I have added a user like this:
$ adduser --system --home /no/home --no-create-home --group --disabled-password --disabled-login testuser
Added a user to a group:
$ adduser testuser testgroup
added lines to sudoers (visudo):
testuser ALL=(ALL) NOPASSWD: ALL
%testgroup ALL=(ALL:ALL) NOPASSWD: ALL
When I try to run the bash script with the following content:
#!/bin/sh
sudo -u testuser /usr/bin/php /usr/local/bin/script.php
But when I run this script, I get the error in the log:
sudo: no tty present and no askpass program specified
Edit: requiretty is not in the sudoers file.
sudo permissions are about the user/group you are changing from not the user you are changing to.
So are those permission lines are letting the testuser user and the testgroup group run any command (as anyone) without a password.
You need to give permission to the user running the script to run commands as the testuser user for what you want.
Assuming that's what you meant to allow that is.
That error occurs when your sudoers file specifies requiretty. From the sudoers manpage:
requiretty If set, sudo will only run when the user is
logged in to a real tty. When this flag is set,
sudo can only be run from a login session and not
via other means such as cron(8) or cgi-bin scripts.
This flag is off by default.
To fix your error, remove requiretty from your sudoers file.
I fixed it by login to the server and append the following lines to the ssh-server configuration:
> vim /etc/ssh/sshd_config
Match User <your user name>
PermitTTY yes
So I don't need the -t options permanently.
Related
I am using Solaris 11 , I have added user to sudo user file ( /etc/sudoers) , still its prompting for password.
arcsys#solaris:~$ sudo -l
User arcsys may run the following commands on solaris:
(ALL) NOPASSWD: /usr/bin/cat
(ALL) ALL
arcsys#solaris:~$ sudo cat /etc/sudoers
Password:
I am not able to understand that what is wrong here?
Any help is appreciated.
The command you need to execute is:
sudo /usr/bin/cat /etc/sudoers
sudo is strict when you have configured the full path to the program(s)
As root, run:
visudo
and check to make sure your username is added
root ALL=(ALL:ALL) ALL
arcsys ALL=(ALL:ALL) ALL
Save, and quit, then run:
sudo "command"
The system will prompt you for YOUR password. If you have the proper access, it will run. If not, you will need to run visudo either as root, or by running sudo visudo.
I have a shell script moveInvoice.sh with chmod 777 permission as user test1 and all other scripts are under user test2.
Now I need to call moveInvoice.sh from test2 I tried following
sudo -c
sudo -u
But all are giving permission denied. Is there any other way to make it run with test2 user ?
once manually I am able to execute then I need to put this in crontab
You can set up a user on Linux to be able to run sudo without a password by adding a NOPASSWD option in visudo.
run sudo visudo as root and then add your user under privilege specification as SOMEUSER ALL=(ALL) NOPASSWD: ALL.
now, SOMEUSER will be able to run sudo commands without a password.
There are absolutely no good, straight forward answers for this. The question is simple:
How do I force linux to ask for my password when I type sudo su?
If I understand correctly, you may have a mis-configured /etc/sudoers file.
Some user or group of users may be configured in there to be able to run "su" or even all commands without providing password.
check inside the file if it contains lines with "NOPASSWD" in them, for example with:
sudo cat /etc/sudoers |grep NOPASSWD
if inside the file you have something similar to one of below lines(the most important part would be from start of "NOPASSWD" to the right):
someuser ALL= NOPASSWD: /bin/su
ALL ALL= NOPASSWD: /bin/su
someuser ALL= NOPASSWD: ALL
%wheel ALL=(ALL) NOPASSWD: ALL
then probably it would be the culprit.
You would have to remove that line/lines from the file (or only the "NOPASSWD:" part of it if you want the user/group to still be able to use sudo su with password), or comment them out using # at the start of line using visudo editor:
sudo visudo
you can see and edit your sudo configuration file with the command sudo visudo as following :-
Allows people in group wheel to run all commands
%wheel ALL=(ALL) ALL
Allows people in group nopwd to run all commands without a password
%nopwd ALL=NOPASSWD : ALL
Your current user is probably member of a privileged group that enables him to enter sudo commands without password.In previous example you can see members of group wheel can execute any command but will ask for password but members of group nopwd wont prompet for password.
Use -k (--reset-timestamp):
sudo -k su
Also, what you are trying to achieve, can be achieved with sudo alone, no need for redundant su:
sudo -ks
If you are looking for a login shell session:
sudo -ki
I want to su from hadoopmaster to hduser. When I do it on the terminal, I do:
su - hduser
which then asks me for the password and I enter it and I get in to hduser. How can I do the same in a shell script without having to worry about the password? I tried the sudoers file method where I put:
root ALL=(ALL:ALL) ALL
hduser ALL=(ALL:ALL) ALL
hadoopmaster ALL=(ALL:ALL) NOPASSWD: /bin/su hduser
(here I tried different combinations of the line with and without the '-' and also
with and without /bin)
I did this and when I do su hduser or su - hduser, it prompts me for the password again. What do I do?
You don't use "su" with the sudoers file, you need to use "sudo". So, you'd want a command line like:
sudo su - hduser
which would do want you want, provided you had the appropriate lines in the sudoers file. A line like this:
hadoopmaster ALL=(ALL:ALL) NOPASSWD: su - hduser
should do the trick.
I have add user= ranjith on /etc/sudoers file like,
ranjith ALL=(ALL) NOPASSWD: ALL
Now we can use,
"sudo, sudoedit - execute a command as another user"
[ranjith#ranjith ~]$ sudo -i
# id
uid=0(root) gid=0(root) groups=0(root)
Its working for me and Now i can login to root from my local user "ranjith" directly.
I'm trying to change system time via a script.
Basically the command date -s "<date>" doesn't work since I run the command as user www-data. Although I edited /etc/sudoers file to give root privileges to the user www-data, I still can't change or set time.
What could be the reason?
After editing a /etc/sudoers, do a
sudo date -s
command. This will do the actual date command from "Root" user.
Just edit of /etc/sudoers is not enough, because it will not give a root to user, but it will give a capability to became root from user using sudo utility.
type
sudo visudo
add the next command
<username> ALL=(ALL) NOPASSWD: /bin/date
or
<username> ALL=(ALL) NOPASSWD: /usr/bin/timedatectl
now you can edit your time from the specific account without password like
sudo timedatectl set-time <datetime>
Also should note that line
Default requiretty
should becommented in sudoers file. Otherwise you will get a message to STDERR, saying
sudo: sorry, you must have a tty to run sudo
when trying to invoke the script from outer world.
This was a problem in my case.