Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Problem using sudo with NOPASSWD
Operating Systems HP-UX Problem using sudo with NOPASSWD Post 302970722 by aigini82 on Monday 11th of April 2016 10:26:07 AM
Old 04-11-2016
Problem using sudo with NOPASSWD
I need to configure access for a user in an HP-UX to :

1) use certain commands and
2) login as another user as a sudo.

These have to be done WITHOUT the user needing to enter a password.

However, after I enter the lines using visudo, there is a prompt for a password when the user executes those 2 commands.

This is the line I added in visudo :

Code:
etigers   ALL = NOPASSWD: /usr/sbin/sudo su - userX, /path/to/command/to/execute

However, initially before this line was added, there were 2 other lines above it, without the NOPASSWD option. Could it be that these 2 lines were overriding this line?

Also, in the visudo file there was no !#/bin/bash at the top of the file.

Or is it that for users first time using sudo, there will be a prompt for password?

Is there a need to restart visudo service? If so, how? What command? I tried using service visudo restart but it says 'service' no such command.
 

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

problem with sudo su and .sh script

here is my script: #!/bin/sh cd /Users/a echo "what is the name of the file u want?" read var1 var1=$var1... (1 Reply)
Discussion started by: cleansing_flame
1 Replies

2. UNIX for Advanced & Expert Users

Sudo command problem

Hi All, I am tring to redirect mails comming to my user id to a script. In other word trigger a script when a mail comes to my user id. Actually , Admin team has done all this to me previously. in my script i am doing like /usr/local/bin/sudo -u parbrxs /export/home/parbrxs/bin/parbrxs.sh... (4 Replies)
Discussion started by: mindtee_abhi
4 Replies

3. UNIX for Advanced & Expert Users

Switch user :NOPASSWD setting

Hi All, I want trigger a script "abhishektest.sh "whenever a mail come to a user say "abhishek" in my unix server. I dont have root permission. So, for doing this i added abhishek : "|/export/abhishek/bin/wr_test.sh in /etc/mail/aliases in wr_test file : i need to put this line, as i... (2 Replies)
Discussion started by: mindtee_abhi
2 Replies

4. Shell Programming and Scripting

shell script problem , sudo mount command

cat test.sh sudo mount -t vfat /dev/sda7 /media/Ddrive If i double click the test.sh file and select run in terminal then the terminal prompts for password. How can i avoid typing password? Or if i double click test.sh file and select run then nothing happens. What i'm trying "Double... (3 Replies)
Discussion started by: cola
3 Replies

5. Linux

Sudo Problem?

Hi I wanted to add a group using 1 id which is not root but has some sudo privileges. test@test>sudo -l gives this (root) NOPASSWD: /usr/bin/passwd, /usr/sbin/useradd, /usr/sbin/usermod, /usr/sbin/userdel, /usr/bin/tee, /usr/bin/grep, /bin/grep, /usr/bin/chmod, /bin/chmod, /usr/bin/echo,... (1 Reply)
Discussion started by: datkan
1 Replies

6. Solaris

Problem with password expire and sudo.

Hi, I have a small problem that I need to address regarding the password expiration for a number of different oracle accounts. Currently I have the MAXWEEKS set to 12 in the /etc/default/passwd file for all accounts. I also have sudo installed on the server and users access the oracle accounts... (2 Replies)
Discussion started by: sparcman
2 Replies

7. UNIX for Dummies Questions & Answers

Problem with Sudo inside a here document

Have a sudo statement inside of a here document. It prompts me for a password, but doesnt wait for me to enter my password. Is there a way I can use the command without sudo or anyway that I can enter the password correctly? Eg : while read remotehost do ssh -t $2@$remotehost ... (0 Replies)
Discussion started by: mnanavati
0 Replies

8. UNIX for Advanced & Expert Users

sudo wildcards problem: for every argument a *-wildcard? Better solution?

Hi I allow the user tommy to run this command as root sudoCommand: /app/appname/connectors/*/*/current/bin/*With "sudo -l" he sees the sudoers, but is unable to execute. $ sudo /app/appname/connectors/zur/namename/current/bin/othername agentsvc --i --u root --sn 1m7command Sorry, user... (2 Replies)
Discussion started by: slashdotweenie
2 Replies

9. Shell Programming and Scripting

Problem connect to a different server then do sudo login and finally run some scripts and get result

I have to write a shell script in my current linux server and I have to connect to a different server then do sudo login and finally run some scripts residing in a particular directory and get results back. I am starting to write my shell script as below but after I do ssh login it prompts for... (2 Replies)
Discussion started by: Devesh5683
2 Replies

10. UNIX and Linux Applications

LDAP - sudoers and the nopasswd flag - How can i set some commands for wheelgroup without password?

Hello :) we use LDAP with sudoers about 4 years. Works fine. But we have one problem with members of the admingroup (wheel). This users can do every command with sudo and with there privat password. But when they also are member to another special group, like sysadmin: Sysadmin is allowed to... (0 Replies)
Discussion started by: darktux
0 Replies

LEARN ABOUT CENTOS

sssd-sudo

SSSD-SUDO(5)						   File Formats and Conventions 					      SSSD-SUDO(5)

NAME

       sssd-sudo - Configuring sudo with the SSSD back end

DESCRIPTION

       This manual page describes how to configure sudo(8) to work with sssd(8) and how SSSD caches sudo rules.

CONFIGURING SUDO TO COOPERATE WITH SSSD

       To enable SSSD as a source for sudo rules, add sss to the sudoers entry in nsswitch.conf(5).

       For example, to configure sudo to first lookup rules in the standard sudoers(5) file (which should contain rules that apply to local users)
       and then in SSSD, the nsswitch.conf file should contain the following line:

	   sudoers: files sss

       More information about configuring the sudoers search order from the nsswitch.conf file as well as information about the LDAP schema that
       is used to store sudo rules in the directory can be found in sudoers.ldap(5).

       Note: in order to use netgroups or IPA hostgroups in sudo rules, you also need to correctly set nisdomainname(1) to your NIS domain name
       (which equals to IPA domain name when using hostgroups).

CONFIGURING SSSD TO FETCH SUDO RULES

       All configuration that is needed on SSSD side is to extend the list of services with "sudo" in [sssd] section of sssd.conf(5). To speed up
       the LDAP lookups, you can also set search base for sudo rules using ldap_sudo_search_base option.

       The following example shows how to configure SSSD to download sudo rules from an LDAP server.

	   [sssd]
	   config_file_version = 2
	   services = nss, pam, sudo
	   domains = EXAMPLE

	   [domain/EXAMPLE]
	   id_provider = ldap
	   sudo_provider = ldap
	   ldap_uri = ldap://example.com
	   ldap_sudo_search_base = ou=sudoers,dc=example,dc=com

       When the SSSD is configured to use IPA as the ID provider, the sudo provider is automatically enabled. The sudo search base is configured
       to use the compat tree (ou=sudoers,$DC).

THE SUDO RULE CACHING MECHANISM

       The biggest challenge, when developing sudo support in SSSD, was to ensure that running sudo with SSSD as the data source provides the same
       user experience and is as fast as sudo but keeps providing the most current set of rules as possible. To satisfy these requirements, SSSD
       uses three kinds of updates. They are referred to as full refresh, smart refresh and rules refresh.

       The smart refresh periodically downloads rules that are new or were modified after the last update. Its primary goal is to keep the
       database growing by fetching only small increments that do not generate large amounts of network traffic.

       The full refresh simply deletes all sudo rules stored in the cache and replaces them with all rules that are stored on the server. This is
       used to keep the cache consistent by removing every rule which was deleted from the server. However, full refresh may produce a lot of
       traffic and thus it should be run only occasionally depending on the size and stability of the sudo rules.

       The rules refresh ensures that we do not grant the user more permission than defined. It is triggered each time the user runs sudo. Rules
       refresh will find all rules that apply to this user, check their expiration time and redownload them if expired. In the case that any of
       these rules are missing on the server, the SSSD will do an out of band full refresh because more rules (that apply to other users) may have
       been deleted.

       If enabled, SSSD will store only rules that can be applied to this machine. This means rules that contain one of the following values in
       sudoHost attribute:

       o   keyword ALL

       o   wildcard

       o   netgroup (in the form "+netgroup")

       o   hostname or fully qualified domain name of this machine

       o   one of the IP addresses of this machine

       o   one of the IP addresses of the network (in the form "address/mask")

       There are many configuration options that can be used to adjust the behavior. Please refer to "ldap_sudo_*" in sssd-ldap(5) and "sudo_*" in
       sssd.conf(5).

SEE ALSO

       sssd(8), sssd.conf(5), sssd-ldap(5), sssd-krb5(5), sssd-simple(5), sssd-ipa(5), sssd-ad(5), sssd-sudo(5),sss_cache(8), sss_debuglevel(8),
       sss_groupadd(8), sss_groupdel(8), sss_groupshow(8), sss_groupmod(8), sss_useradd(8), sss_userdel(8), sss_usermod(8), sss_obfuscate(8),
       sss_seed(8), sssd_krb5_locator_plugin(8), sss_ssh_authorizedkeys(8), sss_ssh_knownhostsproxy(8),pam_sss(8).

AUTHORS

       The SSSD upstream - http://fedorahosted.org/sssd

SSSD
								    06/17/2014							      SSSD-SUDO(5)
All times are GMT -4. The time now is 10:16 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy