![]() ![]() I've since commented out the sudo group from /etc/sudoers, and also removed the Pi user from said group. On my install, there never was an entry for Pi user, and it seems the permissions were instead inherited from the sudo group. Throughout my searches, I mostly found awnsers of removing or changing the Pi user's entry in the file. Ansible does not always use a specific command to do something but runs modules. # See sudoers(5) for more information on "#include" directives: If your user is called user and your host is called host you could add these lines to /etc/sudoers: user host (root) NOPASSWD: /sbin/shutdown user host (root) NOPASSWD: /sbin/reboot. 65 I want the default user, ubuntu to be able to run a specific service without being prompted for a password. The become keyword uses existing privilege escalation tools like sudo. # Allow members of group sudo to execute any command # See the man page for details on how to write a sudoers file.ĭefaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" # Please consider adding local content in /etc/sudoers.d/ instead of # This file MUST be edited with the 'visudo' command as root. My current /etc/sudoers file looks like # I can always just su - when needed, after all. After heavy searching, I gave up on that, and now I'm trying to just disable all access to sudo. If the target user's login shell is not /bin/bash then adjust the above line accordingly.So I'm trying to restrict the Pi user from being able to use sudo without the root password. user1 ALL=(user2) NOPASSWD: /bin/bash -c /usr/local/bin/script.sh Therefore you must not include -l in sudoers. sudo sets $0 to -bash and the leading dash is what makes this bash a login shell. Note there is no -l that would force a login shell. ![]() This is the command you want to allow with NOPASSWD in sudoers file. You tried to do: sudo -i -u user2 /usr/local/bin/script.shĪssuming the target user's shell is bash, the command that your sudo run was like: /bin/bash -c /usr/local/bin/script.sh If no command is specified, an interactive shell is executed. The command and any arguments are concatenated, separated by spaces, after escaping each character (including white space) with a backslash ( \) except for alphanumerics, underscores, hyphens, and dollar signs. If a command is specified, it is passed to the shell as a simple command using the -c option. This means that login-specific resource files such as. Run the shell specified by the target user's password database entry as a login shell. #includedir ls like setting the target user's ENV variables in the script itself is the only option but updating script is my last option, hence looking for a better/alt solution. User1 ALL=(user2) NOPASSWD: /usr/local/bin/script.sh WIth sudo -s you may not get the extra system path for root. With your setup, you could do something like sudo su and it wont ask for a password. My setup: egrep "^|^#include" /etc/sudoersĭefaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin" sudo and su are two different commands, and do different things. So my query is how could I run sudo -i without password prompt. The problem is that it prompts for password which is a problem for automation. Then I tried below - sudo -i -u user2 /usr/local/bin/script.shīut it asks for the password, if I type in the password then the script runs just fine. It runs but a part of actual execution fails becoz of user2 's environment is NOT set. Codename: user1 and need to run a script as user2 and there must NOT be any password prompt.Īdded below line to sudoers (using visudo of course) user1 ALL=(user2) NOPASSWD: /usr/local/bin/script.shĪnd then I ran the below command as user1 sudo -u user2 /usr/local/bin/script.sh
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |