If the target user's login shell is not /bin/bash then adjust the above line accordingly. As a result, non-root users can enter such commands without logging in to the root user account. user1 ALL=(user2) NOPASSWD: /bin/bash -c /usr/local/bin/script.sh Managing sudo access System administrators can grant sudo access to allow non-root users to execute administrative commands that are normally reserved for the root user. Therefore you must not include -l in sudoers. sudo sets $0 to -bash and the leading dash is what makes this bash a login shell. Note there is no -l that would force a login shell. Sudo without Password echo sudo tee /etc/sudoers.d/oz-user sudo sed -i s/Defaults requiretty/Defaults requiretty/ /etc/sudoers sudo sed -i s/. This is the command you want to allow with NOPASSWD in sudoers file. ![]() Open /etc/sudoers.d/custom and write the following: user-a ALL (user-b:user-b) NOPASSWD:ALL Which means: whenever user-a executes sudo -u user-b (or any other variant), let him go without asking for password. You tried to do: sudo -i -u user2 /usr/local/bin/script.shĪssuming the target user's shell is bash, the command that your sudo run was like: /bin/bash -c /usr/local/bin/script.sh 1 Answer Sorted by: 11 su is not meant to do that - sudo is. If no command is specified, an interactive shell is executed. The command and any arguments are concatenated, separated by spaces, after escaping each character (including white space) with a backslash ( \) except for alphanumerics, underscores, hyphens, and dollar signs. If a command is specified, it is passed to the shell as a simple command using the -c option. This means that login-specific resource files such as. Run the shell specified by the target user's password database entry as a login shell. #includedir ls like setting the target user's ENV variables in the script itself is the only option but updating script is my last option, hence looking for a better/alt solution. User1 ALL=(user2) NOPASSWD: /usr/local/bin/script.sh My setup: egrep "^|^#include" /etc/sudoersĭefaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin" So my query is how could I run sudo -i without password prompt. linux - How to allow a normal user to kill a certain root application in visudo with no password - Stack Overflow I wanna allow a normal user to kill a certain application which is started by root user. The problem is that it prompts for password which is a problem for automation. Now try to execute a few commands and see. Run Specific Sudo Commands Without Password. Replace rubaiat with your username to stop Linux from asking the sudo password ever again. alice ALL (ALL) NOPASSWD: /bin/systemctl start mariadb. Once you've opened the sudoers list, go to the bottom of the file and add the following line. Then I tried below - sudo -i -u user2 /usr/local/bin/script.shīut it asks for the password, if I type in the password then the script runs just fine. To allow user Alice to execute a single specific sudo command without entering a password, you need to use the following line to the sudoers file. I saw as the only solution to put sudo INSIDE script.sh. It runs but a part of actual execution fails becoz of user2 's environment is NOT set. Use sudo without password INSIDE a script Ask Question Asked 8 years, 9 months ago Modified 2 months ago Viewed 122k times 54 For some reason I need, as user, to run without sudo a script script.sh which needs root privileges to work. Edit the /etc/sudoers file on CentOS: sudo visudo Run /usr/sbin/rebootcommand without password on CentOS: marlena ALL NOPASSWD: /usr/bin/reboot Save and exit the file. To allow a user ( aaronkilik in the example below) to run all commands using sudo without a password, open the sudoers file: $ sudo visudoĪnd add the following line: aaronkilik ALL=(ALL) NOPASSWD: ALLįor the case of a group, use the % character before the group name as follows this means that all member of the sys group will run all commands using sudo without a password.Codename: user1 and need to run a script as user2 and there must NOT be any password prompt.Īdded below line to sudoers (using visudo of course) user1 ALL=(user2) NOPASSWD: /usr/local/bin/script.shĪnd then I ran the below command as user1 sudo -u user2 /usr/local/bin/script.sh command_list – list of commands or a command alias to be run by user(s) using sudo. ![]() Use this FREE security cheatsheet to not.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |