From 275f083a33402821f789d8f4ebaff75b796dc0c2 Mon Sep 17 00:00:00 2001 From: Dev & Sec Date: Mon, 2 Nov 2015 00:55:29 +0000 Subject: [PATCH 1/6] Use su if sudo is not available, this fixes #1148 --- letsencrypt-auto | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/letsencrypt-auto b/letsencrypt-auto index d163998aa..e14b099a9 100755 --- a/letsencrypt-auto +++ b/letsencrypt-auto @@ -14,7 +14,15 @@ VENV_PATH=${VENV_PATH:-"$XDG_DATA_HOME/$VENV_NAME"} VENV_BIN=${VENV_PATH}/bin if test "`id -u`" -ne "0" ; then - SUDO=sudo + if type sudo &>/dev/null; then + SUDO=sudo + else + args=("$@") + for i in "${!args[@]}"; do + args[$i]="'$(printf "%s" "${args[$i]}" | sed -e "s/'/'\"'\"'/g")' " + done + exec su root -c "$0 ${args[*]}" + fi else SUDO= fi From 8bad8de1c673ee21f8cbdb7dcec1bc425586ba6d Mon Sep 17 00:00:00 2001 From: Dev & Sec Date: Mon, 2 Nov 2015 21:49:22 +0000 Subject: [PATCH 2/6] not running the letsencrypt-auto script as root, but use su if sudo not found --- letsencrypt-auto | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/letsencrypt-auto b/letsencrypt-auto index e14b099a9..514f03f46 100755 --- a/letsencrypt-auto +++ b/letsencrypt-auto @@ -14,15 +14,16 @@ VENV_PATH=${VENV_PATH:-"$XDG_DATA_HOME/$VENV_NAME"} VENV_BIN=${VENV_PATH}/bin if test "`id -u`" -ne "0" ; then - if type sudo &>/dev/null; then - SUDO=sudo - else - args=("$@") - for i in "${!args[@]}"; do - args[$i]="'$(printf "%s" "${args[$i]}" | sed -e "s/'/'\"'\"'/g")' " - done - exec su root -c "$0 ${args[*]}" + if ! type sudo &>/dev/null; then + function sudo (){ + args=("$@") + for i in "${!args[@]}"; do + args[$i]="'$(printf "%s" "${args[$i]}" | sed -e "s/'/'\"'\"'/g")' " + done + su root -c "${args[*]}" + } fi + SUDO=sudo else SUDO= fi From ed173d9c9aac7b0e9b2ffeb782b42ef6663cc58e Mon Sep 17 00:00:00 2001 From: Dev & Sec Date: Tue, 3 Nov 2015 22:22:49 +0000 Subject: [PATCH 3/6] fix sh compatibility --- letsencrypt-auto | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/letsencrypt-auto b/letsencrypt-auto index 514f03f46..cfc830c9f 100755 --- a/letsencrypt-auto +++ b/letsencrypt-auto @@ -15,12 +15,13 @@ VENV_BIN=${VENV_PATH}/bin if test "`id -u`" -ne "0" ; then if ! type sudo &>/dev/null; then - function sudo (){ - args=("$@") - for i in "${!args[@]}"; do - args[$i]="'$(printf "%s" "${args[$i]}" | sed -e "s/'/'\"'\"'/g")' " + sudo() { + args="" + while [ $# -ne 0 ]; do + args="$args'$(printf "%s" "$1" | sed -e "s/'/'\"'\"'/g")' " + shift done - su root -c "${args[*]}" + su root -c "$args" } fi SUDO=sudo From 5c8ad3666b9bef423e846453c50450b32a3d983d Mon Sep 17 00:00:00 2001 From: Dev & Sec Date: Tue, 3 Nov 2015 22:34:07 +0000 Subject: [PATCH 4/6] fix sudo function name scope issue, it is not a local function --- letsencrypt-auto | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/letsencrypt-auto b/letsencrypt-auto index cfc830c9f..c352482a2 100755 --- a/letsencrypt-auto +++ b/letsencrypt-auto @@ -14,8 +14,10 @@ VENV_PATH=${VENV_PATH:-"$XDG_DATA_HOME/$VENV_NAME"} VENV_BIN=${VENV_PATH}/bin if test "`id -u`" -ne "0" ; then - if ! type sudo &>/dev/null; then - sudo() { + if type sudo &>/dev/null; then + SUDO=sudo + else + su_sudo() { args="" while [ $# -ne 0 ]; do args="$args'$(printf "%s" "$1" | sed -e "s/'/'\"'\"'/g")' " @@ -23,8 +25,8 @@ if test "`id -u`" -ne "0" ; then done su root -c "$args" } + SUDO=su_sudo fi - SUDO=sudo else SUDO= fi From a7de3d59dadd9d3dfc88c8a684a4f9b939398739 Mon Sep 17 00:00:00 2001 From: Dev & Sec Date: Tue, 3 Nov 2015 22:46:56 +0000 Subject: [PATCH 5/6] fix `dash` compatibility issue caused by `&>` redirect symbol --- letsencrypt-auto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/letsencrypt-auto b/letsencrypt-auto index c352482a2..8626ab329 100755 --- a/letsencrypt-auto +++ b/letsencrypt-auto @@ -14,7 +14,7 @@ VENV_PATH=${VENV_PATH:-"$XDG_DATA_HOME/$VENV_NAME"} VENV_BIN=${VENV_PATH}/bin if test "`id -u`" -ne "0" ; then - if type sudo &>/dev/null; then + if type sudo 1>/dev/null 2>&1; then SUDO=sudo else su_sudo() { From 9c12102d0bb4ca5d1e002e6e6e09813ff9bf4412 Mon Sep 17 00:00:00 2001 From: Dev & Sec Date: Sun, 8 Nov 2015 10:26:15 +0000 Subject: [PATCH 6/6] use `command -v` instead of `type`, and add comments for the `su_sudo` function --- letsencrypt-auto | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/letsencrypt-auto b/letsencrypt-auto index 8626ab329..ce58488c4 100755 --- a/letsencrypt-auto +++ b/letsencrypt-auto @@ -14,11 +14,24 @@ VENV_PATH=${VENV_PATH:-"$XDG_DATA_HOME/$VENV_NAME"} VENV_BIN=${VENV_PATH}/bin if test "`id -u`" -ne "0" ; then - if type sudo 1>/dev/null 2>&1; then + if command -v sudo 1>/dev/null 2>&1; then SUDO=sudo else + # `sudo` command does not exist, use `su` instead. + # Because the parameters in `su -c` has to be a string, + # we need properly escape it su_sudo() { args="" + # This `while` loop iterates over all parameters given to this function. + # For each parameter, all `'` will be replace by `'"'"'`, and the escaped string + # will be wrap in a pair of `'`, then append to `$args` string + # For example, `echo "It's only 1\$\!"` will be escaped to: + # 'echo' 'It'"'"'s only 1$!' + # │ │└┼┘│ + # │ │ │ └── `'s only 1$!'` the literal string + # │ │ └── `\"'\"` is a single quote (as a string) + # │ └── `'It'`, to be concatenated with the strings followed it + # └── `echo` wrapped in a pair of `'`, it's totally fine for the shell command itself while [ $# -ne 0 ]; do args="$args'$(printf "%s" "$1" | sed -e "s/'/'\"'\"'/g")' " shift