[SOLVED] sudo ask for password if run using script

limgrace · 10-22-2012, 10:22 PM

hi,
i need certain user (example:jerry) to be able to execute chmod as root.
edit/etc/sudoers by adding the line at end of the file

jerry ALL= NOPASSWD: /bin/chmod a+w /dev/st0

login as jerry , execute sudo /bin/chmod a+w /dev/st0 from command line
successfully executed

created a script tesh.sh in jerry acct
#!/bin/bash
sudo /bin/chmod a+w /dev/st0

run the script ./tesh.sh at command line, it prompted for password
after entering passowrd, error prompted
sorry, user jerry is not allowed to execute '/bin/chmod a+w /dev/st0' as root on server1.

problem:
1.it ask for password
2. when password was entered , it prompted that user cannot execute command as root on server1

pls help.

mark_alfred · 10-22-2012, 10:42 PM

You may need to use visudo to edit the sudoers file. Beyond that suggestion, I really don't know how you can solve this issue.

mdlinuxwolf · 10-22-2012, 10:45 PM

I don't think users without passwords on their accounts can use sudo.

Try just doing:

su
Myrootpassword

If root is disabled like in Mint or Ubuntu try:

sudo su
Myuserpassword

In both cases, you'll have a genuine root prompt.

Give that user a strong password!!

limgrace · 10-22-2012, 11:01 PM

tried using visudo. delete the old line and reenter it again.

jerry ALL= NOPASSWD: /bin/chmod a+w /dev/st0

problem still them same.

but if i changed it to jerry ALL=(ALL) NOPASSWD: ALL
it works.

what do i missed out? is there a problem w/ the stmt jerry ALL= NOPASSWD: /bin/chmod a+w /dev/st0 ?
im using redhat6 es

chrism01 · 10-23-2012, 12:09 AM

It would be interesting to know exactly which distro+version this is.
The basic syntax is

Code:

use machine=(runas) NOPASSWD: cmds

http://linux.die.net/man/5/sudoers

It possible your distro has decided to tighten up security by requiring a runas value...
I would definitely have a close read of the man pages on your system.

Habitual · 10-23-2012, 08:49 AM

Quote:

Originally Posted by limgrace

tried using visudo. delete the old line and reenter it again.

Code:

jerry ALL= NOPASSWD: /bin/chmod a+w /dev/st0

I believe jerry will have to be a member of whaterver group

Code:

ls -ld /dev/st0

is designated AND this should be

Code:

jerry ALL= NOPASSWD: /bin/chmod

AFAICT...

any else see that?

Have a Great Day!

limgrace · 10-23-2012, 08:55 PM

its redhat linux ent server 6.2 santiago

limgrace · 10-23-2012, 09:26 PM

if i used the code
jerry ALL= NOPASSWD: /bin/chmod

it works.

rknichols · 10-23-2012, 09:49 PM

Quote:

Originally Posted by limgrace

if i used the code
jerry ALL= NOPASSWD: /bin/chmod

it works.

That does give user "jerry" the ability to run /bin/chmod with any arguments whatsoever and change the permissions on any file or directory in the system, which is probably way more capability than you intended.

limgrace · 10-24-2012, 12:07 AM

this the result of ls -ld /dev/st0
crw-rw-r- 1 root tape 9, 0 Oct 15 12:33 /dev/st0

but if i add a+w /dev/st0 , it doesnt work. how do i go abt it?

rknichols · 10-24-2012, 07:26 AM

I really don't know why that isn't working for you, as that same syntax works fine for me:

Code:

rnichols ALL = NOPASSWD: /bin/chmod a+w /tmp/tfile