How do I run a sudo command needing password input in the background?
I have recently disabled sudo
's authentication caching ability so that it now prompts me for a password every time.
And though this is good for security, it has caused one slight problem which I haven't been able to figure out a solution for, I am unable to run commands which go along the lines of:
sudo <command> &
In the past I would have run a sudo
command before that, it would have cached my password and allowed me to run sudo
commands without prompt for the next few minutes, and thus it would allow me to run the command.
But when I run it now as there is no caching before hand and as it starts a new thread immediately and sudo
doesn't even prompt me for a password, I am unable to run it in this way.
So unless I run sudo -i
before it I am unable to run a command in this format which is becoming rather annoying.
So I was wondering if there is any way to get around this and still run programs and commands in this way?
I am running Ubuntu GNOME 15.10 with GNOME 3.18, and specifically the program I want to run in this fashion is etherape
if that makes any difference, but I would really like the solution to work for all programs and commands.
Solution 1:
Instead of running sudo
in the background, tell sudo
to run the command in the background. From man sudo
:
-b, --background
Run the given command in the background. Note that it is not
possible to use shell job control to manipulate background
processes started by sudo. Most interactive commands will
fail to work properly in background mode.
For example:
sudo -b sleep 10
Another way would be to just use a shell to run the command:
sudo sh -c 'sleep 10 &'
Another option would to specify a graphical program for obtaining the password, and send sudo
to the background anyway:
-A, --askpass
Normally, if sudo requires a password, it will read it from
the user's terminal. If the -A (askpass) option is
specified, a (possibly graphical) helper program is executed
to read the user's password and output the password to the
standard output. If the SUDO_ASKPASS environment variable is
set, it specifies the path to the helper program. Otherwise,
if sudo.conf(5) contains a line specifying the askpass
program, that value will be used. For example:
# Path to askpass helper program
Path askpass /usr/X11R6/bin/ssh-askpass
If no askpass program is available, sudo will exit with an
error.
Askpass programs are typically used for SSH. One such is provided by the ssh-askpass-gnome
package, which is installed by default, at least on Ubuntu 15.10.
SUDO_ASKPASS=/usr/bin/ssh-askpass sudo -A sleep 10 &
Solution 2:
If you're willing to set timestamp_timeout
to at least something like 0.02
(1.2 seconds, I'd say just as safe as 0
) in /etc/sudoers
(needed in your case, but with the default settings or with timestamp_timeout
set to anything but 0
one may just do the following), you could set an alias like this one in ~/.bashrc
, which won't require you to remember to do something before running the command and which will allow you to keep the control of the process.:
alias sudo='sudo -v; [ $? ] && sudo'
The trick here is the semicolon, which will make Bash parse sudo -v
first and separately, authenticating the user, and limit the potential backgrounding part to the [ $? ] && sudo
command, which will check if sudo -v
was succesful and run sudo
again (potentially backgrounding it) in case it was.
$ alias sudo='sudo -v; [ $? ] && sudo'
$ sudo -H gedit &
[sudo] password for user:
[1] 19966
$ jobs
[1]+ Running [ $? ] && sudo -H gedit &
Solution 3:
You can't. The &
sends the command to the background immediately. That is, a subshell is created in the background and the command is executed there. When that command issues a prompt, as is the case of sudo
, the prompt is displayed in the background and you never see it.
The only way around that is to bring the command back to the foreground, provide the password and send it back to the background. For example:
$ sudo command &
$ fg
sudo command
[sudo] password for terdon:
Now, enter your password, hit Enter and then hit CtrlZ to send it back to the background and bg
to tell it to continue running.
A simpler approach would be to never use &
and, instead, send jobs to the background manually with CtrlZ and bg
after launching them.
Finally, you might want to consider setting sudo's password timeout to something like 1 or 2 seconds. That would still give you enough security (unless you're trying to guard against the Flash) and allow you to run commands like that as expected.