Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place! |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
06-26-2012, 01:50 PM
|
#1
|
Member
Registered: Dec 2010
Location: iran
Posts: 199
Rep:
|
Run command as root
Hello,
i want to allow a user execute some commands as root but i dont want user have root password...
for example a batch script that it's commands require root privilege....
any suggestion..
|
|
|
06-26-2012, 02:05 PM
|
#2
|
LQ Newbie
Registered: Jun 2012
Location: Tehran ,Iran
Posts: 7
Rep:
|
User can run commands, under the /usr/local/bin directory
You must put these commands under this directory. :-)
|
|
|
06-26-2012, 02:07 PM
|
#3
|
LQ Addict
Registered: Nov 2008
Location: Paris, France
Distribution: Slint64-15.0
Posts: 11,179
Rep:
|
It is exactly the purpose of the 'sudo' command, see 'man sudo'.
|
|
|
06-26-2012, 06:34 PM
|
#4
|
LQ Muse
Registered: Aug 2005
Location: A2 area Mi.
Posts: 17,639
|
as Didier Spaier stated use " sudo"
however NOT all Linux operating systems have sudo set up
redhat and that family ( rhel,cent,sl,fedora,clear,...) do NOT have sudo set up
and in some cases not even installed
so depending on just what os you are using , it might need to be installed or at least configured
|
|
|
06-26-2012, 11:28 PM
|
#5
|
Member
Registered: Dec 2010
Location: iran
Posts: 199
Original Poster
Rep:
|
Thank u all,
i used sudo but still want password for running command.
any suggestion..
|
|
|
06-26-2012, 11:41 PM
|
#6
|
LQ Muse
Registered: Aug 2005
Location: A2 area Mi.
Posts: 17,639
|
yes the NORMAL users password
as is set up in the sudoers file
but without knowing what os this is
i have no way of knowing if that file is set up or not
|
|
|
06-26-2012, 11:56 PM
|
#7
|
Member
Registered: May 2010
Location: In world
Distribution: RHEL, CentOS, Ubuntu
Posts: 275
Rep:
|
If you want a normal user to execute some commands as root without root password, you will need to edit /etc/sudoers file
use visudo command
For example: If the user stest wants to execute '/sbin/fdisk' and '/sbin/parted', they entry will be like this,
Code:
stest ALL= NOPASSWD: /sbin/fdisk, /sbin/parted
Make sure, you're putting sudo before executing the commands that the users would need to execute.
|
|
|
06-27-2012, 06:16 AM
|
#8
|
Member
Registered: Dec 2010
Location: iran
Posts: 199
Original Poster
Rep:
|
another problem is after adding "stest ALL= NOPASSWD: /sbin/iptables" ,,, the user will have full access to iptables . this is real problem for me.
|
|
|
06-27-2012, 06:21 AM
|
#9
|
Moderator
Registered: Dec 2009
Location: Germany
Distribution: Whatever fits the task best
Posts: 17,148
|
If you don't trust your user enough to give him access to that program then don't give him access to that program. Trust is one of the basic principles of security. In this case you may be have to ask your boss to let a different user make this job.
|
|
|
06-27-2012, 12:18 PM
|
#10
|
Senior Member
Registered: Feb 2002
Location: harvard, il
Distribution: Ubuntu 11.4,DD-WRT micro plus ssh,lfs-6.6,Fedora 15,Fedora 16
Posts: 3,233
|
frankly allowing ANY command to be run as root without challenging for a password is a horribly bad idea, especially in a workplace environment, you will probably get away with doing that on a home computer, but not so much in an office type environment.
it's not just the integrity of said user that you must be able to trust then, but the integrity of that user's account, as well as the vigilance of said user to not walk away from his computer with a logged in, unlocked session as anyone who gains access to that account can gain access to said commands, and could perhaps exploit vulnerabilities in said program to gain more access.
trust me, you WANT the user to be challenged for a password and anyone who can't be bothered to enter a password to perform administrative tasks shouldn't be doing the job.. period.
though i can see not giving carte blanch access to root, which is as mentioned by previous users what sudo is for.
|
|
|
All times are GMT -5. The time now is 01:53 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|