How do I run a sudo command needing password input in the background?

I have recently disabled sudo's authentication caching ability so that it now prompts me for a password every time.

And though this is good for security, it has caused one slight problem which I haven't been able to figure out a solution for, I am unable to run commands which go along the lines of:

sudo <command> &

In the past I would have run a sudo command before that, it would have cached my password and allowed me to run sudo commands without prompt for the next few minutes, and thus it would allow me to run the command.
But when I run it now as there is no caching before hand and as it starts a new thread immediately and sudo doesn't even prompt me for a password, I am unable to run it in this way.

So unless I run sudo -i before it I am unable to run a command in this format which is becoming rather annoying.
So I was wondering if there is any way to get around this and still run programs and commands in this way?

I am running Ubuntu GNOME 15.10 with GNOME 3.18, and specifically the program I want to run in this fashion is etherape if that makes any difference, but I would really like the solution to work for all programs and commands.


Solution 1:

Instead of running sudo in the background, tell sudo to run the command in the background. From man sudo:

-b, --background
     Run the given command in the background.  Note that it is not
     possible to use shell job control to manipulate background
     processes started by sudo.  Most interactive commands will
     fail to work properly in background mode.

For example:

sudo -b sleep 10

Another way would be to just use a shell to run the command:

sudo sh -c 'sleep 10 &'

Another option would to specify a graphical program for obtaining the password, and send sudo to the background anyway:

-A, --askpass
     Normally, if sudo requires a password, it will read it from
     the user's terminal.  If the -A (askpass) option is
     specified, a (possibly graphical) helper program is executed
     to read the user's password and output the password to the
     standard output.  If the SUDO_ASKPASS environment variable is
     set, it specifies the path to the helper program.  Otherwise,
     if sudo.conf(5) contains a line specifying the askpass
     program, that value will be used.  For example:

         # Path to askpass helper program
         Path askpass /usr/X11R6/bin/ssh-askpass

     If no askpass program is available, sudo will exit with an
     error.

Askpass programs are typically used for SSH. One such is provided by the ssh-askpass-gnome package, which is installed by default, at least on Ubuntu 15.10.

SUDO_ASKPASS=/usr/bin/ssh-askpass sudo -A sleep 10 &

Solution 2:

If you're willing to set timestamp_timeout to at least something like 0.02 (1.2 seconds, I'd say just as safe as 0) in /etc/sudoers (needed in your case, but with the default settings or with timestamp_timeout set to anything but 0 one may just do the following), you could set an alias like this one in ~/.bashrc, which won't require you to remember to do something before running the command and which will allow you to keep the control of the process.:

alias sudo='sudo -v; [ $? ] && sudo'

The trick here is the semicolon, which will make Bash parse sudo -v first and separately, authenticating the user, and limit the potential backgrounding part to the [ $? ] && sudo command, which will check if sudo -v was succesful and run sudo again (potentially backgrounding it) in case it was.

$ alias sudo='sudo -v; [ $? ] && sudo'
$ sudo -H gedit &
[sudo] password for user:
[1] 19966
$ jobs
[1]+  Running                 [ $? ] && sudo -H gedit &

Solution 3:

You can't. The & sends the command to the background immediately. That is, a subshell is created in the background and the command is executed there. When that command issues a prompt, as is the case of sudo, the prompt is displayed in the background and you never see it.

The only way around that is to bring the command back to the foreground, provide the password and send it back to the background. For example:

$ sudo command &
$ fg
sudo command
[sudo] password for terdon: 

Now, enter your password, hit Enter and then hit CtrlZ to send it back to the background and bg to tell it to continue running.

A simpler approach would be to never use & and, instead, send jobs to the background manually with CtrlZ and bg after launching them.

Finally, you might want to consider setting sudo's password timeout to something like 1 or 2 seconds. That would still give you enough security (unless you're trying to guard against the Flash) and allow you to run commands like that as expected.