From a main bash script run as root, I want to execute a subprocess using sudo as unpriviledge user nobody; that subprocess should source a file, which content is provided by the main script.

I am trying to solve this using bash process substitution. But I cannot manage to get this to work.

Can someone tell me why the following script, ...

#! /bin/bash
sudo -u nobody \
    bash -c 'source /dev/stdin || ls -l /dev/stdin /proc/self/fd/0 /proc/$$/fd/0; echo "A=$A"' \
        < <(echo "A=$(ls /root/.profile)")

... when run as root, produces the following ouput ?

root@raspi:~# ./test3.sh
bash: line 1: /dev/stdin: Permission denied
lrwxrwxrwx 1 root   root    15 Mar 20 20:55 /dev/stdin -> /proc/self/fd/0
lr-x------ 1 nobody nogroup 64 Aug 21 14:38 /proc/3243/fd/0 -> 'pipe:[79069]'
lr-x------ 1 nobody nogroup 64 Aug 21 14:38 /proc/self/fd/0 -> 'pipe:[79069]'
A=

I would expect reading from stdin to work because, as indicated by ls -l, read access to stdin is granted to nobody (which makes sense).

So why this does not work ? And is there any way to get this to work ?

Answers to this question did not help: as sample above shows, code in the <(...) bloc should access data that only root can.

CodePudding user response：

To see why you have Permission denied, use ls -lL

sudo -u nobody \
    bash -c 'source /dev/stdin || ls -lL /dev/stdin /proc/self/fd/0 /proc/$$/fd/0; echo "A=$A"' \
        < <(echo "A=$(ls /root/.profile)")

To get around the error, use cat |

sudo -u nobody \
    bash -c 'cat | { source /dev/stdin || ls -lL /dev/stdin /proc/self/fd/0 /proc/$$/fd/0; echo "A=$A"; }' \
        < <(echo "A=$(ls /root/.profile)")