Differences

This shows you the differences between two versions of the page.

--- pages:howtos:bash:bash-confusion-with-file-redirection-and-sudo [2021/02/11 13:53] – created mischerh
+++ pages:howtos:bash:bash-confusion-with-file-redirection-and-sudo [2021/12/09 21:57] (current) – [So how to actually redirect output to a file as root?] rokkitlawnchair
@@ Line 1: / Line 1: @@
 {{tag>bash howto redirection sudo tee}}
 ====== Confusion With File Redirection And sudo ======
-===== Source =====
-  * http://giedrius.blog/2017/10/31/confusion-with-file-redirection-and-sudo/
+<WRAP center round alert 60%>
+Local copy of: http://giedrius.blog/2017/10/31/confusion-with-file-redirection-and-sudo/
+</WRAP>
 ===== Introduction =====
@@ Line 16: / Line 19: @@
 Next we will review the code of two popular shells: GNU/Bash and the Z shell, to see how they realize this functionality in code.
-How do popular shells implement this
+===== How do popular shells implement this =====
-------------------------------------
+GNU/Bash uses the [[https://www.gnu.org/software/bison/|GNU/Bison project]] for specifying the input command syntax. The syntax file is written in the [[https://tldp.org/HOWTO/Lex-YACC-HOWTO-4.html|yacc format]]. You can find the special syntax described in the //parse.y// file, in the root directory of GNU/Bash source. There are two special types defined: redirection and redirection_list. Here is an excerpt from //parse.y// file which defines how redirecting **stdout** to a file works or how passing a file to **stdin** works:
-GNU/Bash uses the GNU/Bison project for specifying the input command syntax. The syntax file is written in the yacc format. You can find the special syntax described in the parse.y file, in the root directory of GNU/Bash source. There are two special types defined: redirection and redirection_list. Here is an excerpt from parse.y file which defines how redirecting stdout to a file works or how passing a file to stdin works:
+<sxh bash>
 redirection:	'>' WORD
 			{
@@ Line 27: / Line 29: @@
 			  $$ = make_redirection (source, r_output_direction, redir, 0);
 			}
-	|	'<' WORD
+        |        '<' WORD
 			{
 			  source.dest = 0;
@@ Line 33: / Line 35: @@
 			  $$ = make_redirection (source, r_input_direction, redir, 0);
 			}
-		| ...
+        | ...
+</sxh>
 And here is the excerpt which shows that the redirection list goes after a command:
+<sxh bash>
 command:	simple_command
 			{ $$ = clean_simple_command ($1); }
@@ Line 47: / Line 49: @@
 			}
 	|	...
+</sxh>
+My point is that you can see that GNU/Bash really has a special syntax for file redirection, it is **not** passed to sudo. The shell command is separate from the redirection list. With the Z shell it is a bit different because there is no one single place where the grammar is defined. Instead, it has a big file dedicated for the hand-rolled parsing engine that is written in C. Thus, it will not be possible to present the whole file but here are the excerpts from the file which prove to you once again that the file redirection feature is indeed based on a special syntax, it is not passed to the actual binary as arguments. In the Z shell source code, //Src/parse.c// we can find this comment:
-My point is that you can see that GNU/Bash really has a special syntax for file redirection, it is not passed to sudo. The shell command is separate from the redirection list. With the Z shell it is a bit different because there is no one single place where the grammar is defined. Instead, it has a big file dedicated for the hand-rolled parsing engine that is written in C. Thus, it will not be possible to present the whole file but here are the excerpts from the file which prove to you once again that the file redirection feature is indeed based on a special syntax, it is not passed to the actual binary as arguments. In the Z shell source code, Src/parse.c we can find this comment:
+<sxh cpp>
 /*
  * cmd : { redir } ( for | case | if | while | repeat |
@@ Line 57: / Line 59: @@
  * zsh_construct is passed through to par_subsh(), q.v.
  */
+</sxh>
 Indeed, redirection is parsed later in the function that is responsible for parsing the command:
+<sxh cpp>
 static int
 par_cmd(int *cmplx, int zsh_construct)
@@ Line 103: / Line 105: @@
 	return 1;
 }
+</sxh>
-As you can see, the redirections may be at either the end or the beginning of the command. Let me repeat again: file redirection is special syntax and it is not passed to the actual thing being run. The GNU/Bash shell supports the file redirection syntax at the beginning of the line as well but I have just decided to not include it for brevity.
+As you can see, the redirections may be at either the end or the beginning of the command. Let me repeat again: file redirection is **special syntax** and it is not passed to the actual thing being run. The GNU/Bash shell supports the file redirection syntax at the beginning of the line as well but I have just decided to not include it for brevity.
-So how to actually redirect output to a file as root?
------------------------------------------------------
-I guess the most popular solution to this is to simply use a pipe to redirect output to a file. I am not sure but probably the program, tee(1), was made for this purpose. Or it was made as an extension of the tee system call but still it is the perfect tool to solve our issue. So, the solution to this problem would be:
+===== So how to actually redirect output to a file as root? =====
+I guess the most popular solution to this is to simply use a pipe to redirect output to a file. I am not sure but probably the program, [[https://man7.org/linux/man-pages/man1/tee.1.html|tee(1)]], was made for this purpose. Or it was made as an extension of the tee system call but still it is the perfect tool to solve our issue. So, the solution to this problem would be:
+<sxh bash>
 echo "hi" | sudo tee /tmp/test >&-
+</sxh>
+This will at first (probably, depending on your set up) ask for your password. Then, “hi” will be written to a file descriptor which will get passed on to tee(1). Then, [[https://man7.org/linux/man-pages/man1/tee.1.html|tee(1)]] will dump everything into ///tmp/test//. The ''>&- (or >/dev/null)'' is needed so that [[https://man7.org/linux/man-pages/man1/tee.1.html|tee(1)]] would not output anything. [[https://man7.org/linux/man-pages/man1/tee.1.html|tee(1)]], unfortunately, copies the content from standard input to standard output as well.
-This will at first (probably, depending on your set up) ask for your password. Then, “hi” will be written to a file descriptor which will get passed on to tee(1). Then, tee(1) will dump everything into /tmp/test. The >&- (or >/dev/null) is needed so that tee(1) would not output anything. tee(1), unfortunately, copies the content from standard input to standard output as well.
+Another way to solve this is to pass more commands to run via root either by using the **-s** //sudo// option. For example, this works:
+<sxh bash>
-Another way to solve this is to pass more commands to run via root either by using the -s sudo option. For example, this works:
 sudo -s <<EOF
 exec >/tmp/test
 echo "hi"
 EOF
+</sxh>
+Or, run another shell using //sudo// which will redirect everything to ///tmp/test//:
-Or, run another shell using sudo which will redirect everything to /tmp/test:
+<sxh bash>
 sudo /bin/bash -c 'exec >/tmp/test; echo "hi"'
+</sxh>
+Or, run a script with //sudo// which will internally redirect **stdout** to ///tmp/test//:
-Or, run a script with sudo which will internally redirect stdout to /tmp/test:
+<sxh bash>
 cat >./script.sh <<EOF
 exec >/tmp/test
@@ Line 138: / Line 139: @@
 chmod +x ./script.sh
 sudo ./script.sh
+</sxh>
 Obviously, there are more (complex) ways how you could achieve this but these are the main methods. You are free to adopt these examples to your own case. Please comment if you find any errors or if you want to add anything about this topic.
+----
+~~DISCUSSION~~