How to create a text file in Ruby owned by root?
Clash Royale CLAN TAG#URR8PPP
How to create a text file in Ruby owned by root?
It's trivially easy in Ruby to create a text file as the current user using File.write, but if I want the file to be owned by root, it becomes a lot more complicated.
File.write
I realize that I could run the Ruby script itself with sudo but would prefer not to do that.
sudo
How can I do this?
chown root <filename>
sudo chown root <filename>
sudoers
So one way or another, somewhere along the line you're going to need
sudo permission. This could be at a the initial command line call, or invoked later on in the script, or (with extreme caution) you could set the sticky bit in the permission. But you cannot change a file owner to root without superuser permissions having been granted somewhere.– Tom Lord
Aug 10 at 9:42
sudo
root
Yes, I realize that I need to use
sudo. My point was that I did not want the entire script to be run with sudo, just the specific commands that needed it. The answer below is my own and illustrates what I mean.– Keith Bennett
Aug 10 at 9:54
sudo
1 Answer
1
Rather than trying to create or open the file as root (which I believe is impossible if the Ruby script has been started as a nonroot user), the file can be created as the current user first and then have its ownership and permissions changed.
As a practical matter it probably makes sense to use Ruby's Tempfile functionality to create the initial file, since it eliminates the need to determine a unique filename and will not require that the current directory be writable. Here is the code I came up with (it's also posted at https://gist.github.com/keithrbennett/2c6f53351bf9cdb0bbbfd3f7f97dc91c). The module is defined and the call to it is on the last line. I've made some assumptions, e.g. that the file should be world readable:
Tempfile
#!/usr/bin/env ruby
require 'tempfile'
module SudoFileWriter
module_function
# Writes passed text to a temp file.
# @return the filespec of the temp file.
def write_to_temp_file(text)
filespec = nil
Tempfile.open do |file|
file.write(text)
filespec = file.path
end
filespec
end
def write_to_root_file(filespec, text)
temp_filespec = write_to_temp_file(text)
commands = [
"sudo chown root:wheel #temp_filespec",
"sudo mv #temp_filespec #filespec",
"sudo chmod +r #filespec"
]
puts "Running commands for file #filespec:nn"; puts commands
`#commands.join(' && ')`
end
def call(filespec, object_to_write)
write_to_root_file(filespec, object_to_write.to_s)
end
end
# .() is shorthand for .call().
# `module_function` above results in all methods being both module level
# and instance level methods, so we can call directly on the module object.
SudoFileWriter.('root-owned-file.txt', "The time is now #Time.now.n")
Output looks like this:
Running commands for file root-owned-file.txt:
sudo chown root:wheel /var/folders/bk/8y3jvjs53qs9wlqtpzqq6_080000gn/T/20180810-9981-124bxcl
sudo mv /var/folders/bk/8y3jvjs53qs9wlqtpzqq6_080000gn/T/20180810-9981-124bxcl root-owned-file.txt
sudo chmod +r root-owned-file.txt
Password:
The time is now 2018-08-10 16:01:05 +0700.
By clicking "Post Your Answer", you acknowledge that you have read our updated terms of service, privacy policy and cookie policy, and that your continued use of the website is subject to these policies.
Forget ruby for a moment -- are you able to
chown root <filename>? Presumable no, you needsudo chown root <filename>(and possibly enter a password); and this will only work if you are in thesudoersfile. If a ruby script - or any script for that matter - were able to bypass this security policy, then it would be a huge vulnerability in unix systems.– Tom Lord
Aug 10 at 9:40