Sometime it is necessary to find out if a shell script is being run as root user or not.
When user account created a user ID is assigned to each user. BASH shell stores the user ID in $UID variable. Your effective user ID is stored in $EUID variable. You can
Old way…
You can easily add a simple check at the start of a script:
Check the script is being run by root user
#!/bin/bash # Init FILE="/tmp/out.$$" GREP="/bin/grep" #.... # Make sure only root can run our script if [ "$(id -u)" != "0" ]; then echo "This script must be run as root" 1>&2 exit 1 fi # ...
New way: Using EUID
#!/bin/bash # Init FILE="/tmp/out.$$" GREP="/bin/grep" #.... # Make sure only root can run our script if [[ $EUID -ne 0 ]]; then echo "This script must be run as root" 1>&2 exit 1 fi # ...
Mount /dev/sdb1 only if you are a root
#!/bin/bash if [[ $EUID -ne 0 ]]; then echo "You must be a root user" 2>&1 exit 1 else mount /dev/sdb1 /mnt/disk2 fi
Updated for accuracy and more examples.
🐧 Please support my work on Patreon or with a donation.
🐧 Get the latest tutorials on Linux, Open Source & DevOps via:
🐧 Get the latest tutorials on Linux, Open Source & DevOps via:
- RSS feed or Weekly email newsletter
- Share on Twitter • Facebook • 23 comments... add one ↓
Category | List of Unix and Linux commands |
---|---|
File Management | cat |
Firewall | Alpine Awall • CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04 |
Network Utilities | dig • host • ip • nmap |
OpenVPN | CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04 |
Package Manager | apk • apt |
Processes Management | bg • chroot • cron • disown • fg • jobs • killall • kill • pidof • pstree • pwdx • time |
Searching | grep • whereis • which |
User Information | groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w |
WireGuard VPN | Alpine • CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04 |
You help me with a script. Thank you!
Please fix this, it does not account for SUDO. $(id -u)
I stand corrected.. I guess you have explained it in comments …
/bin/bash is wrong here.
please use #!/usr/bin/env bash or #!/bin/sh
A simpler one-liner:
(( EUID )) && echo ‘You need to be root.’ && exit 1
There are differences between shells and sub shells and also when you are running some commands directly in a shell and from a bash script.
Vivek can you explain me why last command return my normal-user EUID ? Correct me if I wrong, but “sudo ./test.sh†is executing the same command as last one (“sudo echo $EUIDâ€) so why test.sh is returning root`s EUID ?
It is clear, isnt it?
the $EUID will be examined _before_ it is processed via sudo. You pass echo 1000 to sudo, that what it does.
– me
Hello Everyone,
Firstly, great blog!
Secondly:
break@breakdown:~$ ./test.sh
1000
1000
break@breakdown:~$ sudo ./test.sh
0
0
break@breakdown:~$ echo $EUID
1000
break@breakdown:~$ sudo echo $EUID
1000
Vivek can you explain me why last command return my normal-user EUID ? Correct me if I wrong, but “sudo ./test.sh” is executing the same command as last one (“sudo echo $EUID”) so why test.sh is returning root`s EUID ?
OS: Debian Squeeze
the problem with the last command is that $EUID is evaluated before sudo is executed. To get the effect you are looking for you would need to do something like:
sudo bash -c ‘echo $EUID’
Typo @ last example:
echo “You must be a root user” 2>&1
exit 1
has to be
echo “You must be a root user” 1>&2
exit 1
cause you want redirect echo’s stdout to stderr (as it is also done in other examples). 🙂
Just used this in one of my scripts.
Thanks Vivek
Big help, thank you!
An yet another bashism…
@hemanth
‘root’ username is not assured. It could be different. id=0 is what is used inside the kernel to identify the superuser (aka root)
I was using this : [[ `id -un` != root ]] && echo You must be root || mount /dev/sdb1 /mnt/disk2
Guys, please help..am a beginner to shell script and lecture gave this assingment:
1 Write a Shell script to automatically check that a specified user is logged in to the
computer.
The program should allow the person running the script to specify the name of the
user to be checked, the frequency in seconds at which the script should check. If a
checking frequency is not specified, it should default to 60 seconds
The script should check for the specified user and if found should output a message
with a “beep†or “bell†sound to the screen stating that the user is logged in. It should
also output a message to a log file stating that the user is logged in and specifying the
date and time.
If the user is not logged in the script should output a message without any “beepâ€
sound to the screen stating that the user is not logged in.
The script should allow a person running the script to specify the user name on the
command line and optionally, a check frequency in seconds and a third argument “qâ€
“q†. If “q†is present as a third argument, The script should omit any output to the
screen or “beep†sound but should log to a log file the message stating that the user is
logged in and giving the time.
The command to run the script would be as follows:
checklogin username 30 q where “checklogin†is the script name, “username†is the
name of the user, “30†is the optional frequency to check in seconds, and “q†is the
optional argument to suppress screen output.
The script should check that the number of arguments supplied is between 1 and 3 and
if it is not, should terminate with an error message showing the correct syntax for the
command.
.
@Diana
You need to put your code into the global .bashrc file, /etc/bashrc. This will become the default .bashrc. Beware though, if you make a user specific bashrc then you need to import the global bashrc
@ terry
The script works as expected.
I think it’s worth mentioning that $UID & $EUID will not return the desired result if you use sudo to run the script, id -u does however.
Hi,
if you want to redirect a message to stderr using echo you have to use “1>&2” instead of “2>&1”.
For example,
~ >> f(){
> echo “to stdout” 2>&1
> echo “to stderr” 1>&2
> }
~ >> f 2>/dev/null
to stdout #this is printed to stdout
~ >>
bye
may be it was the wrong place to post this.Please help me,
I would like to send mail for each success login.i tried with this,
and place this in /root/.bashrc
#!/bin/bash
echo `last $i | head -1 | awk ‘{print $1″ “$3” “$4” “$5” “$6” “$7}’`|while read output;
do
echo $output
ip=$(echo $output | awk ‘{print $2}’ )
on=$(echo $output | awk ‘{print $3” “$4” “$5}’ )
at=$(echo $output | awk ‘{print $6’} )
echo “User logged in from $ip on $on at $at”|mail -s “Alert: user logged in to server $(hostname) from $ip” ephrondiana@gmail.com
done
but its sending mail for root login only,i need to send mail for users login also.Please help me…
Nice suggestion, the post has been updated.
Make error messages go to STDERR (Standard Error) like they do in other Unix programs. That is the best way to do things.
if [ “$(id -u)” != “0” ]; then
echo “This script must be run as root” 2>&1
exit 1
fi