When writing bash scripts that perform privileged operations (like accessing protected directories or modifying system files), you need to ensure the script runs with root privileges. Let's implement a robust check at the script's beginning.
The most reliable method is to check the effective user ID (EUID). Root always has EUID=0:
#!/bin/bash
# Check for root privileges
if [[ "$EUID" -ne 0 ]]; then
echo "This script must be run as root or with sudo"
exit 1
fi
# Your privileged commands below
echo "Running with root privileges"
While EUID is preferred, here are other approaches:
# Method 1: Using whoami
if [[ $(whoami) != "root" ]]; then
echo "Please run as root"
exit 1
fi
# Method 2: Testing specific capabilities
if ! [ -w /etc/passwd ]; then
echo "Insufficient privileges"
exit 1
fi
For scripts intended specifically for sudo execution:
#!/bin/bash
# Check if script was invoked with sudo
if [ -z "$SUDO_USER" ]; then
echo "This script requires sudo privileges" >&2
exit 1
fi
# Rest of the script...
Here's a complete implementation for a backup script:
#!/bin/bash
# Privilege check
if [[ $EUID -ne 0 ]]; then
echo "Backup requires root privileges. Use: sudo $0" >&2
exit 1
fi
# Configuration
BACKUP_DIR="/var/www"
OUTPUT_FILE="/backups/web-backup-$(date +%Y%m%d).tar.gz"
# Create backup
echo "Creating backup of $BACKUP_DIR..."
tar -czf "$OUTPUT_FILE" "$BACKUP_DIR"
# Verify
if [ $? -eq 0 ]; then
echo "Backup successful: $OUTPUT_FILE"
ls -lh "$OUTPUT_FILE"
else
echo "Backup failed" >&2
exit 1
fi
Consider these improvements for production scripts:
- Redirect error messages to stderr (>&2)
- Provide meaningful exit codes
- Include --preserve-env when sudo is required
- Consider logging instead of console output
When writing administrative bash scripts that perform sensitive operations like file backups, it's crucial to verify the executing user has sufficient privileges. Here's the most robust way to implement this check:
#!/bin/bash
# Check for root privileges
if [[ $EUID -ne 0 ]]; then
echo "This script must be run as root or with sudo"
exit 1
fi
# Your privileged operations here
echo "Running with root privileges..."
The $EUID variable contains the effective user ID of the current process. Root's EUID is always 0, making this the most reliable way to check privileges. This works regardless of whether the script was run via sudo or as the actual root user.
For scripts that might be called through sudo (where $SUDO_USER would be set), you can provide more detailed feedback:
#!/bin/bash
if [[ $EUID -ne 0 ]]; then
if [[ -v SUDO_USER ]]; then
echo "Error: Sudo privileges were not properly elevated"
else
echo "Error: This script requires root privileges. Please run with sudo."
fi
exit 1
fi
# Proceed with root operations
tar -czvf /backups/system_backup.tar.gz /etc /var
Here's a complete backup script demonstrating privilege checking in context:
#!/bin/bash
# Privilege check function
check_root() {
if [[ $EUID -ne 0 ]]; then
echo "This backup operation requires root privileges" >&2
echo "Please run as: sudo $0" >&2
exit 1
fi
}
# Main backup function
create_backup() {
local BACKUP_DIR="/backups"
local TIMESTAMP=$(date +%Y%m%d_%H%M%S)
local BACKUP_FILE="${BACKUP_DIR}/full_system_${TIMESTAMP}.tar.gz"
mkdir -p "$BACKUP_DIR"
tar --exclude="$BACKUP_DIR" -czvf "$BACKUP_FILE" \
/etc /var /home /usr/local
echo "Backup created at: $BACKUP_FILE"
}
# Execute
check_root
create_backup
Some developers prefer using id -u instead of $EUID. Both are valid, but $EUID is generally preferred as it's a bash built-in variable:
if [[ $(id -u) -ne 0 ]]; then
echo "Root required" >&2
exit 1
fi
When writing scripts that require root:
- Always exit immediately if privileges are insufficient
- Use absolute paths for critical commands
- Consider setting
set -eto exit on errors - Validate all user-provided input