more appropriate for use with other processes, where sudo -S would expect input via pipeline, ideally from zenity --password or dialog --passwordbox "foobar text" 200 200 (see extra1 and extra2 about dialog).

share|improve this answer

edited 23 mins ago

answered 52 mins ago

Sergiy KolodyazhnyySergiy Kolodyazhnyy

73.1k9153317

add a comment | 

File descriptors are inherited

What you're using is <<< aka here-string, and that type of redirection is implemented via temporary files that are immediately unlinked (aka deleted). Knowing also that processes inherit file descriptors (and stdin among them) from parent to child, when sudo -S is performed, it reads its input from the temporary file that your original shell has passed to it (the one that reads sudo -S command). You can see that in action:

$ sudo -S bash -c 'ls -l /proc/self/fd/0' <<< "mypasswd"

lr-x------ 1 root root 64 Feb 26 13:12 /proc/self/fd/0 -> '/tmp/sh-thd.cUOOXU (deleted)'

Thus, nano reports Too many errors from stdin error in such case. What can be done is to manually re-wire where stdin is coming from.

$ sudo -S bash -c 'exec < /dev/tty; nano /tmp/foobar' <<< "mypasswd"



$ sudo -S bash -c 'nano /tmp/foobar < /dev/tty' <<< "mypasswd"

Either of the two commands will lauch nano properly and other commands as well. /dev/tty is the special file representing current terminal device, and it is effectively the same thing as stdin of "normal" interactive shell (and of course I am oversimplifying that statement).

Another variation on the theme is $ sudo -S bash -c 'nano /tmp/foobar 0>&1' <<<"mypasswd". stdout effectively points to the same terminal device (unless you've explicitly provided a redirection to have stdout point somewhere else). Thus, if we make stdin point to be the duplicate of stdout, it's effectively the same solution as above. (And if you're wondering why I highlighted dup part, that's because dup2() syscall is the one responsible for all the juggling of file descriptors under the hood)

---

Caution

However, note that I don't encourage using sudo -S in interactive shell, since passwords will remain in shell's history

$ sudo -S bash -c 'sleep 3m' <<< "ohnomypassword"

^C

$ history 2

 2016  sudo -S bash -c 'sleep 3m' <<< "ohnomypassword"

 2017  history 2

sudo -S is more appropriate for use with other processes, where sudo -S would expect input via pipeline, ideally from zenity --password or dialog --passwordbox "foobar text" 200 200 (see extra1 and extra2 about dialog).

share|improve this answer

edited 23 mins ago

answered 52 mins ago

Sergiy KolodyazhnyySergiy Kolodyazhnyy

73.1k9153317

$ sudo -S bash -c 'ls -l /proc/self/fd/0' <<< "mypasswd"

lr-x------ 1 root root 64 Feb 26 13:12 /proc/self/fd/0 -> '/tmp/sh-thd.cUOOXU (deleted)'

$ sudo -S bash -c 'exec < /dev/tty; nano /tmp/foobar' <<< "mypasswd"



$ sudo -S bash -c 'nano /tmp/foobar < /dev/tty' <<< "mypasswd"

$ sudo -S bash -c 'sleep 3m' <<< "ohnomypassword"

^C

$ history 2

 2016  sudo -S bash -c 'sleep 3m' <<< "ohnomypassword"

 2017  history 2

share|improve this answer

edited 23 mins ago

answered 52 mins ago

Sergiy KolodyazhnyySergiy Kolodyazhnyy

73.1k9153317

answered 52 mins ago

Sergiy KolodyazhnyySergiy Kolodyazhnyy

73.1k9153317

answered 52 mins ago

Sergiy KolodyazhnyySergiy Kolodyazhnyy

73.1k9153317