LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
Search this Thread
Old 10-08-2005, 11:48 AM   #1
kloss
Member
 
Registered: Nov 2004
Location: France & Germany
Distribution: (Pure) Debian Etch & Sid
Posts: 116

Rep: Reputation: 15
[solved] Running a script as root with sudo without entering the user password


Hi
I have a script to start a VPN client. I want a normal user ("boss") to be able to run the script without entering any password. I try to play with NOPASSWD in /etc/sudoers, but it doesn't work. When "boss" runs the scripts, he always has to enter his password.

Here is the script (home/boss/it/connect_vpn.sh) :
Code:
sudo /etc/init.d/vpnclient_init start
sudo vpnclient connect inside user foo pwd bar
Here is /etc/sudoers :
Code:
# Members of the admin group may gain root privileges
%admin          ALL=(ALL) ALL
boss            ALL=NOPASSWD:/home/boss/it/connect_vpn.sh
Here is the output of "uname -a" and "id" for "boss":
Code:
Linux ubuntu 2.6.10-5-386 #1 Fri Sep 23 14:13:55 UTC 2005 i686 GNU/Linux
uid=1000(boss) gid=1000(boss) groups=4(adm),20(dialout),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),107(lpadmin),108(scanner),109(admin),1000(boss)
Thanks a lot for your help, i'm looking for a solution for a while without success

++

Last edited by kloss; 10-09-2005 at 03:16 PM.
 
Old 10-08-2005, 12:27 PM   #2
nixcraft
Member
 
Registered: Nov 2004
Location: BIOS
Distribution: RHEL3.0, FreeBSD 5.x, Debian 3.x, Soaris x86 v10
Posts: 379

Rep: Reputation: 30
Try as follows:
Code:
boss            localhost= NOPASSWD:/home/boss/it/connect_vpn.sh
Hope this helps.
 
Old 10-08-2005, 12:38 PM   #3
kloss
Member
 
Registered: Nov 2004
Location: France & Germany
Distribution: (Pure) Debian Etch & Sid
Posts: 116

Original Poster
Rep: Reputation: 15
Unfortunately, it doesn't.

Thanks
 
Old 10-08-2005, 02:57 PM   #4
spooon
Senior Member
 
Registered: Aug 2005
Posts: 1,755

Rep: Reputation: 48
How about a different approach: make the file owned by root, and then turn on the setuid bit on the permissions, and give everyone executable permission.
 
Old 10-08-2005, 03:33 PM   #5
kloss
Member
 
Registered: Nov 2004
Location: France & Germany
Distribution: (Pure) Debian Etch & Sid
Posts: 116

Original Poster
Rep: Reputation: 15
Well, I can be wrong, but I think this approach works well with binaries but not with shell scripts. What annoys me is that I'm sure there is a simple trick to do that.
++
 
Old 10-09-2005, 12:37 PM   #6
berbae
Member
 
Registered: Jul 2005
Location: France
Distribution: Arch Linux
Posts: 540

Rep: Reputation: Disabled
In the /etc/sudoers file enter the individual commands of the script instead of the name of the script :
Code:
boss   ALL=NOPASSWD: /etc/init.d/vpnclient_init start, vpnclient connect inside user foo pwd bar
because it is these individual commands that are sudoed not the entire script

Hope this will resolve the problem.
Regards.

Last edited by berbae; 10-09-2005 at 12:38 PM.
 
Old 10-09-2005, 03:15 PM   #7
kloss
Member
 
Registered: Nov 2004
Location: France & Germany
Distribution: (Pure) Debian Etch & Sid
Posts: 116

Original Poster
Rep: Reputation: 15
Yes it works ! Thanks, you rock.

(To be exact, I had to add the full path of the file "vpnclient".)

Btw, visudo is really unconvenient - gedit did the job.

++
 
Old 10-10-2005, 07:24 AM   #8
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,790
Blog Entries: 1

Rep: Reputation: 414Reputation: 414Reputation: 414Reputation: 414Reputation: 414
While you can edit sudoers without using visudo, it really isn't that good an idea. The main reason is that visudo checks the syntax of the sudoers file when you quit and alerts you to any borked entries.

That said, I completely agree that vi is quite possibly the worst text editor ever. However, there is a way to use a different text editor within visudo, provided visudo was compiled with the right options.

Before starting visudo, enter the following line:

export EDITOR=pico (or nano or joe or whatever your favorite console text editor is).

If visudo was compiled right, it checks the $EDITOR environment variable and uses that editor and will default to vi if $EDITOR is not set.
 
Old 10-10-2005, 11:39 AM   #9
kloss
Member
 
Registered: Nov 2004
Location: France & Germany
Distribution: (Pure) Debian Etch & Sid
Posts: 116

Original Poster
Rep: Reputation: 15
OK, Thanks for the tip.

++
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How could normal user obtain root password or change root password ckamheng Debian 18 02-18-2009 10:28 PM
allow sudo for www user to run root shell script cccc *BSD 12 07-23-2005 03:48 PM
root password doesn't work when I use sudo ... bucovaina78 Linux - Security 5 11-10-2004 02:50 PM
How do I put root Password from code in sudo ? rhawi Programming 8 06-18-2004 12:49 PM
SUDO as *non-root* user spratty Linux - Newbie 3 05-19-2004 03:35 AM


All times are GMT -5. The time now is 02:02 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration