I'm working on some installation script in bash (on a Raspberry Pi running Stretch). It will copy files to /usr/local/bin and to my user profile and it will install a few packages if needed. The script is almost 2000 lines and 20–30 commands need root.
Now my question is: should I run the entire script with sudo or just as standard user and sudo only the commands inside the script that need admin rights?
If you know for sure that running the script with sudo won't do you any harm (For example, it won't create new files that will now need root privileges, but wouldn't otherwise), you should run it with sudo.
If you know there are some side effects or you are unsure, do it the safe way and use sudo just where you must.
At the header of script put this:
#!/bin/bash
#Detects if script are not running as root...
if [ "$UID" != "0" ]; then
#$0 is the script itself (or the command used to call it)...
#$* parameters...
if whereis sudo &>/dev/null; then
echo "Please type the sudo password for the user $USER"
sudo $0 $*
exit
else
echo "Sudo not found. You will need to run this script as root."
exit
fi
fi
sudoto entire one. But from good security practice side and Unix ideology, you must use min permissions as much as possible and upper it only in cases when it's needed.