Execute root command with no root user avoiding password prompt - linux

I have a script.sh file executing the following command:
chown -R apache:apache /var/www/html/my/data
If i try to execute with a non-root user (username = marco), the prompt password halts the script waiting for the input.
I'm trying to configure the /etc/sudoers file adding the following lines, but with none of them works and I'm always prompted for sudo password:
marco ALL=(ALL:ALL) NOPASSWD:/my/directory/structure/script.sh
marco ALL=(ALL) ALL
Any clue?
Thank you.

If you only need root permission to run chown, then there is no need to give the whole script root permissions. Place in the script:
sudo chown -R apache:apache /var/www/html/my/data
And, using sudoedit, add the line:
marco ALL=(ALL:ALL) NOPASSWD:chown -R apache:apache /var/www/html/my/data

Related

How to add sudo user on solaris?

I am using Solaris 11 , I have added user to sudo user file ( /etc/sudoers) , still its prompting for password.
arcsys#solaris:~$ sudo -l
User arcsys may run the following commands on solaris:
(ALL) NOPASSWD: /usr/bin/cat
(ALL) ALL
arcsys#solaris:~$ sudo cat /etc/sudoers
Password:
I am not able to understand that what is wrong here?
Any help is appreciated.
The command you need to execute is:
sudo /usr/bin/cat /etc/sudoers
sudo is strict when you have configured the full path to the program(s)
As root, run:
visudo
and check to make sure your username is added
root ALL=(ALL:ALL) ALL
arcsys ALL=(ALL:ALL) ALL
Save, and quit, then run:
sudo "command"
The system will prompt you for YOUR password. If you have the proper access, it will run. If not, you will need to run visudo either as root, or by running sudo visudo.

how to run a shell script as different user without promting password

I have a shell script moveInvoice.sh with chmod 777 permission as user test1 and all other scripts are under user test2.
Now I need to call moveInvoice.sh from test2 I tried following
sudo -c
sudo -u
But all are giving permission denied. Is there any other way to make it run with test2 user ?
once manually I am able to execute then I need to put this in crontab
You can set up a user on Linux to be able to run sudo without a password by adding a NOPASSWD option in visudo.
run sudo visudo as root and then add your user under privilege specification as SOMEUSER ALL=(ALL) NOPASSWD: ALL.
now, SOMEUSER will be able to run sudo commands without a password.

Not able to create a directory using sudo -u username mkdir /var/log/test

I am unable to create a directory using sudo priveleges from root user and If I login to user , I can create an directory under /root using sudo. Also I have added to allow all commands in /etc/sudoers file and the details are below:
[root#linux home]# cat /etc/sudoers | grep tes
test ALL= NOPASSWD: ALL
Error
[root#linux home]# sudo -u test mkdir /var/log/test3
mkdir: cannot create directory ‘/var/log/test3’: Permission denied
Any Ideas ?
Thanks
By running 'sudo -u test', you're giving yourself lower privileges than the roor user because you're running the command as the user 'test', not 'root'. From the root user, you can just run:
mkdir /var/log/test3
Read man sudo for more info.
Or:
Run visudo and uncomment the wheel group, then add the user test to the wheel group.
If you don't mind me asking, why do you need to create a directory as a certain user from the root user? Especially since the directory you're making will not be user specific?
Also, in the sudoers file , you should what added test ALL=(ALL) NOPASSWD: ALL, not test ALL= NOPASSWD: ALL

sudoers NOPASSWD: sudo: no tty present and no askpass program specified

I have added a user like this:
$ adduser --system --home /no/home --no-create-home --group --disabled-password --disabled-login testuser
Added a user to a group:
$ adduser testuser testgroup
added lines to sudoers (visudo):
testuser ALL=(ALL) NOPASSWD: ALL
%testgroup ALL=(ALL:ALL) NOPASSWD: ALL
When I try to run the bash script with the following content:
#!/bin/sh
sudo -u testuser /usr/bin/php /usr/local/bin/script.php
But when I run this script, I get the error in the log:
sudo: no tty present and no askpass program specified
Edit: requiretty is not in the sudoers file.
sudo permissions are about the user/group you are changing from not the user you are changing to.
So are those permission lines are letting the testuser user and the testgroup group run any command (as anyone) without a password.
You need to give permission to the user running the script to run commands as the testuser user for what you want.
Assuming that's what you meant to allow that is.
That error occurs when your sudoers file specifies requiretty. From the sudoers manpage:
requiretty If set, sudo will only run when the user is
logged in to a real tty. When this flag is set,
sudo can only be run from a login session and not
via other means such as cron(8) or cgi-bin scripts.
This flag is off by default.
To fix your error, remove requiretty from your sudoers file.
I fixed it by login to the server and append the following lines to the ssh-server configuration:
> vim /etc/ssh/sshd_config
Match User <your user name>
PermitTTY yes
So I don't need the -t options permanently.

How to make passwordless switch to another user in a shell script

I want to su from hadoopmaster to hduser. When I do it on the terminal, I do:
su - hduser
which then asks me for the password and I enter it and I get in to hduser. How can I do the same in a shell script without having to worry about the password? I tried the sudoers file method where I put:
root ALL=(ALL:ALL) ALL
hduser ALL=(ALL:ALL) ALL
hadoopmaster ALL=(ALL:ALL) NOPASSWD: /bin/su hduser
(here I tried different combinations of the line with and without the '-' and also
with and without /bin)
I did this and when I do su hduser or su - hduser, it prompts me for the password again. What do I do?
You don't use "su" with the sudoers file, you need to use "sudo". So, you'd want a command line like:
sudo su - hduser
which would do want you want, provided you had the appropriate lines in the sudoers file. A line like this:
hadoopmaster ALL=(ALL:ALL) NOPASSWD: su - hduser
should do the trick.
I have add user= ranjith on /etc/sudoers file like,
ranjith ALL=(ALL) NOPASSWD: ALL
Now we can use,
"sudo, sudoedit - execute a command as another user"
[ranjith#ranjith ~]$ sudo -i
# id
uid=0(root) gid=0(root) groups=0(root)
Its working for me and Now i can login to root from my local user "ranjith" directly.

Resources