Solved Desktop shortcut which will ask for su password

[Cedric62]

My goal is to have a shortcut on my Xfce desktop, pointing to a script file in my user folder. I would like the script file to copy all of the documents located within my Documents directory onto a USB thumb drive formatted with FAT 32. Also, at the moment, whenever I click on my desktop shortcut (copy_docs_usb.desktop) it opens up a new terminal and it carries out the script, but it also seems that not all of the folders and documents located with my user Documents directory are getting backed up onto the usb.

In other words, If I become root and run the script from within a terminal, without clicking on, copy_docs_usb.desktop, I seem to get slightly different results. So, I'm thinking that I need to modify my desktop file so that it somehow asks for the super user password before it actually tries to carry out the script I have created.

Below is what I have inside the desktop file on my desktop.

[Desktop Entry]
Version=1.0
Type=Application
Name=copy_docs_usb
Comment=copy user and system folders to backup
Exec=/home/Simon/Temp/copy_docs_usb.sh
Icon=process-completed
Terminal=true
StartupNotify=false
Categories=Utility;
Path=
GenericName=short cut to script file for backups
# EOF

Also, below is what I have within the script file I use to copy my documents to a USB.

#!/bin/sh
# USING RSYNC TO BACKUP AND RESTORE SYSTEM DIRECTORIES

# +++ Copy docs to backup usb +++

rsync -r -v --progress -l -H -b -s /home/Simon/Documents /media/BACKUPUSB

echo "Script finished."

So I would like to be able to click on my desktop file, and then have a terminal open up, I enter my su password, and then it carries out the backup for me. I feel like I'm close, but I seem to have confused myself once again.

 

[NapoleonWils0n]

You can use doas which is an alternative to sudo

And then create a doas rule for your script so it will run without prompting you for your password

Install doas

sudo pkg install doas

edit the doas.conf

sudo vi /usr/local/etc/doas.conf

From your post i guess your username is Simon,
if it isnt change Simon in the code below

Replace the contents of the doas.conf with this code

#=========================================================================#
# doas.conf
#=========================================================================#

#=========================================================================#
# permit user
#=========================================================================#

permit keepenv setenv { PATH } Simon


#=========================================================================#
# allow root to switch to our user
#=========================================================================#

permit nopass keepenv setenv { PATH } root as Simon


#=========================================================================#
# script permit user - no pass
#=========================================================================#

permit nopass keepenv Simon cmd /home/Simon/Temp/copy_docs_usb.sh


#=========================================================================#
# root as root
#=========================================================================#

permit nopass keepenv root as root

This line allow you to run the script with elevated permission while keeping your enviornment settings

permit nopass keepenv Simon cmd /home/Simon/Temp/copy_docs_usb.sh

Edit your desktop entry

[Desktop Entry]
Version=1.0
Type=Application
Name=copy_docs_usb
Comment=copy user and system folders to backup
Exec=sh -c '/usr/local/bin/doas /home/Simon/Temp/copy_docs_usb.sh'
Icon=process-completed
Terminal=false
StartupNotify=false
Categories=Utility;
Path=
GenericName=short cut to script file for backups

I changed the exec line to use doas and then run your script

Exec=sh -c '/usr/local/bin/doas /home/Simon/Temp/copy_docs_usb.sh'

and this line for the Terminal to false
because you dont need to enter you password as doas is set up so you dont need to

Terminal=false

That should do the job

 

[kent_dorfman766]

as a side issue, find out why you've got files in your home directory that are not owned by you nor being backed up. ideally everything under $HOME should be chown {myuid}, and not belong to any other user.

 

[Cedric62]

and this line for the Terminal to false
because you dont need to enter you password as doas is set up so you dont need to

But the problem is that I'm a real dummy who tends to sometimes do things without thinking it through, and that's why I really wanted to have a password to give me half a second to think before I do something catastrophic. I was able to get your above instructions to work, but it wasn't until afterwards that I realized that it wasn't going to protect me from my own self. However, I found some information here and there in older posts, and I was able to eventually come up with something that works.

 

[Cedric62]

as a side issue, find out why you've got files in your home directory that are not owned by you nor being backed up. ideally everything under $HOME should be chown {myuid}, and not belong to any other user.

Probably because a lot of the files I have in my Documents folder were first created when I was still using Ubuntu, or even Windows 10. But I now own all of them.

 

[Cedric62]

So, now after fumbling around for quite a bit, I now have an icon on my desktop which I can click, it gives me a terminal asking for my su password, and then after I enter it, the terminal stays open as my Documents get copied to a USB thumb drive. It seems that one of the big hang ups I had in all of this was in not understanding that the script file had to correctly reference the label of the USB thumb drive, or it wouldn't work. Now I seem to have all of my paths pointing in the right direction, and it seems to work perfectly, so long as I stick to the same USB thumb drive.

Below is a brief outline of what I did, in case another newbie gets stuck doing something like this.

Below is the actual text contained within the above shortcut "docs_2_usb.desktop".

[Desktop Entry]
Version=1.0
Type=Application
Name=docs_2_usb
Comment=Open a root shell in a terminal & copy docs to USBBACKUP
Exec=/diskbkp/scripts/copy_docs_usb.sh
Icon=usb-creator-gtk
Terminal=true
StartupNotify=true
Categories=Utility;
Path=
GenericName=copy to diskbkp
# EOF

Also, below shows what is inside the actual script which copies my documents to the USB.

#!/bin/sh

# Check if the script is being run by root
if [ "$(id -u)" -ne 0 ]; then
    echo "This script requires superuser privileges."
    echo "Please enter the root password below:"
    
    # Re-run the script with su
    # -m preserves the environment
    # -c executes the following command
    exec su -m root -c "/bin/sh $0 $@"
fi

# Your actual script logic starts here
echo "Success! You are now running as: $(whoami)"
# Add your administrative commands below

# Acknowledge the input securely
echo "Password received (length: ${#password})"

# Use the variable $password for the intended secure operation
# Payload starts below

# USING RSYNC TO BACKUP AND RESTORE SYSTEM DIRECTORIES

# +++ Copy docs to backup usb +++

rsync -r -v --progress -l -H -b -s /home/Simon/Documents/ /media/USBBACKUP
# Change the label of usb device in above command to match actual device being used
echo "Script finished."

As I mentioned earlier, the nice thing about the above is that when I click on the icon, a terminal opens up asking me for my password. Once I enter my password, then I get to watch the files scroll past until it eventually says "Script finished".

Well, for a minor low level person like me, who tends to put off backing up documents until it is too late, this is much more convenient than dragging individual files across in a file manager, and the icon on my desktop is a reminder that I need to do this once in a while.

 

[kent_dorfman766]

Probably because a lot of the files I have in my Documents folder were first created when I was still using Ubuntu, or even Windows 10. But I now own all of them.

so do "sudo chown -R {myuid} $HOME" and own everything under $HOME.