Updated 2014-12-28 15:29:49 by dkf

The Unix program sudo[1] allows normal users to run particular programs (or arbitrary ones, depending on configuration) with superuser privileges without having to know the root password; instead, it verifies your own password and then checks whether you are allowed to do what you request. It's an extremely useful tool that helps people administer their systems without the risk of running as root the whole time. — DKF

MAKR 2009-02-25: Sorry, Donal, I cannot leave that uncommented. The understanding as stated above is, well, lets say, a bit limiting... The current description as found on the above referenced website is more open and fits better:
Sudo (su "do") allows a system administrator to delegate authority to give certain users (or groups of users) the ability to run some (or all) commands as root or another user while providing an audit trail of the commands and their arguments.

DKF: From a user/scripter perspective, they're the same. The big benefits come from being able to allow users to execute commands in a straight-forward fashion without retaining root perms, and from not needing to tell everyone the root password. The other bits are administrative details.

MAKR: root privileges are not necessarily meant: sudo -u allows to run as another user.

One further sentence with regard to the password. Current Linux distributions setup sudo in a way that it requires the root password!
DKF: Well that's deeply stupid. But which distros are you talking about? (It's also outside the scope of Tcl...)

MAKR: it is - and I know from openSUSE, that they have Defaults targetpw together with ALL ALL=(ALL) ALL which makes sudo almost completely useless ...

Someone is confused about Linux and sudo. Ubuntu Linux configures sudo such that you do not use root at all except by using sudo. There is not really a root user, but only root access which can be gained using sudo.[2] There is no root password, only user passwords.
DKF: That's pretty much the standard way of setting it up. Doing it the other way requires a special dose of stupidity...

Googie wrote: Any idea how to get superuser rights by tcl script? It's easy under expect, but I have to do it in clear tcl (without packages). Well? Thanks

MGS [2003/05/08] - What superuser rights are you after? Superuser execute right? Or superuser file access rights?

Have you tried using 'sudo'? The -S option enables reading password on stdin.

You could use this rough code as a basis:
proc sudo:passwd {pipe} {
   puts "sudo:passwd \[$pipe\]"
   catch {puts $pipe mypass}
   fileevent $pipe writable {}
}
 
proc sudo:read {pipe} {
   puts "sudo:read \[$pipe\]"
   variable $pipe
   upvar  0 $pipe _
   set chars [gets $pipe line]
   puts "  read \[$line\] ($chars chars)"
   append _(stdout) $line\n
   if { [eof $pipe] } {
      puts "  got eof"
      fileevent $pipe readable {}
      fileevent $pipe writable {}
      if { [catch {close $pipe} code] } {
         puts "  Got error closing sudo pipe"
         puts "  \[$::errorCode\] $code"
      } else {
         puts "  Successfully closed sudo pipe"
         puts "  code = \[$code\]"
      }
      set _(done) 1
   }
}
 
proc sudo:run {args} {
   set cmd [eval concat $args]
   puts "cmd = \[$cmd\]"
   set list [concat [list sudo -S] $cmd [list 2>&1]]
   puts "list = \[$list\]"
   if { [catch {open |$list r+} pipe] } {
      puts "\[$::errorCode\] $pipe"
   } else {
      puts "  open returned \[$pipe\]"
      fconfigure $pipe -buffering none -blocking 1
      fileevent  $pipe writable [list sudo:passwd $pipe]
      fileevent  $pipe readable [list sudo:read   $pipe]
   }
   variable $pipe
   upvar  0 $pipe _
   set _(done) 1
   set _(stdout) ""
   set ns [namespace current]
   if { [string equal $ns ::] } { set ns "" }
   return ${ns}::$pipe
}
 
set sudo [sudo:run [list ls -l /root]]
vwait ${sudo}(done)
puts "  sudo = \[$sudo\]"
upvar #0 $sudo array
parray array

Note you'll have to change 'mypass' in sudo:passwd to whatever your password is.

If you're after superuser rights to read protected files, you could always use 'cat' ...

[Tim Jones] [3] and Daniel Steffen [4] [... advice ...]

MAKR (2009-02-24): Keep in mind that if you are using sudo -S, you need to sudo -K before! In a subsequent call sudo may otherwise just pipe the password to stdin of the called program.

Also note that sudo is highly configurable. You should document your expectations, especially if you do not control the environment (privileges, password, prompt, environment variables, etc...).

Category SecurityCategory Unix