Append "Here Document" to Protected File: Sudo?

I’ve automounted my NAS by setting up a mount point and editing my fstab by hand. No problem. But, I’m trying to automate that process for later. On the way to doing that, I tried using a Here Document from the console with the following:

sudo cat <<EOT >>/etc/fstab
#mount NAS as CIFS
// /mnt/NAS cifs defaults,_netdev,iocharset=utf8,credentials=/home/dave/secret.txt,uid=1000,gid=1000 0 2

That should take the text between the EOT markers and append it (“>>” for append, “>” for overwrite) to the file /etc/fstab. If I try it, I get:

bash: /etc/fstab: Permission denied

If I try it to a non-protected file, it works. I assume I’m trying to get elevated permission (i.e., sudo) wrong in that command. Anyone have any ideas?

The sudo runs the cat with elevated permissons; the << and >> are applied by the shell (before the command is even run) and are not affected by sudo. You will need to run a single command with sudo, e.g., sed or similar.

Alternatively, you could write a (auto)mount systemd unit, which would then involve dropping the unit file in the correct place, and not worry about modifying an existing file. You don’t even need to write it entirely; as you’ve already created a mount manually, you can start with the unit file that systemd auto-generated from /etc/fstab.

Thanks. I’ll take a look at those options.

You are making it a lot more complex than needed when appending a single line to /etc/fstab.
sudo gedit /etc/fstab then enter the line then save and exit. (use your favorite text editor instead of gedit if desired – I use vim).
You do not have to hassle with what happens in the shell and what happens with sudo interactions. The shell opens the editor, the editor handles the rest.

Well, I agree I’m making it more complex. But, I thought it would be neat to see if I could set up a script to return my system to the way I want it after a clean install. Just trying to learn new things.

It’s best not to run graphical programs as root. For gedit, you can tell it to ask for permissions without running the whole program as root by opening an admin:// path, e.g., gedit admin:///etc/fstab

The tee command is typically used for this. The -a option will cause tee to append.

cat <<'EOT' | sudo tee -a /etc/fstab
#mount NAS as CIFS
// /mnt/NAS cifs defaults,_netdev,iocharset=utf8,credentials=/home/dave/secret.txt,uid=1000,gid=1000 0 2

Again, you’re doing things the hard way.

sudo mount -a is all you need to get everything in /etc/fstab mounted.

That tee option looks cool. Now that I know it exists, that should make things neater. Thanks.

EDIT: Based on your comment, I found an article about tee that even has an example with writing to a protected file:

Thanks again.

1 Like

BTW: I had the same problem with setting up a file to let CoreCtrl start automatically. I used the same construct as I was using in my OP (suitably modified, of course). And, of course, it didn’t work. I changed it to use your method and it worked fine.

cat <<'EOT' | sudo tee /etc/polkit-1/rules.d/90-corectrl.rules
polkit.addRule(function(action, subject) {
    if (( == "org.corectrl.helper.init" || == "org.corectrl.helperkiller.init") &&
        subject.local == true && == true &&
        subject.isInGroup("dave")) {
            return polkit.Result.YES;
1 Like

If you have several of these things to set up, you may want to look at Ansible for reproducible system configuration.