How to Run Shell Scripts with Sudo Command in Linux

sudo is a powerful command line tool that enables a “permitted user” to run a command as another user (the superuser by default), as defined by a security policy. On most if not all Linux systems, the security policy is driven by the /etc/sudoers file.

Read Also: 10 Useful Sudoers Configurations for Setting ‘sudo’ in Linux

Therefore, to run a shell script or program as root, you need to use sudo command. However, sudo only recognizes and runs commands that exist in directories specified in the secure_path in the /etc/sudoers, unless a command is present in the secure_path, you’ll counter an error such as the one below.

This will happen even if the script exists in a directory in the PATH environmental variable, because when a user invokes sudo, PATH is replaced with secure_path.

$ echo  $PATH
$ ls  -l
$ sudo proconport.sh 80
Sudo Error While Running Script

Sudo Error While Running Script

In the above scenario, the directory /home/aaronkilik/bin is in the PATH environment variable and we are trying to run the script /home/aaronkilik/bin/proconport.sh (finds process listening on a port) with root privileges.

Then we encountered the error “sudo: proconport.sh: command not found”, since /home/aaronkilik/bin is not in the sudo secure_path as shown in next screenshot.

Check Sudo Secure Path

Check Sudo Secure Path

To fix this, we need to add the directory containing our scripts in the sudo secure_path by using the visudo command by editing /etc/sudoers file as follows.

$ sudo visudo

Attention: This method has serious security implications especially on servers running on the Internet. This way, we risk exposing our systems to various attacks, because an attacker who manages to gain access to an unsecure (without superuser privileges) directory that has been added to secure_path, can run a malicious script/program with sudo command.

For security reason, do check out the following article from the sudo website explains a vulnerability relating to secure_path: https://www.sudo.ws/sudo/alerts/secure_path.html

Preferably, we can provide the absolute path to a script while running it with sudo:

$ sudo ./proconport.sh 80
Run Script Using Sudo Command

Run Script Using Sudo Command

That’s It! You may follow list of articles about sudo command:

  1. How to Run ‘sudo’ Command Without Entering a Password in Linux
  2. How to Keep ‘sudo’ Password Timeout Session Longer in Linux
  3. How to Fix “Username is not in the sudoers file. This incident will be reported” in Ubuntu
  4. Let Sudo Insult You When You Enter Incorrect Password

If you have any questions or thoughts concerning this article, share with us via the comment form below.

Best Affordable Linux and WordPress Services For Your Business
Outsource Your Linux and WordPress Project and Get it Promptly Completed Remotely and Delivered Online.

If You Appreciate What We Do Here On TecMint, You Should Consider:

  1. Stay Connected to: Twitter | Facebook | Google Plus
  2. Subscribe to our email updates: Sign Up Now
  3. Get your own self-hosted blog with a Free Domain at ($3.45/month).
  4. Become a Supporter - Make a contribution via PayPal
  5. Support us by purchasing our premium books in PDF format.
  6. Support us by taking our online Linux courses

We are thankful for your never ending support.

Aaron Kili

Aaron Kili is a Linux and F.O.S.S enthusiast, an upcoming Linux SysAdmin, web developer, and currently a content creator for TecMint who loves working with computers and strongly believes in sharing knowledge.

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide

You may also like...

4 Responses

  1. Kelly Clarke says:

    I seem to always turn to tecmint for just about everything. Thanks for all you do. This has become my main go to site.

  2. Jon says:

    Thanks – I learned something today. :)

    However, hoping you might be able to advise why this occurs?

    $ sudo cat /etc/sudoers | grep secure_path
    Defaults        secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
    $ sudo echo $secure_path
    

    No output? Shouldn’t $secure_path be set?

    • Aaron Kili says:

      @Jon

      secure_path is a configuration option for sudo command not the shell environment. The directories in it can only be viewed or set by opening the /etc/sudoers file.

Leave a Reply to Kelly Clarke Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.