I want to keep my system (and all installed packages) "always" on the latest version and therefore I'm thinking about creating special user for auto-updates. This user would get a cron-job which performs sudo apt-get update -y && sudo apt-get upgrade -y once a week.
Since this should be done automatically I'd like to edit the /etc/sudoers file (with sudo visudo of course) so that this user never gets a password prompt for these two commands.
However the only solution I found so far is to disable the password prompt only for apt-get but not for specific sub commands.
Since I want to keep it as safe as possible I'd need a way to ONLY allow update & upgrade, no other sub-commands of apt-get.
And yes, I'd also disable the execution of any other command via sudo, just to be on the safe side.
Is there any way to achieve this or is the only way to allow the execution of apt-get without password prompts (thus also allowing apt-get install)?
I'm using the Debian based distro Raspbian.
Thanks for any help!
Make a script wrapper for apt-get update and apt-get upgrade, something like this:
#!/bin/sh
apt-get update $#
and allow it in sudoers with NOPASSWD.
But need to say that I'm not really sure that it's impossible to execute some shell command using apt-get update or apt-get upgrade, so not sure that allowing to run them as root for a non-root user is secure enough.
Related
There are ways to automatically answer -y in bash commands for example like
RUN apt-get install -y nodejs
but I'm having this case I want to run
dpkg --install someDebianpackage.deb && apt install --assume-yes --fix-broken
It actually answers y for the immediate prompt given by it but in the later stage it asks me to configure geographic are with answer 6
and after that again I want to answer the command with 20 for the city corresponding to timezone
and then again with answer 31 and then 1 as same as above for different questions.
What I want to know is to run this command as single command in a non-interactive way. ( I'm hoping to make a docker file and put the above command along with some other commands that can be chained with && in a RUN Command for example like
RUN apt-get update && apt-get install sudo && "the above command along with their answers" && "some other command"
I would highly appreciate some guidance over this
Technically, you can auto-answer prompts with a tool like expect. However, that's usually much more difficult than getting the program to stop asking you questions.
I'm not sure why apt is asking for your timezone, but I suspect that you're pulling in the tzdata package somehow, which wants to configure your timezone. To avoid these questions, you should set the frontend to non-interactive:
To run dpkg (behind other tools like Apt) without interactive
dialogue, you can set one environment variable as
DEBIAN_FRONTEND=noninteractive
(Source.)
In a Dockerfile, you can set an environment variable like this:
ENV DEBIAN_FRONTEND=noninteractive
I've seen two ways to install packages,for example,squid on CentOS:
1.yum -y install squid
2.yum install squid
can anyone tell me what's the difference between them ?
also, I'm using CentOS v.6.6
If you supply -y it automatically chooses "yes" for future questions, i.e. are you sure you want to install squid? [Y/n]?.
It is handy if the installation takes a long time and asks multiple questions, which happens when you install multiple programs at once. In that case, having to type enter every now and again for the process to continue can be annoying.
For a full list of yum options and their definitions take a look at the help message for yum:
yum -h
With -y option, yum will install specified package along with its dependent package without asking for confirmation.
Without -y option, yum will show information related to specified package and its dependent packages and will ask for confirmation to install.
-y option will be useful if package is going to be installed through some scripts.
when you install, for example, dconf-editor,
you type,
sudo apt-get install -y dconf editor
What does -y options mean?
From the man pages:
-y, --yes, --assume-yes
Automatic yes to prompts. Assume "yes" as answer to all prompts and
run non-interactively. If an undesirable situation, such as changing a
held package or removing an essential package, occurs then apt-get
will abort.
In the command, sudo apt-get install -y dconf editor , it means that if the installation requires user to answer a yes/no question, assume it to be 'yes'.
View image e.g. https://taufanlubis.files.wordpress.com/2008/11/lsdev01.png
In general '-y' is a option used in many Linux terminal commands.
Details:
-y, --yes, --assume-yes
Automatic yes to prompts. Assume "yes" as answer to all prompts and run non-interactively. If an undesirable situation, such as changing a held package or removing an essential package, occurs then apt-get will abort.
I am writing a script (Ubuntu) to perform:
sudo apt-get update
followed by installation of some libs. My question is :
**is there a way to check the requirement of performing apt-get update? Because running update takes some time. **
It seems not possible. However, I thought perhaps someone know a trick.
When I install packages in linux environment I can set the automatic 'yes' option, for example
yum -y install ...
or
apt-get -y install...
Is there a way to do the same but for ".run" programs. For example as,
sudo sh a.run -y
So that whenever it asks yes/no it automatically selects yes, whenever it asks for ok/cancel it selects ok, and so on...
thanks a lot in advance!!!
No, a .run command is simply a set of commands that are going to be run by sh. A particular .run file might take a -y option but in general you can't count on it. If you need to automate some stuff, consider using Expect.