LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Run command as root (https://www.linuxquestions.org/questions/linux-newbie-8/run-command-as-root-4175413507/)

hesisaboury 06-26-2012 01:50 PM
Run command as root
 
Hello,
i want to allow a user execute some commands as root but i dont want user have root password...
for example a batch script that it's commands require root privilege....

any suggestion..

mjmohebbi 06-26-2012 02:05 PM
User can run commands, under the /usr/local/bin directory


You must put these commands under this directory. :-)

Didier Spaier 06-26-2012 02:07 PM
It is exactly the purpose of the 'sudo' command, see 'man sudo'.

John VV 06-26-2012 06:34 PM
as Didier Spaier stated use " sudo"

however NOT all Linux operating systems have sudo set up
redhat and that family ( rhel,cent,sl,fedora,clear,...) do NOT have sudo set up
and in some cases not even installed

so depending on just what os you are using , it might need to be installed or at least configured

hesisaboury 06-26-2012 11:28 PM
Thank u all,
i used sudo but still want password for running command.

any suggestion..

John VV 06-26-2012 11:41 PM
yes the NORMAL users password
as is set up in the sudoers file
but without knowing what os this is
i have no way of knowing if that file is set up or not

blue_print 06-26-2012 11:56 PM
If you want a normal user to execute some commands as root without root password, you will need to edit /etc/sudoers file

use visudo command

For example: If the user stest wants to execute '/sbin/fdisk' and '/sbin/parted', they entry will be like this,

Code:
stest          ALL= NOPASSWD: /sbin/fdisk, /sbin/parted
Make sure, you're putting sudo before executing the commands that the users would need to execute.

hesisaboury 06-27-2012 06:16 AM
another problem is after adding "stest ALL= NOPASSWD: /sbin/iptables" ,,, the user will have full access to iptables . this is real problem for me.

TobiSGD 06-27-2012 06:21 AM
If you don't trust your user enough to give him access to that program then don't give him access to that program. Trust is one of the basic principles of security. In this case you may be have to ask your boss to let a different user make this job.

frieza 06-27-2012 12:18 PM
frankly allowing ANY command to be run as root without challenging for a password is a horribly bad idea, especially in a workplace environment, you will probably get away with doing that on a home computer, but not so much in an office type environment.

it's not just the integrity of said user that you must be able to trust then, but the integrity of that user's account, as well as the vigilance of said user to not walk away from his computer with a logged in, unlocked session as anyone who gains access to that account can gain access to said commands, and could perhaps exploit vulnerabilities in said program to gain more access.

trust me, you WANT the user to be challenged for a password and anyone who can't be bothered to enter a password to perform administrative tasks shouldn't be doing the job.. period.

though i can see not giving carte blanch access to root, which is as mentioned by previous users what sudo is for.


All times are GMT -5. The time now is 12:41 PM.