The Unix program '''sudo'''[http://www.sudo.ws/] allows normal users to run particular programs (or arbitrary ones, depending on configuration) with superuser privileges without having to know the root password; instead, it verifies your own password and then checks whether you are allowed to do what you request. It's an extremely useful tool that helps people administer their systems without the risk of running as root the whole time. — [DKF]
----
[Googie] wrote: Any idea how to get superuser rights by [tcl] [script]? It's easy under [expect], but I have to do it in clear tcl (without [package]s). Well? Thanks

''[MGS]'' [[2003/05/08]] - What superuser rights are you after? Superuser execute right? Or superuser file access rights?

Have you tried using 'sudo'? The -S option enables reading password on stdin.

You could use this rough code as a basis:
======
proc sudo:passwd {pipe} {
   puts "sudo:passwd \[$pipe\]"
   catch {puts $pipe mypass}
   fileevent $pipe writable {}
}
 
proc sudo:read {pipe} {
   puts "sudo:read \[$pipe\]"
   variable $pipe
   upvar  0 $pipe _
   set chars [gets $pipe line]
   puts "  read \[$line\] ($chars chars)"
   append _(stdout) $line\n
   if { [eof $pipe] } {
      puts "  got eof"
      fileevent $pipe readable {}
      fileevent $pipe writable {}
      if { [catch {close $pipe} code] } {
         puts "  Got error closing sudo pipe"
         puts "  \[$::errorCode\] $code"
      } else {
         puts "  Successfully closed sudo pipe"
         puts "  code = \[$code\]"
      }
      set _(done) 1
   }
}
 
proc sudo:run {args} {
   set cmd [eval concat $args]
   puts "cmd = \[$cmd\]"
   set list [concat [list sudo -S] $cmd [list 2>&1]]
   puts "list = \[$list\]"
   if { [catch {open |$list r+} pipe] } {
      puts "\[$::errorCode\] $pipe"
   } else {
      puts "  open returned \[$pipe\]"
      fconfigure $pipe -buffering none -blocking 1
      fileevent  $pipe writable [list sudo:passwd $pipe]
      fileevent  $pipe readable [list sudo:read   $pipe]
   }
   variable $pipe
   upvar  0 $pipe _
   set _(done) 1
   set _(stdout) ""
   set ns [namespace current]
   if { [string equal $ns ::] } { set ns "" }
   return ${ns}::$pipe
}
 
set sudo [sudo:run [list ls -l /root]]
vwait ${sudo}(done)
puts "  sudo = \[$sudo\]"
upvar #0 $sudo array
parray array
======

Note you'll have to change 'mypass' in `sudo:passwd` to whatever your password is.

If you're after superuser rights to read protected files, you could always use 'cat' ...

----

[Tim Jones]
[http://sourceforge.net/mailarchive/message.php?msg_id=11200688]
and 
[Daniel Steffen] 
[http://sourceforge.net/mailarchive/forum.php?thread_id=6830188&forum_id=3853]
[[... advice ...]]

----

[MAKR] (2009-02-24): Keep in mind that if you are using ''sudo'' '''-S''', you need to ''sudo'' '''-K''' before! In a subsequent call ''sudo'' may otherwise just pipe the password to ''[stdin]'' of the called program.

Also note that ''sudo'' is highly configurable. You should document your expectations, especially if you do not control the environment (privileges, password, prompt, environment variables, etc...).

----
!!!!!!
%| [Category Security] | [Category Unix] |%
!!!!!!