LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - General (https://www.linuxquestions.org/questions/linux-general-1/)
-   -   Running a script as root with sudo without entering the user password (https://www.linuxquestions.org/questions/linux-general-1/running-a-script-as-root-with-sudo-without-entering-the-user-password-370952/)

kloss 10-08-2005 11:48 AM
[solved] Running a script as root with sudo without entering the user password
 
Hi
I have a script to start a VPN client. I want a normal user ("boss") to be able to run the script without entering any password. I try to play with NOPASSWD in /etc/sudoers, but it doesn't work. When "boss" runs the scripts, he always has to enter his password.

Here is the script (home/boss/it/connect_vpn.sh) :
Code:
sudo /etc/init.d/vpnclient_init start
sudo vpnclient connect inside user foo pwd bar
Here is /etc/sudoers :
Code:
# Members of the admin group may gain root privileges
%admin          ALL=(ALL) ALL
boss            ALL=NOPASSWD:/home/boss/it/connect_vpn.sh
Here is the output of "uname -a" and "id" for "boss":
Code:
Linux ubuntu 2.6.10-5-386 #1 Fri Sep 23 14:13:55 UTC 2005 i686 GNU/Linux
uid=1000(boss) gid=1000(boss) groups=4(adm),20(dialout),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),107(lpadmin),108(scanner),109(admin),1000(boss)
Thanks a lot for your help, i'm looking for a solution for a while without success

++

nixcraft 10-08-2005 12:27 PM
Try as follows:
Code:
boss            localhost= NOPASSWD:/home/boss/it/connect_vpn.sh
Hope this helps.

kloss 10-08-2005 12:38 PM
Unfortunately, it doesn't. :(

Thanks

spooon 10-08-2005 02:57 PM
How about a different approach: make the file owned by root, and then turn on the setuid bit on the permissions, and give everyone executable permission.

kloss 10-08-2005 03:33 PM
Well, I can be wrong, but I think this approach works well with binaries but not with shell scripts. What annoys me is that I'm sure there is a simple trick to do that.
++

berbae 10-09-2005 12:37 PM
In the /etc/sudoers file enter the individual commands of the script instead of the name of the script :
Code:
boss  ALL=NOPASSWD: /etc/init.d/vpnclient_init start, vpnclient connect inside user foo pwd bar
because it is these individual commands that are sudoed not the entire script

Hope this will resolve the problem.
Regards.

kloss 10-09-2005 03:15 PM
Yes it works ! Thanks, you rock.

(To be exact, I had to add the full path of the file "vpnclient".)

Btw, visudo is really unconvenient - gedit did the job.

++

Hangdog42 10-10-2005 07:24 AM
While you can edit sudoers without using visudo, it really isn't that good an idea. The main reason is that visudo checks the syntax of the sudoers file when you quit and alerts you to any borked entries.

That said, I completely agree that vi is quite possibly the worst text editor ever. However, there is a way to use a different text editor within visudo, provided visudo was compiled with the right options.

Before starting visudo, enter the following line:

export EDITOR=pico (or nano or joe or whatever your favorite console text editor is).

If visudo was compiled right, it checks the $EDITOR environment variable and uses that editor and will default to vi if $EDITOR is not set.

kloss 10-10-2005 11:39 AM
OK, Thanks for the tip.

++


All times are GMT -5. The time now is 08:55 AM.