How to Run Shell Scripts with Sudo Command in Linux

sudo is a powerful command line tool that enables a “permitted user” to run a command as another user (the superuser by default), as defined by a security policy. On most if not all Linux systems, the security policy is driven by the /etc/sudoers file.

Read Also: 10 Useful Sudoers Configurations for Setting ‘sudo’ in Linux

Therefore, to run a shell script or program as root, you need to use sudo command. However, sudo only recognizes and runs commands that exist in directories specified in the secure_path in the /etc/sudoers, unless a command is present in the secure_path, you’ll counter an error such as the one below.

This will happen even if the script exists in a directory in the PATH environmental variable, because when a user invokes sudo, PATH is replaced with secure_path.

$ echo  $PATH
$ ls  -l
$ sudo proconport.sh 80
Sudo Error While Running Script
Sudo Error While Running Script

In the above scenario, the directory /home/aaronkilik/bin is in the PATH environment variable and we are trying to run the script /home/aaronkilik/bin/proconport.sh (finds process listening on a port) with root privileges.

Then we encountered the error “sudo: proconport.sh: command not found”, since /home/aaronkilik/bin is not in the sudo secure_path as shown in next screenshot.

Check Sudo Secure Path
Check Sudo Secure Path

To fix this, we need to add the directory containing our scripts in the sudo secure_path by using the visudo command by editing /etc/sudoers file as follows.

$ sudo visudo

Attention: This method has serious security implications especially on servers running on the Internet. This way, we risk exposing our systems to various attacks, because an attacker who manages to gain access to an unsecure (without superuser privileges) directory that has been added to secure_path, can run a malicious script/program with sudo command.

For security reason, do check out the following article from the sudo website explains a vulnerability relating to secure_path: https://www.sudo.ws/sudo/alerts/secure_path.html

Preferably, we can provide the absolute path to a script while running it with sudo:

$ sudo ./proconport.sh 80
Run Script Using Sudo Command
Run Script Using Sudo Command

That’s It! You may follow list of articles about sudo command:

  1. How to Run ‘sudo’ Command Without Entering a Password in Linux
  2. How to Keep ‘sudo’ Password Timeout Session Longer in Linux
  3. How to Fix “Username is not in the sudoers file. This incident will be reported” in Ubuntu
  4. Let Sudo Insult You When You Enter Incorrect Password

If you have any questions or thoughts concerning this article, share with us via the comment form below.

Hey TecMint readers,

Exciting news! Every month, our top blog commenters will have the chance to win fantastic rewards, like free Linux eBooks such as RHCE, RHCSA, LFCS, Learn Linux, and Awk, each worth $20!

Learn more about the contest and stand a chance to win by sharing your thoughts below!

Aaron Kili
Aaron Kili is a Linux and F.O.S.S enthusiast, an upcoming Linux SysAdmin, web developer, and currently a content creator for TecMint who loves working with computers and strongly believes in sharing knowledge.

Each tutorial at TecMint is created by a team of experienced Linux system administrators so that it meets our high-quality standards.

Join the TecMint Weekly Newsletter (More Than 156,129 Linux Enthusiasts Have Subscribed)
Was this article helpful? Please add a comment or buy me a coffee to show your appreciation.

5 Comments

Leave a Reply
  1. Sure would have been nice to include *HOW* to “edit with visudo” in this tutorial.

    The program seems to have zero instructions, and most folks will have never used it before.

    Reply
  2. I seem to always turn to tecmint for just about everything. Thanks for all you do. This has become my main go to site.

    Reply
  3. Thanks – I learned something today. :)

    However, hoping you might be able to advise why this occurs?

    $ sudo cat /etc/sudoers | grep secure_path
    Defaults        secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
    $ sudo echo $secure_path
    

    No output? Shouldn’t $secure_path be set?

    Reply
    • @Jon

      secure_path is a configuration option for sudo command not the shell environment. The directories in it can only be viewed or set by opening the /etc/sudoers file.

      Reply

Got Something to Say? Join the Discussion...

Thank you for taking the time to share your thoughts with us. We appreciate your decision to leave a comment and value your contribution to the discussion. It's important to note that we moderate all comments in accordance with our comment policy to ensure a respectful and constructive conversation.

Rest assured that your email address will remain private and will not be published or shared with anyone. We prioritize the privacy and security of our users.