Run command as root

hesisaboury · 06-26-2012, 01:50 PM

Hello,
i want to allow a user execute some commands as root but i dont want user have root password...
for example a batch script that it's commands require root privilege....

any suggestion..

mjmohebbi · 06-26-2012, 02:05 PM

User can run commands, under the /usr/local/bin directory

You must put these commands under this directory. :-)

Didier Spaier · 06-26-2012, 02:07 PM

It is exactly the purpose of the 'sudo' command, see 'man sudo'.

John VV · 06-26-2012, 06:34 PM

as Didier Spaier stated use " sudo"

however NOT all Linux operating systems have sudo set up
redhat and that family ( rhel,cent,sl,fedora,clear,...) do NOT have sudo set up
and in some cases not even installed

so depending on just what os you are using , it might need to be installed or at least configured

hesisaboury · 06-26-2012, 11:28 PM

Thank u all,
i used sudo but still want password for running command.

any suggestion..

John VV · 06-26-2012, 11:41 PM

yes the NORMAL users password
as is set up in the sudoers file
but without knowing what os this is
i have no way of knowing if that file is set up or not

blue_print · 06-26-2012, 11:56 PM

If you want a normal user to execute some commands as root without root password, you will need to edit /etc/sudoers file

use visudo command

For example: If the user stest wants to execute '/sbin/fdisk' and '/sbin/parted', they entry will be like this,

Code:

stest           ALL= NOPASSWD: /sbin/fdisk, /sbin/parted

Make sure, you're putting sudo before executing the commands that the users would need to execute.

hesisaboury · 06-27-2012, 06:16 AM

another problem is after adding "stest ALL= NOPASSWD: /sbin/iptables" ,,, the user will have full access to iptables . this is real problem for me.

TobiSGD · 06-27-2012, 06:21 AM

If you don't trust your user enough to give him access to that program then don't give him access to that program. Trust is one of the basic principles of security. In this case you may be have to ask your boss to let a different user make this job.

frieza · 06-27-2012, 12:18 PM

frankly allowing ANY command to be run as root without challenging for a password is a horribly bad idea, especially in a workplace environment, you will probably get away with doing that on a home computer, but not so much in an office type environment.

it's not just the integrity of said user that you must be able to trust then, but the integrity of that user's account, as well as the vigilance of said user to not walk away from his computer with a logged in, unlocked session as anyone who gains access to that account can gain access to said commands, and could perhaps exploit vulnerabilities in said program to gain more access.

trust me, you WANT the user to be challenged for a password and anyone who can't be bothered to enter a password to perform administrative tasks shouldn't be doing the job.. period.

though i can see not giving carte blanch access to root, which is as mentioned by previous users what sudo is for.