Add NOPASSWD in /etc/sudoers to only some specific commands
Are there any risks for letting the beyond commands to be used with no password?
It is a home computer, with no other users using it, I only use the single default created user when Ubuntu was installed. I would like to don't have to write at all the sudo password for these commands: Code:
echo 100 > /sys/class/backlight/intel_backlight/brightness |
Quote:
|
Thank you Laserbeak,
Some recommendations how to do it from scratch please? If it is not possible or it is a big risk(like having the password stored somewhere in plain text) to never write the password for every each command, maybe at least it is possible to write it only one after boot. Without to have to write it again until the next reboot, or after system sleeps or hibernates for example. Regards. |
Quote:
As root you'd create a file containing: Code:
#!/bin/bash Code:
chmod 4755 /usr/local/bin/bright Make sure /usr/local/bin is in your PATH environment variable. |
Code:
## Same thing without a password Code:
## Same thing without a password |
Quote:
|
Quote:
|
Sudo: you're doing it wrong - PDF @ 171 pages.
Sudo: you're doing it wrong - YouTubeVid @ 1h:11m Get Some! |
Quote:
|
Quote:
For example (totally untested since I don't have Linux, I have Mac OS X): Code:
#include <unistd.h> Piping something would be more complicated: Code:
#include <stdio.h> I have no way to really test these, since I don't have your system. |
Quote:
See the links that Habitual posted for good guidance on getting up to speed with sudo and of course the manual page for sudoers. You'll have to set the exact paths inside sudoers. Here the permissions would apply to the group xpdin: Code:
%xpdin ALL=(root:root) NOPASSWD: /usr/bin/tee /sys/class/backlight/intel_backlight/brightness Code:
echo 100 | sudo tee /sys/class/backlight/intel_backlight/brightness |
Quote:
|
if it is just one user as he stated he could also uses alias in the bashrc
give himself no passwd in sudoers then (example) Code:
alias updateMe="sudo xbps-install -Suy" |
You could also do it in Perl, it definitely allows suid scripts and is usually easier than C.
|
Thank you very much to all for your replies.
Can someone say please, are there any disadvantages or advantages between the next method and the methods from the above posts? Code:
sudo su Code:
/usr/local/bin/scriptname Code:
#!/bin/bash Create Code:
/etc/sudoers.d/scriptname Code:
User_Alias scriptname=username Add at the end of Code:
/etc/sudoers Code:
Code:
chown root:root /etc/sudoers.d/scriptname Code:
sudo /usr/local/bin/scriptname Everywhere when it is written "scriptname", "usernme", "scriptabreviaton" every each of them should be the same. |
I've moved around some of your reply to make it easier to answer.
Quote:
Quote:
Instead of changing both configuration files, I'd put the following in /etc/sudoers.d/scriptname and leave /etc/sudoers alone. Code:
username ALL=(ALL:ALL) NOPASSWD: /usr/local/bin/scriptname |
All times are GMT -5. The time now is 02:55 PM. |