Monday, May 21, 2007

Using bash functions under sudo

Update: Now on github

Have you ever done the following?

$ type duk
duk is a function
duk ()
   du -k "$@" | sort -n

$ sudo duk /tmp
sudo: duk: command not found
duk is a function that will show you directory sizes under a given pathname (or the current directory), nicely sorted by size, largest at the bottom just above your next prompt. It's very handy, put it in your .bashrc ;-). sudo doesn't know what to do with "duk" however, since it's not a system command. Therefore, I wrote a function that is a front-end to sudo. It parses the command line you give it, and expands any functions or aliases that you call. For bonus points, it shows you the full command line as the shell receives it before you type your password. Use it as follows:
$ source sudo.bash
$ sudo duk /tmp
/opt/local/bin/sudo -- bash -x -v -c duk ()
   du -k "$@" | sort -n
};"duk" '/tmp'
3648    /tmp/synergy-1.3.1/lib
6184    /tmp/synergy-1.3.1
20128   /tmp/prarora
1294048 /tmp/tmp
5304016 /tmp
Looks like I'll need to do some cleaning up in /tmp. Full source follows. To use it, place a source ~/.sudo.bash (for example) in your .bashrc after copying the code to your ~/.sudo.bash, or copy the full code to your .bashrc. Then, simply use sudo as you would before. This function handles all sudo arguments. There is one extra argument, -x, which expands arguments as you, not as root. This is needed in some corner cases. (Update: New version which no longer uses sed and handles spaces in sudo options!)
# Wrap sudo to handle aliases and functions
# Accepts -x as well as regular sudo options: this expands variables as you not root
# Comments and improvements welcome
# Installing: source this from your .bashrc and set alias sudo=sudowrap
#  You can also wrap it in a script that changes your terminal color, like so:
#  function setclr() {
#    local t=0               
#    SetTerminalStyle $1                
#    shift
#    "$@"
#    t=$?
#    SetTerminalStyle default
#    return $t
#  }
#  alias sudo="setclr sudo sudowrap"
#  If SetTerminalStyle is a program that interfaces with your terminal to set its
#  color.

# Note: This script only handles one layer of aliases/functions.

# If you prefer to call this function sudo, uncomment the following
# line which will make sure it can be called that
#typeset -f sudo >/dev/null && unset sudo

sudowrap () 
    local c="" t="" parse=""
    local -a opt
    #parse sudo args
    while getopts xVhlLvkKsHPSb:p:c:a:u: t; do
        if [ "$t" = x ]; then
            let i++
            if [ "$OPTARG" ]; then
                let i++
    shift $(( $OPTIND - 1 ))
    if [ $# -ge 1 ]; then
        case $(type -t "$c") in 
            echo No such command "$c"
            return 127
            c="$(type "$c")"
            # Strip "... is aliased to `...'"
            c="$(type "$c")"
            # Strip first line
            c="${c#* is a function}"
        if [ -n "$parse" ]; then
            # Quote the rest once, so it gets processed by bash.
            # Done this way so variables can get expanded.
            while [ -n "$1" ]; do
                c="$c \"$1\""
            # Otherwise, quote the arguments. The echo gets an extra
            # space to prevent echo from parsing arguments like -n
            while [ -n "$1" ]; do
                c="$c '$t'"
        echo sudo "${opt[@]}" -- bash -xvc \""$c"\" >&2
        command sudo "${opt[@]}" bash -xvc "$c"
        echo sudo "${opt[@]}" >&2
        command sudo "${opt[@]}"
# Allow sudowrap to be used in subshells
export -f sudowrap


steve said...

I think you might want to add "--" to the du command, like so:

du -k -- "$@" | sort -n

This will stop the script failing on any filename starting with a dash. As an example why one would have a filename with dashes in it, I like to "touch /-i" on important machines as a last ditch effort to catch a haywire "rm -r".

Nice wrapper for sudo!

Wout Mertens said...

Wow, I totally missed this comment. Thanks for those 2 hints, good ones!

FiXato said...

Using this with commands that are completely unavailable for the current user, will not work.
For instance with ifconfig:

$ sudo ifconfig
No such command ifconfig

Simon said...

This is a very cool script. Thanks! :)

Wout Mertens said...

@FiXato: actually if you do that without this function, it would still not work:

sudo: ifconfig: command not found

You need to fully qualify the command or have it in your path, e.g. sudo /sbin/ifconfig.

Mark Nyon said...

Thanks much for this script! Makes using aliases a lot simpler.

serious said...

It's simply excellent, thanks a lot !

Bishop said...
This comment has been removed by the author.
Bishop said...

Cool, thanks! A few comments:
1. Doesn't survive set -o nounset. Initializing on local line fixes that:
local c="" o="" t="" parse=""

2. Doesn't work with multi-word prompt, like sudo -p "Ur pass?" function. No work around yet.

3. Should return sudo's exit code for API compatibility. return $? handles that

Wout Mertens said...

Hi Bishop,

thanks for the comments.

1: Fixed, thanks!

2: Fixed :-)

3: It already does that since the sudo is last in the function, are you returning the value in your wrapper? See example in the comments.

Bishop said...

Thanks! On #3, that's right, I always forget the last command's exit code is the function exit code. I guess it's just a matter of preference for me, to be explicit. :)

Luca Borrione said...

Please have a look at for an alternative solution to this issue