I need to run a command as "some_user" without being asked for the password, so I type:
$ sudo visudo
Adding this line does work:
some_user ALL=NOPASSWD: ALL
But adding this line (with only the specific command "whitelisted") does not work:
some_user ALL=NOPASSWD: /etc/init.d/"some_service start"
$ sudo /etc/init.d/"some_service start"
...will still ask for the password.
What am I doing wrong?
EDIT: Corrected (but this still asks for password)
some_user ALL=NOPASSWD: /etc/init.d/"some_service start"
$ sudo /etc/init.d/some_service start
The problem is with the quotes, both on the command line and in the sudoers file. The quotes make sudo and the shell think that there should be a file in /etc/init.d named "some_service start", rather than seeing start as an argument to /etc/init.d/some_service.
Related
I have incron setup and working, i can see things being logged when files are changed.
I've tried my rsync command separately and that works fine. But when rsync in triggered by incron, nothing happens. i explicitly stated all the paths i could see.
here is my incrontab -e
/home/dir/dir/ IN_MODIFY sudo rsync -pogr -e 'ssh -i /root/.ssh/rsasync1' /home/dir/dir/* root#ipaddress:/home/dir/dir/
i'm working as root right now and executing the command as root. also tried /usr/bin/rsync and that didn't work in addition to sudo rsync etc...
thanks!
Try this in incrontab:
/home/dir/dir/ IN_MODIFY sudo rsync -pogr -e ssh -i /root/.ssh/rsasync1 /home/dir/dir/* root#ipaddress:/home/dir/dir/
In above command I have removed the quotes. Incrontab can not run with Single quote OR double quote.
Remember: Pleas keep the quote while executing in terminal.
My sudoers file is seemingly ignored. I appended these two lines via vim (sudo visudo):
theonlygusti ALL=(ALL) NOPASSWD: /usr/sbin/networksetup -setsocksfirewallproxy
theonlygusti ALL=(ALL) NOPASSWD: /usr/sbin/networksetup -setsocksfirewallproxystate
but when I run either command I am prompted to type a password:
$ sudo -n networksetup -setsocksfirewallproxy "Wi-Fi" localhost 3000
sudo: a password is required
The sudoers file only looks for exactly the command you give it. You are trying to run it with extra parameters that are not defined in the sudoers file; That is why you are getting prompted for a password.
Try something like this:
theonlygusti ALL = NOPASSWD : /usr/sbin/networksetup -setsocksfirewallproxy *, /usr/sbin/networksetup -setsocksfirewallproxystate *
I would like to automate a build - for now, during my development, so no security stuff involved.
I have created a script that moves libs to /usr/local/lib and issues ldd command.
These things require sudo.
Running the script from the builder (Qt Creator), I am not prompted to enter my sudo password, and I get the error
sudo: no tty present and no askpass program specified
Sorry, try again.
I have found a few solutions to this but it just did not work... what am I missing ?
Exact code:
in myLib.pro
#temporary to make my life easier
QMAKE_POST_LINK = /home/me/move_libs_script
in move_libs_script:
#!/bin/bash
sudo cp $HOME/myLib/myLib.so.1 /usr/local/lib/
sudo ldconfig
I did as suggested by the answer above: edited visudo and added the script... even added qmake...
sudo visudo
added at the end:
me ALL=NOPASSWD: /home/me/move_libs_script, /usr/bin/qmake-qt4
It saved file: /etc/sudoers.tmp (and doing the command sudo visudo again I saw that my changes were kept so I am not sure what is with the tmp)
Still same errors
sudo: no tty present and no askpass program specified
Sorry, try again.
sudo: no tty present and no askpass program specified
Sorry, try again.
sudo: no tty present and no askpass program specified
Sorry, try again.
sudo: 3 incorrect password attempts
sudo: no tty present and no askpass program specified
Sorry, try again.
sudo: no tty present and no askpass program specified
Sorry, try again.
sudo: no tty present and no askpass program specified
Sorry, try again.
sudo: 3 incorrect password attempts
Edit: after asking the question I found a suggested similar question:
https://stackoverflow.com/a/10668693/1217150
So I tried to add a custom step...
Result:
09:50:03: Running build steps for project myLib...
09:50:03: Could not start process "ssh-askpass Sudo Password | sudo -S bash ./move_libs_script"
Error while building project myLib (target: Desktop)
When executing build step 'Custom Process Step'
(if I run from terminal I get asked for password)
New edit: so I thought I can outsmart the system and call a script that calls my script...
myLib.pro
QMAKE_POST_LINK = /home/me/sudo_move_libs_script
sudo_move_libs_script:
#!/bin/bash
ssh-askpass Sudo Password | sudo -S bash $HOME/move_libs_script
got it !!! I will post as answer i guess
New edit as answer to comment:
in mainExe.pro:
QMAKE_POST_LINK = ./link_lib
in link_lib:
#!/bin/sh
LD_LIBRARY_PATH=$HOME/myLib
export LD_LIBRARY_PATH
Result: Executable fails because the lib is not to be found (of course before testing I emoved the copy from /usr/local/lib)
Solution 1:
To run the command I needed with sudo from Qt, and be asked for password
myLib.pro
QMAKE_POST_LINK = /home/me/sudo_move_libs_script
sudo_move_libs_script:
#!/bin/bash
ssh-askpass Sudo Password | sudo -S bash $HOME/move_libs_script
move_libs_script:
#!/bin/bash
cp $HOME/myLib/myLib.so.1 /usr/local/lib/
ldconfig
Solution 2
Avoid using sudo: run a custom executable from Qt Creator (just like I would when project is deployed) - I can execute my program with correct dependency. Unfortunately it does not work for debug.
In the Run Configuration, place a script "dummy_executable" instead the app executable:
dummy_executable:
#!/bin/sh
LD_LIBRARY_PATH=$HOME/myLib
export LD_LIBRARY_PATH
$HOME/myExec/myExec "$#
This method is great for running the program ... unfortunately gdb fails... I think it tries to debug the shell script ? So it won't work if I try to step through my program.
Choosing Solution 1, because it has advantages: allows me to build and debug the program, which is what I really need, and with the dependencies set I get the library built before running the program - which is perfect.
Thank you Etan Reisner
I want to write a shell script to automate a series of commands. The problem is some commands MUST be run as superuser and some commands MUST NOT be run as superuser. What I have done so far is something like this:
#!/bin/bash
command1
sudo command2
command3
sudo command4
The problem is, this means somebody has to wait until command1 finishes before they are prompted for a password, then, if command3 takes long enough, they will then have to wait for command3 to finish. It would be nice if the person could get up and walk away, then come back an hour later and be done. For example, the following script has this problem:
#!/bin/bash
sleep 310
sudo echo "Hi, I'm root"
sleep 310
sudo echo "I'm still root?"
How can I make it so that the user can just enter their password once, at the very start, and then walk away?
Update:
Thanks for the responses. I'm running on Mac OS X Lion and ran Stephen P's script and got different results: (I also added $HOME)
pair#abbey scratch$ ./test2.sh
uid is 501
user is pair
username is
home directory is /Users/pair
pair#abbey scratch$ sudo ./test2.sh
Password:
uid is 0
user is root
username is root
home directory is /Users/pair
File sutest
#!/bin/bash
echo "uid is ${UID}"
echo "user is ${USER}"
echo "username is ${USERNAME}"
run it: `./sutest' gives me
uid is 500
user is stephenp
username is stephenp
but using sudo: sudo ./sutest gives
uid is 0
user is root
username is stephenp
So you retain the original user name in $USERNAME when running as sudo. This leads to a solution similar to what others posted:
#!/bin/bash
sudo -u ${USERNAME} normal_command_1
root_command_1
root_command_2
sudo -u ${USERNAME} normal_command_2
# etc.
Just sudo to invoke your script in the first place, it will prompt for the password once.
I originally wrote this answer on Linux, which does have some differences with OS X
OS X (I'm testing this on Mountain Lion 10.8.3) has an environment variable SUDO_USER when you're running sudo, which can be used in place of USERNAME above, or to be more cross-platform the script could check to see if SUDO_USER is set and use it if so, or use USERNAME if that's set.
Changing the original script for OS X, it becomes...
#!/bin/bash
sudo -u ${SUDO_USER} normal_command_1
root_command_1
root_command_2
sudo -u ${SUDO_USER} normal_command_2
# etc.
A first stab at making it cross-platform could be...
#!/bin/bash
#
# set "THE_USER" to SUDO_USER if that's set,
# else set it to USERNAME if THAT is set,
# else set it to the string "unknown"
# should probably then test to see if it's "unknown"
#
THE_USER=${SUDO_USER:-${USERNAME:-unknown}}
sudo -u ${THE_USER} normal_command_1
root_command_1
root_command_2
sudo -u ${THE_USER} normal_command_2
# etc.
You should run your entire script as superuser. If you want to run some command as non-superuser, use "-u" option of sudo:
#!/bin/bash
sudo -u username command1
command2
sudo -u username command3
command4
When running as root, sudo doesn't ask for a password.
If you use this, check man sudo too:
#!/bin/bash
sudo echo "Hi, I'm root"
sudo -u nobody echo "I'm nobody"
sudo -u 1000 touch /test_user
Well, you have some options.
You could configure sudo to not prompt for a password. This is not recommended, due to the security risks.
You could write an expect script to read the password and supply it to sudo when required, but that's clunky and fragile.
I would recommend designing the script to run as root and drop its privileges whenever they're not needed. Simply have it sudo -u someotheruser command for the commands that don't require root.
(If they have to run specifically as the user invoking the script, then you could have the script save the uid and invoke a second script via sudo with the id as an argument, so it knows who to su to..)
I need to run node on my Ubuntu machine with sudo access. The directory of node is in the sudo path but when trying to run it i get a command not found. I can explicitly call node which does work.
//works
node
>
which node
/root/local/node/bin/node
echo sudo $PATH
sudo /root/local/node/bin:/usr/bin/node:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
sudo node --version
sudo: node: command not found
//explicitly calling it works
sudo node /root/local/node/bin
>
Um, I don't think there's such a thing as a "sudo path" - your second command there is just echoing "sudo" followed by your regular path. In any case, if you're running things with sudo you really, really should not depend on a path - you should give the explicit pathname for every command and file argument whenever possible, to minimize security risks. If sudo doesn't want to run something, you need to use visudo to add it to /etc/sudoers.