Sudo -s without password prompt | Unix Linux Forums | UNIX for Dummies Questions & Answers

  Go Back    


UNIX for Dummies Questions & Answers If you're not sure where to post a UNIX or Linux question, post it here. All UNIX and Linux newbies welcome !!

Sudo -s without password prompt

UNIX for Dummies Questions & Answers


Tags
sudo -s

Closed Thread    
 
Thread Tools Search this Thread Display Modes
    #1  
Old 01-04-2013
krk krk is offline
Registered User
 
Join Date: Jan 2013
Last Activity: 8 April 2013, 4:11 AM EDT
Posts: 2
Thanks: 3
Thanked 0 Times in 0 Posts
Sudo -s without password prompt

hi,
i have a requirement where i need to sudo to another user in the shell script.suppose consider user A and B, first user A calls a shell script and then i need to sudo to user B which executes another shell script inside the earlier one.
also this needs to be automated like while sudo'ing to user B it should not ask for password prompt, password should be read from some file or by any other means.i'm a newbiew , please sugggest steps for the above problem.

other than this is there any way around for my problem??? please suggest ???
Sponsored Links
    #2  
Old 01-04-2013
Ikaro0 Ikaro0 is offline
Registered User
 
Join Date: Mar 2010
Last Activity: 19 August 2014, 7:18 AM EDT
Posts: 14
Thanks: 0
Thanked 2 Times in 2 Posts
Hi Krk

To do a sudo you should have an entry on the sudoers file that allows you to do the task needed to be done as other user or root.

Better than trying to go deeper into your specific situation i guess it would be better for you to learn how to use sudo, here is a kind of "how to" for sudo I found on the web:

7 Linux sudo Command Tips and Tricks (link removed)

Hope it helps you

Regards.
The Following User Says Thank You to Ikaro0 For This Useful Post:
krk (01-04-2013)
Sponsored Links
    #3  
Old 01-04-2013
RudiC RudiC is offline Forum Advisor  
Registered User
 
Join Date: Jul 2012
Last Activity: 22 November 2014, 2:29 PM EST
Location: Aachen, Germany
Posts: 4,682
Thanks: 78
Thanked 1,158 Times in 1,088 Posts
There's no silver bullet for your problem. If compliant to your site's policy, you could disable the authentication requirement (cf. man sudoers):
Quote:
Authentication and Logging
The sudoers security policy requires that most users authenticate themselves before they can use sudo. A password is not required if the invoking user is root, if the
target user is the same as the invoking user, or if the policy has disabled authentication for the user or command.
You could use the -A option (cf. man sudo):
Quote:
sudo accepts the following command line options:

-A Normally, if sudo requires a password, it will read it from the user's terminal. If the -A (askpass) option is specified, a (possibly graphical) helper
program is executed to read the user's password and output the password to the standard output.
You finally could remove the reason why you need to switch to user B - adapt e.g. permissions of commands and files. Again, if compliant.
The Following User Says Thank You to RudiC For This Useful Post:
krk (01-04-2013)
    #4  
Old 01-04-2013
Smiling Dragon's Avatar
Smiling Dragon Smiling Dragon is offline Forum Advisor  
Disorganised User
 
Join Date: Nov 2007
Last Activity: 27 October 2014, 10:04 PM EDT
Location: New Zealand
Posts: 1,044
Thanks: 21
Thanked 26 Times in 25 Posts
Your shell script (as called by user A) would have this line in it:

Code:
sudo -u userb /full/path/to/anotherShellScript.sh

The "-u userb" flag tells sudo to run as the supplied user instead of root

Add the following line to your sudoers config file:

Code:
usera ALL=(userb) NOPASSWD: /full/path/to/anotherShellScript.sh

The "usera ALL" tells sudo that usera on any server (ALL) my run this command
The "(userb)" tells sudo that the command can only be run as userb (not the default of root)
The "NOPASSWD:" tells sudo not to prompt for usera's password like it normally would (unless otherwise configured elsewhere)

Some traps to watch for:
  • sudo does funny things with the environment, if your other shell script (the one being called as userb) is expecting environment variables to be properly set for userb, you might find it goes wrong. Things like PATH and HOME can surprise you.
    I typically set any variables I need explicitly in the top of shell scripts being called by cron or sudo to prevent these issues.

    If this is a big problem for you, you can add a layer of indirection and use "su - userb -c /full/path/to/anotherShellScript.sh" to have it load userb's environment before running the script.
    Resulting sudo call in your first script would be:

    Code:
    sudo su - userb -c /full/path/to/anotherShellScript.sh

    You would now be running the su - command as root, then having it in turn select userb.

    The line to your sudoers config file would change to:

    Code:
    usera ALL=(root) NOPASSWD: /usr/bin/su - userb -c /full/path/to/anotherShellScript.sh

    The "(root)" bit isn't technically required, but I've done it that way to try and demonstrate what is changing between the two solutions.

  • As RudiC mentions, your company security policy will have an opinion (possibly a very strong opinion) on this. In some outfits, breaching this is bad enough to get you met at the door by security holding all your things in a black plastic rubbish bag ie, find out if it's cool to do this before you actually do it.

  • Be careful with the permissions on /full/path/to/anotherShellScript.sh and how well it's written as you've effectively made this script run with elevated privileges. If usera can find a way to change the content of this script, or if the script is written badly enough that someone can break out of it into a shell while it's running, you could be granting usera carte-blanc access to run things as userb (thus the security policy comment above). Assume the other users on the box and usera are all determined to destroy your server and/or bring down the company while writing the script and you'll have the appropriate level of paranoia.

Last edited by Smiling Dragon; 01-04-2013 at 10:09 PM..
Sponsored Links
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
ssh foo.com sudo command - Prompts for sudo password as visible text. Help? fluoborate Shell Programming and Scripting 9 11-02-2011 03:18 PM
sudo - prompt for comment/text th1amigo Shell Programming and Scripting 4 05-04-2010 02:59 PM
Bash script prompt for sudo password? PatGmac OS X (Apple) 2 05-01-2009 05:05 PM
sudo, use in script without prompt for password gauravgrover50 Shell Programming and Scripting 4 04-25-2009 09:26 AM
sudo in OS X shell script without password prompt?? Brad_GNET UNIX for Dummies Questions & Answers 1 07-29-2005 07:36 PM



All times are GMT -4. The time now is 11:21 PM.