Run script as root at login (no sudoer user, shell session)

Much like /etc/profile and ~/.profile but ran by root instead of the user is doing login. /etc/rc.local runs after boot but I need running the script before login. The user is not a sudoer one.

Thanks!


Just to go back to the sudoers method, I think you were almost there before you gave up. Looking at your latest comments, I'd just like to address something that will probably fix things for you:

If you run a script as root, you don't need to call sudo from within it.

I have a script like this:

#! /bin/bash

echo $USER
whoami

If I run sudo ./myscript I see root returned for both those. The session that script is running in is a root shell.

In short that means that everything you do in your script already has root permissions. You don't need to call sudo (not that it should hurt - root usually has sudo permissions).

So write your script, chown it to root and chmod it to 700 (so only root can run, read, or edit it) and then just allow your user[s] to run it through sudoers. That should work.

If it's not working, it's likely a bigger issue with the script, not the permissions framework. I'd suggest giving a user full sudo access (adding to admin group is the easiest way) and then running your script.


Step 1. create a script with the bind command using any editor. For example:

sudo emacs bind_user_directories.sh

contents:

#!/bin/bash

#NOTE: this file would be placed in /usr/local/sbin/ folder as bind_user_directories.sh
#alternatively it could be placed in /etc/init.d/ ... (I guess)

### BEGIN INIT INFO
# Provides:          bind_user_directories
# Required-Start:    
# Required-Stop:     
# Should-Start:      $named
# Default-Start:     0 2 3 4 5 6 (I guess...)
# Default-Stop:      1
# Short-Description: mount --bind for a user
# Description:       runs mount --bind command for certain pre-defined directories for a specific user
### END INIT INFO

# What is this?
DESC="bind_user_directories"

# See how we were called.
case "$1" in

    start)
        log_progress_msg "bind directories for user..."
        sudo mount --bind /source/path /target/path
        log_progress_msg "done: bind directories for user"
        ;;

    stop)
        log_progress_msg "umount --bind directories for user..."
        sudo umount /target/path
        log_progress_msg "done: unbind directories for user"
        ;;

    restart)
        $0 stop
        sleep 1
        $0 start
        ;;

    *)
        #log_success_msg "Usage: bind_user_directories {start|stop|restart}"
        log_success_msg "Usage: service bind_user_directories <start|stop|restart>"
        exit 1
        ;;
esac

exit 0

Step 2. save bind_user_directories.sh and make it executable:

chmod a+x bind_user_directories.sh

Step 3. link it to a suitable location such as /usr/local/sbin:

sudo ln -s bind_user_directories.sh /usr/local/sbin/bind_user_directories.sh

Step 4. create the upstart script:

sudo emacs /etc/init/bind_user_directories.conf

contents:

description "runs mount --bind command for certain pre-defined directories for a specific user"

start on filesystem and net-device-up IFACE!=lo

stop on runlevel [!023456]
console output
respawn
respawn limit 10 5

exec /usr/local/sbin/bind_user_directories.sh start

If this works for you, please let me know. You can check system log for messages after logging in. (I didn't test it yet and I have never implemented anything like this before.) If you improve to the solution, please share your final solution here. Thanks.