Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have two scripts I added to a shell script. I can manually run the scripts from the prompt line and the process works. But, I get prompted for a password.
When I execute the code in the shell script I get the following error messages:
cleanwork is not found saswork file does not exist
cleanwork is a program and not a directory. When cleanwork is executed it kills orphanes in the sasworks directory. To run cleanworks program the sudo command is used.
file /sasem/sas92/sashome/sasfoundation/9.2/utilities/bin/cleanwork
file /sasem/sas94/sashome/sasfoundation/9.4/utilities/bin/cleanwork
ls -l /sasem/sas92/sashome/sasfoundation/9.2/utilities/bin/cleanwork
ls -l /sasem/sas94/sashome/sasfoundation/9.4/utilities/bin/cleanwork
Global NOPASSWD is a horrible idea, defeats the purpose. But setting it for a single script, nothing wrong with that. It's how I have my laptop and server keep themselves updated.
Last edited by jmgibson1981; 09-26-2015 at 05:56 PM.
Global NOPASSWD is a horrible idea, defeats the purpose. But setting it for a single script, nothing wrong with that. It's how I have my laptop and server keep themselves updated.
How do I set NOPASSW in my script?
Code:
!#/bin/bash
sasadm ALL = NOPASSWD: ALL
echo cleanwork='/usr/bin/sudo /sasem/sas92/sashome/sasfoundation/9.2/utilities/bin/cleanwork /sasworks'
echo cleanwork94='/usr/bin/sudo /sasem/sas94/sashome/sasfoundation/9.4/utilities/bin/cleanwork /sasworks'
./$cleanwork
./$cleanwork94
I have this in a file under my /etc/sudoers.d directory. can name it anything you want but you must get the syntax perfect or you can lock yourself out of sudo. at that point you need to boot a live disk and remove or fix the offending line. This allows that script and ONLY that script to run as sudo without a password. If you have the time to work on it, I highly suggest you make a VirtualBox of a basic command line Ubuntu server or something to test and play with this before you do it on something in production. Like I said, if you have the smallest typo, you are locked out of sudo.
You have been warned
Last edited by jmgibson1981; 09-26-2015 at 08:11 PM.
As pointed out above, you can't add access in a bash script; it has to be done in the /etc/sudoers file (use visudo - this will check your syntax), or create a properly formatted(!!) sudoers type file in the /etc/sudoers.d dir.
Global NOPASSWD is a horrible idea, defeats the purpose. But setting it for a single script, nothing wrong with that. It's how I have my laptop and server keep themselves updated.
If the user has write permission to that script or the directory it lives in, it makes no difference. The script can just be modified or replaced with anything. Might as well set a global NOPASSWD, it's the same thing. That's why it's such a bad idea to use it at all, SO EASY to bypass.
If you want to run something as root automatically on a schedule, then just do it the right way. Enable the root account, give it a strong password, and run whatever root commands you need in root's cron. NOPASSWD sudo is a terrible workaround.
Last edited by suicidaleggroll; 09-27-2015 at 10:23 PM.
The same "admin" who can execute that script as root via sudo without a password, or is this some other user? What about the directory containing that script, or the directory containing that directory?
What if what if what if. My family is my wife and myself. It may not be perfect for the Enterprise but that is none of my concern. For home use it is a perfectly acceptable solution. Anybody could "what if" until they are blue in the face. What if a plane falls on your house and kills you? How far does it go?
For what it's worth though, I keep my system scripts in a secure folder where no one can write to them except me. They can read them just fine, and execute if I give them the ability, but no one can write to my system scripts directory. There are probably better ways to do it but it works for me. I never claimed nor am I trying to execute and learn "best practices". I just do what works, quick and dirty sometimes.
*EDIT* In the end it turns out it is pointless anyway as simply doing
Code:
sudo crontab -e
does the job. So we learned something. No need to activate root.
Last edited by jmgibson1981; 09-28-2015 at 03:50 PM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
