Scenario / Questions

Disclaimer: I’m pretty novice at sysadmin stuff.

I’m trying to set up port forwarding in an AWS EC2 instance, this has to be done in the command-line because I don’t want to go in and edit anything, it has to be automatic (it’s part of a build process).

sudo echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf

Permission denied

The weird thing is I’ve been (successfully) using sudo for pretty much every command that required su privileges. If I do sudo su before the command (trying it out by hand in an ssh session), then it works.

Reasons behind this? Possible solutions that don’t involve sudo su or manual edits?

Find below all possible solutions or suggestions for the above questions..

Suggestion: 1

You can’t use sudo to affect output redirection; > and >> (and, for completeness, <) are effected with the privilege of the calling user, because redirection is done by the calling shell, not the called subprocess.

Either do

cp /etc/sysctl.conf /tmp/
echo "net.ipv4.ip_forward = 1" >> /tmp/sysctl.conf
sudo cp /tmp/sysctl.conf /etc/

or

sudo /bin/su -c "echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf"

Suggestion: 2

You might find it simpler to use this command:

echo net.ipv4.ip_forward = 1 | sudo tee -a /etc/sysctl.conf

Suggestion: 3

sudo runs only your command, not the redirect, as root. You’ll need to wrap it all in a command where the whole thing runs as root:

sudo sh -c 'echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf'

Suggestion: 4

The command sudo echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf is interpreted as that you (nonroot) write the result of sudo echo "net.ipv4.ip_forward = 1" into /etc/sysctl.conf.

Run

sudo -s 'echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf'

or

sudo su -c 'echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf'

to run echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf as root.

Suggestion: 5
sudo sed -i "$ a <text>" <file>
  • -i : edit file in place.
  • $ a: append text to the last line

Using sed command avoids you the hassle of redirections and pipelines.

In your case: sudo sed -i "$ a net.ipv4.ip_forward = 1" /etc/sysctl.conf