LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices



Reply
 
Search this Thread
Old 10-09-2009, 02:33 PM   #1
DrStrangepork
LQ Newbie
 
Registered: Aug 2009
Posts: 22

Rep: Reputation: 15
Help with sudoers


I have to execute a script that calls a second script for some report data. The second script can only be executed by root in root's environment. So I need to be able to run 'sudo second_script.sh' as root without being asked for a password. How can I set that up?
 
Old 10-09-2009, 02:38 PM   #2
Chomp
LQ Newbie
 
Registered: Oct 2009
Distribution: PCLinuxOS
Posts: 3

Rep: Reputation: 0
I'm going to assume you're using Ubuntu. Try 'sudo su'. This will permanently make you root so after executing your script make sure you type 'exit' or close the CLI.
 
Old 10-09-2009, 02:45 PM   #3
kapilbajpai88
Member
 
Registered: Jul 2008
Location: Bangalore, India
Distribution: RHEL
Posts: 235

Rep: Reputation: 41
Smile

Hi DrStrangepork,

Usually, running sudo command will ask for password if you are using a normal user. but, if you can tell us the distro you are using then maybe you might get some better replies.
As suggested by Chomp, if you using ubuntu, then you can try 'sudo su' to run your script, and use 'exit' to close the connection for sudo later. I am using RHEL-5 , and every time I use 'sudo' command, I need to provide root password to go ahead.

Cheers,
Kapil.
 
Old 10-09-2009, 03:30 PM   #4
DrStrangepork
LQ Newbie
 
Registered: Aug 2009
Posts: 22

Original Poster
Rep: Reputation: 15
Here's some more background. I am running Ubuntu (lenny/sid). Basically, this script has to run as nagios, and nagios must then be able to execute 'sudo second_script.sh" without being prompted for a password. Further, I can't (shouldn't) give nagios any more permissions than the minimum necessary to execute this one command. That is what I am trying to setup. I tried running just 'sudo su' as nagios and was prompted for a password (I didn't think that would work). And the user nagios does not have a password in /etc/passwd, so piping one to 'sudo -S' is not going to work either.

And here is part of my /etc/sudoers (I'm trying as little security as possible and working my way backwards):

# User privilege specification
root ALL=(ALL) ALL
nagios ALL=(ALL) ALL

Even with that configuration, running any command as nagios with 'sudo' requires me to enter a password. Running the same command as root does not prompt me for a password.

Last edited by DrStrangepork; 10-09-2009 at 03:33 PM. Reason: additional info
 
Old 10-09-2009, 03:55 PM   #5
Widgeteye
Member
 
Registered: Mar 2005
Posts: 116

Rep: Reputation: 17
This is what I use.

# User privilege specification
root ALL=(ALL) ALL
yourname ALL=(ALL) NOPASSWD: ALL

Then you don't even need the password when using sudo on the command line.

BTW I should get a thanks for this one, I have answered this question twice
in the last 5 minutes.

Last edited by Widgeteye; 10-09-2009 at 03:57 PM.
 
Old 10-09-2009, 04:09 PM   #6
DrStrangepork
LQ Newbie
 
Registered: Aug 2009
Posts: 22

Original Poster
Rep: Reputation: 15
I set up that same configuration, and I still get prompted for a password....

I tried:

nagios ALL=(ALL) NOPASSWD: ALL

and

nagios ALL=NOPASSWD: ALL

and both still require a password. There aren't any services that need to be restarted after changing /etc/sudoers right? Just logout as nagios and log back in?
 
Old 10-09-2009, 07:35 PM   #7
Widgeteye
Member
 
Registered: Mar 2005
Posts: 116

Rep: Reputation: 17
OK, you have to edit the file using "visudo" as root.
type visudo sudoers

then make the changes and save. you have to edit with "visudo"
 
Old 10-13-2009, 08:32 AM   #8
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,791
Blog Entries: 1

Rep: Reputation: 414Reputation: 414Reputation: 414Reputation: 414Reputation: 414
Quote:
I'm going to assume you're using Ubuntu. Try 'sudo su'. This will permanently make you root so after executing your script make sure you type 'exit' or close the CLI.
Quote:
# User privilege specification
root ALL=(ALL) ALL
yourname ALL=(ALL) NOPASSWD: ALL

Then you don't even need the password when using sudo on the command line.
Please note that from a security standpoint, you really don't want to be doing either of these. The whole idea behind sudo is to give root privileges for only those commands necessary for the user to use. My personal opinion is that the *buntus should be flogged for their bastardization of sudo (but that is another rant).

Anyway, the Gentoo documentation may help you figure out the syntax. One thing to note is that the sudoers file enforces the last rule it finds that matches, so if you have a later rule that requires a password, that could force a password here.
 
Old 10-13-2009, 08:53 AM   #9
centosboy
Senior Member
 
Registered: May 2009
Location: london
Distribution: centos5
Posts: 1,137

Rep: Reputation: 116Reputation: 116
Quote:
Originally Posted by DrStrangepork View Post
I set up that same configuration, and I still get prompted for a password....

I tried:

nagios ALL=(ALL) NOPASSWD: ALL

and

nagios ALL=NOPASSWD: ALL

and both still require a password. There aren't any services that need to be restarted after changing /etc/sudoers right? Just logout as nagios and log back in?
have a command alias set up, and then user priv set up.


Code:
# Cmnd alias specification
Cmnd_Alias BIN = /usr/local/bin

# User privilege specification
nagios  ALL=BIN, NOPASSWD: BIN
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Re;sudoers palisetty_suman Linux - Newbie 4 01-28-2009 12:25 AM
sudoers texerasmo Linux - General 3 08-04-2006 10:57 AM
I deleted /etc/sudoers and creates a new file call sudoers but now it doesnt for visu abefroman Linux - Software 1 11-10-2005 06:03 PM
Regarding SUDOERS hinetvenkat Linux - Networking 1 09-02-2005 02:47 PM
sudoers???? yenonn Slackware 6 02-10-2004 04:09 AM


All times are GMT -5. The time now is 09:48 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration