[solved] Running a script as root with sudo without entering the user password
Hi
I have a script to start a VPN client. I want a normal user ("boss") to be able to run the script without entering any password. I try to play with NOPASSWD in /etc/sudoers, but it doesn't work. When "boss" runs the scripts, he always has to enter his password. Here is the script (home/boss/it/connect_vpn.sh) : Code:
sudo /etc/init.d/vpnclient_init start Code:
# Members of the admin group may gain root privileges Code:
Linux ubuntu 2.6.10-5-386 #1 Fri Sep 23 14:13:55 UTC 2005 i686 GNU/Linux ++ |
Try as follows:
Code:
boss localhost= NOPASSWD:/home/boss/it/connect_vpn.sh |
Unfortunately, it doesn't. :(
Thanks |
How about a different approach: make the file owned by root, and then turn on the setuid bit on the permissions, and give everyone executable permission.
|
Well, I can be wrong, but I think this approach works well with binaries but not with shell scripts. What annoys me is that I'm sure there is a simple trick to do that.
++ |
In the /etc/sudoers file enter the individual commands of the script instead of the name of the script :
Code:
boss ALL=NOPASSWD: /etc/init.d/vpnclient_init start, vpnclient connect inside user foo pwd bar Hope this will resolve the problem. Regards. |
Yes it works ! Thanks, you rock.
(To be exact, I had to add the full path of the file "vpnclient".) Btw, visudo is really unconvenient - gedit did the job. ++ |
While you can edit sudoers without using visudo, it really isn't that good an idea. The main reason is that visudo checks the syntax of the sudoers file when you quit and alerts you to any borked entries.
That said, I completely agree that vi is quite possibly the worst text editor ever. However, there is a way to use a different text editor within visudo, provided visudo was compiled with the right options. Before starting visudo, enter the following line: export EDITOR=pico (or nano or joe or whatever your favorite console text editor is). If visudo was compiled right, it checks the $EDITOR environment variable and uses that editor and will default to vi if $EDITOR is not set. |
OK, Thanks for the tip.
++ |
All times are GMT -5. The time now is 08:55 AM. |