I had been trying to clear cache in a remote server and i got these commands.
First login as root user and execute
sync; echo 3 > /proc/sys/vm/drop_caches
But I had to automate this in a script, so i used this
ssh user#ipaddress "sudo su; sync; echo 3 > /proc/sys/vm/drop_caches";
But I am not able to get the root user privileges by sudo su and I thought removing sudo su and instead use
ssh user#ipaddress "sudo sync;sudo echo 3 > /proc/sys/vm/drop_caches";
But this says it dose'nt have enough permissions.
What am I missing??
When you do this sudo echo 3 > .... only echo will be with "sudo" user permissions, redirection is with current user.
try something like this :
ssh user#ipaddress "sudo sh -c \"sync; echo 3 > /proc/sys/vm/drop_caches\"";
Use tee as an alternate to redirection that works well with sudo:
ssh user#ipaddress 'echo 3 | sudo tee /proc/sys/vm/drop_caches > /dev/null'
The redirection to /dev/null is optional, if you want to avoid "3" being echoed to your terminal as well.
Also If you experience this message
>> sudo: sorry, you must have a tty to run sudo
as I had, you can fix it by editing /etc/sudoers and comment Defaults requiretty -> #Defaults requiretty.
Related
Reading the sudo man page, I see that the -v flag can be used to check if the user has sudo privileges in his workstation. I have a piece of script that needs to test it. If the user has not sudo privileges, it prints on screen:
Sorry, user tester may not run sudo on debian.
How can I suppress this message and just execute the rest of the code?
Try to append >/dev/null in your command. In case the message is printed in stderr then use 2>/dev/null or as advised in comments use &>/dev/null to redirect both stdout and stderr to null.
Using sudo -l or --list
As per the man page, sudo can be used with -l or --list to get the list of allowed and forbidden commands for any particular user.
The syntax would be: sudo -l [-AknS] [-a type] [-g group] [-h host] [-p prompt] [-U user] [-u user] [command]
If we use sudo --list without any arguments, then it will print the list of allowed and forbidden commands for the user who is executing the sudo command
sudo --list
User root may run the following commands on client:
(ALL) ALL
Depends on what you mean by "can user sudo"
Short answer:
If can_auto_sudo=$(sudo -l -n sudo &>/dev/null; echo $?) is 0, you can sudo as much as you want.
Long Answer
Do you need to test before or can you just handle error cases?
How much do you need to know, the sudoers real username is a valid piece of data to want, for example.
This question is often asking several different but related questions. So I will ask those more precisely and then answer for each.
1. Is this script being run using sudo?
[ $EUID -eq 0 ] || exit 1 # Exit if not effectively root
2. Can this user run a specific command as root using sudo?
sudo -l /usr/bin/program &>/dev/null || exit 2 # Exit if it can't run this as sudo
3. Can this user run sudo without interacting?
sudo -l -n /usr/bin/program &>/dev/null || exit 3 # Exit if requires interaction
4. Can I check all that ahead of time?
`sudo -ll -U $USER # tells you which commands can be runs with sudo by user (have to parse yourself)
5. Script being run with sudo or actually root?
[[ "$(printenv SUDO_USER)" = "" ]] || echo "$SUDO_USER is sudoing!" && exit 5
I have script.sh that must be run as user2. However, this script can only be run under user1 in my application.
I would like the following command to run:
su user2 -C script.sh
but be able to run without password.
I also want this to be very restrictive, as in user1 can only run script.sh under user2 and nothing else.
I've tried doing this with sudoers file and just got endlessly confused after hours of trying.
If somebody can provide an explicit example of how this can be accomplished (instead of something generic like use sudoers), it would be greatly appreciated.
try running:
su -c "Your command right here" -s /bin/sh username
This will run the command as username given that you have permissions to sudo as that user.
Call visudo and add this:
user1 ALL=(user2) NOPASSWD: /home/user2/bin/test.sh
The command paths must be absolute! Then call sudo -u user2 /home/user2/bin/test.sh from a user1 shell. Done.
`su -c "Your command right here" -s /bin/sh username`
The above command is correct, but on Red Hat if selinux is enforcing it will not allow cron to execute scripts as another user. example;
execl: couldn't exec /bin/sh
execl: Permission denied
I had to install setroubleshoot and setools and run the following to allow it:
yum install setroubleshoot setools
sealert -a /var/log/audit/audit.log
grep crond /var/log/audit/audit.log | audit2allow -M mypol
semodule -i mypol.p
I need to run a command under su and sudo at the same time and redirect the output.
To do it manually the command I use is:
sudo su - user1
and then run the command I need from the prompt.
I've worked out the syntax to pipe the command I need into su:
su - user1 -c "more .ssh/authorized_keys" > scratch/output.txt
...but don't know how to get the sudo in as well.
I was hoping I could type something like:
sudo su - user1 -c "more .ssh/authorized_keys" > scratch/output.txt
...and then getting really clever do something like:
echo "$pw" | sudo su - user1 -c "more .ssh/authorized_keys" > scratch/output.txt
...to pipe in the password as well.
I've only been using Linux for a few weeks (I'm a VB programmer normally).
Thanks
Kristian
I have this:
su $username -c ./script.sh
The problem is that within script I have 'sudo' commands and they says me
sudo: no tty present and no askpass program specified
How to do this right?
UPD: I need both sudo and su. What I need to do is run script as USER $username and be able to run certain commands within script as root (for example, pacman -S)
SOLUTION: I've added NOPASSWD option to /etc/sudoers before running script and delete this entry using sed after script finished.
First set chmod +x to your scripts
try:
#!/bin/bash
echo "hello"
su - <your-user> -c /path/to/script.sh
echo "good bye"
UPDATE:
You should find a way to force bash to use pseudo-tty
Force pseudo-tty allocation. This can be used to execute arbitrary screen-based programs on a remote machine, which can be very useful, e.g. when implementing menu services. Multiple -t options force tty allocation, even if ssh has no local tty.
If the user is not as sudoers do the following steps:
This is what you need to do in /etc/sudoers:
# User privilege specification
root ALL=(ALL:ALL) ALL
newuser ALL=(ALL:ALL) ALL
you have also ways to do:
you can pipe password if it has password:
echo "yourpassword" | sudo -S
OR
You can run the following script:
#!/usr/bin/expect -f
spawn sudo -s <<EOF
expect "assword for username:"
send -- "user-password\r"
expect eof
Also you can do that:
sudo -kS bash - << EOF
password
whoami
echo "Not a good idea to have a password encoded in plain text"
EOF
I am writing a simple shell script which changes the mac address of the network hardware.
One of the line is :
sudo ifconfig eth0 hw ether 00:99:99:00:00:00
My problem is with sudo the script prompts for password. Is there any way that I could do this without prompting the user for password ???
Most definitely, if you don't mind making that particular command 'free for use' for that particular user:
See basically my other answer here: Shell script - Sudo-permissions lost over time
The simplest thing that may work is
myuser = NOPASSWD: /sbin/ifconfig
Also, you could sudo an arbitrary command on the same terminal (tty/vty), and sudo will cache the authentication for a while (or until sudo -k), so you may start the script and it will 'remember' the credentials from your earlier sudo invocation. I sometimes do this when composing pipes with sudo (just preceded them with sudo true)
echo "password" | sudo -S ifconfig eth0 hw ether 00:99:99:00:00:00
You need a sudo configuration line which allows for the command to be executed by the user without password prompt.
You can disable the password prompt for a whole user (more dangerous, but perhaps ok if you are the only user on your desktop -- DONT do this on a server ):
yourusername ALL=(ALL) NOPASSWD: ALL
or more restrictive, only allowing the ifconfig command:
yourusername ALL= NOPASSWD: /sbin/ifconfig
See: man sudoers , man sudo
http://ubuntuforums.org/showthread.php?t=1132821
http://www.linuxhelp.net/guides/sudo/
A safer way to do it would be:
sudo visudo -f sudoers
then add
myuser ALL=NOPASSWD:/sbin/ifconfig
to the editor window that appeared. Once you are done, use :x to quit
Here is a Zenity dialog that does something similar to Tman's comment,
though the password isn't stored in history...
This may be a good alternative
#!/bin/bash
ENTRY=`zenity --password`
case $? in
0)
pw=$(echo $ENTRY | cut -d'|' -f1)
;;
1)
echo "Stop login.";;
-1)
echo "An unexpected error has occurred.";;
esac
TMP=$(echo "${pw}" | sudo -Sv)
TMP=0