LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   visudo entry in one script (https://www.linuxquestions.org/questions/linux-newbie-8/visudo-entry-in-one-script-4175525043/)

apss_evaluator 11-11-2014 02:32 AM
visudo entry in one script
 
Hi Linux Guru's

I'm just wondering if creating for an entry to /etc/sudoers using "visudo" is possible under 1 script?

It just happened I messed up /etc/sudoers using cat the >> /etc/suders and forgot to place "#" in in comment line.

here is what I intended to insert on /etc/sudoers

if ! grep -Fqi '# pogi is enabled' /etc/sudoers; then
echo "# pogi is enabled" >> /etc/sudoers;
echo "pogi ALL=(ALL) NOPASSWD:/opt/papa/bin/restart_pogi.sh" >> /etc/sudoers;
echo "# oat entry ends" >> /etc/sudoers;
else
exit
fi



I just saw using visudo is validating the /etc/sudoers if the entry is invalid or can cause a corruption. Can you post me an example alternative on updating the sudoers using visudo command?

evo2 11-11-2014 02:41 AM
Hi,

you could make your script edit a copy of /etc/sudoers, then use visudo to validate it before copying it to /etc/sudoers. Eg something like
Code:
cp /etc/sudoers /tmp/sudoers.edit
autoeditvisudo.sh /tmp/sudoers.edit # This is you command/scipt that edits the file
visudo --check -f /tmp/sudoers.edit
if [ "$?" = "0" ] ; then
  cp /etc/sudoers /etc/sudoers.back
  cp /tmp/sudoers.edit /etc/sudoers
fi
See the visudo man page for more information.

Evo2.

apss_evaluator 11-11-2014 02:43 AM
Quote:
Originally Posted by evo2 (Post 5268049)
Hi,

you could make your script edit a copy of /etc/sudoers, then use visudo to validate it before copying it to /etc/sudoers. Eg something like
Code:
cp /etc/sudoers /tmp/sudoers.edit
autoeditvisudo.sh /tmp/sudoers.edit # This is you command/scipt that edits the file
visudo --check -f /tmp/sudoers.edit
if [ "$?" = "0" ] ; then
  cp /etc/sudoers /etc/sudoers.back
  cp /tmp/sudoers.edit /etc/sudoers
fi
See the visudo man page for more information.

Evo2.
that was a fast response!, I'll try this now. thanks Evo2!

SAbhi 11-11-2014 02:49 AM
you cant directly edit the file sudoers file with cat >> /etc/sudoers or echo "blah blah" >>/etc/sudoers not even with sudo permissions because the redirection is carried out by the shell and by then the permissions will be dropped.

however if you are doing this with script, you can run
Code:
"echo "blah blah" >>/etc/sudoers" with sudo <scriptname.sh>

EDIT:

evo2's method is better:

Code:
using visudo -c -f /etc/sudoers.temp
can validate the temp file and then you can replace it.


All times are GMT -5. The time now is 02:57 AM.