Unix/Linux Go Back    

UNIX for Dummies Questions & Answers This forum is closed for new posts. Please post beginner questions to learn unix and learn linux in this forum UNIX for Beginners Questions & Answers

Sudo -s without password prompt

UNIX for Dummies Questions & Answers

sudo -s

Thread Tools Search this Thread Display Modes
Old Unix and Linux 01-04-2013
krk krk is offline
Registered User
Join Date: Jan 2013
Last Activity: 9 October 2015, 7:53 AM EDT
Posts: 13
Thanks: 5
Thanked 1 Time in 1 Post
Sudo -s without password prompt

i have a requirement where i need to sudo to another user in the shell script.suppose consider user A and B, first user A calls a shell script and then i need to sudo to user B which executes another shell script inside the earlier one.
also this needs to be automated like while sudo'ing to user B it should not ask for password prompt, password should be read from some file or by any other means.i'm a newbiew , please sugggest steps for the above problem.

other than this is there any way around for my problem??? please suggest ???
Sponsored Links
Old Unix and Linux 01-04-2013
Ikaro0 Ikaro0 is offline
Registered User
Join Date: Mar 2010
Last Activity: 19 August 2014, 7:18 AM EDT
Posts: 14
Thanks: 0
Thanked 2 Times in 2 Posts
Hi Krk

To do a sudo you should have an entry on the sudoers file that allows you to do the task needed to be done as other user or root.

Better than trying to go deeper into your specific situation i guess it would be better for you to learn how to use sudo, here is a kind of "how to" for sudo I found on the web:

7 Linux sudo Command Tips and Tricks (link removed)

Hope it helps you

The Following User Says Thank You to Ikaro0 For This Useful Post:
krk (01-04-2013)
Sponsored Links
Old Unix and Linux 01-04-2013
RudiC RudiC is offline Forum Staff  
Join Date: Jul 2012
Last Activity: 22 October 2017, 5:17 PM EDT
Location: Aachen, Germany
Posts: 11,483
Thanks: 310
Thanked 3,561 Times in 3,276 Posts
There's no silver bullet for your problem. If compliant to your site's policy, you could disable the authentication requirement (cf. man sudoers):
Authentication and Logging
The sudoers security policy requires that most users authenticate themselves before they can use sudo. A password is not required if the invoking user is root, if the
target user is the same as the invoking user, or if the policy has disabled authentication for the user or command.
You could use the -A option (cf. man sudo):
sudo accepts the following command line options:

-A Normally, if sudo requires a password, it will read it from the user's terminal. If the -A (askpass) option is specified, a (possibly graphical) helper
program is executed to read the user's password and output the password to the standard output.
You finally could remove the reason why you need to switch to user B - adapt e.g. permissions of commands and files. Again, if compliant.
The Following User Says Thank You to RudiC For This Useful Post:
krk (01-04-2013)
Old Unix and Linux 01-04-2013
Smiling Dragon's Unix or Linux Image
Smiling Dragon Smiling Dragon is offline Forum Advisor  
Disorganised User
Join Date: Nov 2007
Last Activity: 27 July 2017, 4:23 PM EDT
Location: New Zealand
Posts: 1,060
Thanks: 25
Thanked 29 Times in 28 Posts
Your shell script (as called by user A) would have this line in it:

sudo -u userb /full/path/to/anotherShellScript.sh

The "-u userb" flag tells sudo to run as the supplied user instead of root

Add the following line to your sudoers config file:

usera ALL=(userb) NOPASSWD: /full/path/to/anotherShellScript.sh

The "usera ALL" tells sudo that usera on any server (ALL) my run this command
The "(userb)" tells sudo that the command can only be run as userb (not the default of root)
The "NOPASSWD:" tells sudo not to prompt for usera's password like it normally would (unless otherwise configured elsewhere)

Some traps to watch for:
  • sudo does funny things with the environment, if your other shell script (the one being called as userb) is expecting environment variables to be properly set for userb, you might find it goes wrong. Things like PATH and HOME can surprise you.
    I typically set any variables I need explicitly in the top of shell scripts being called by cron or sudo to prevent these issues.

    If this is a big problem for you, you can add a layer of indirection and use "su - userb -c /full/path/to/anotherShellScript.sh" to have it load userb's environment before running the script.
    Resulting sudo call in your first script would be:

    sudo su - userb -c /full/path/to/anotherShellScript.sh

    You would now be running the su - command as root, then having it in turn select userb.

    The line to your sudoers config file would change to:

    usera ALL=(root) NOPASSWD: /usr/bin/su - userb -c /full/path/to/anotherShellScript.sh

    The "(root)" bit isn't technically required, but I've done it that way to try and demonstrate what is changing between the two solutions.

  • As RudiC mentions, your company security policy will have an opinion (possibly a very strong opinion) on this. In some outfits, breaching this is bad enough to get you met at the door by security holding all your things in a black plastic rubbish bag Linux ie, find out if it's cool to do this before you actually do it.

  • Be careful with the permissions on /full/path/to/anotherShellScript.sh and how well it's written as you've effectively made this script run with elevated privileges. If usera can find a way to change the content of this script, or if the script is written badly enough that someone can break out of it into a shell while it's running, you could be granting usera carte-blanc access to run things as userb (thus the security policy comment above). Assume the other users on the box and usera are all determined to destroy your server and/or bring down the company while writing the script and you'll have the appropriate level of paranoia.

Last edited by Smiling Dragon; 01-04-2013 at 09:09 PM..
Sponsored Links

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Linux More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
ssh foo.com sudo command - Prompts for sudo password as visible text. Help? fluoborate Shell Programming and Scripting 9 11-02-2011 02:18 PM
sudo - prompt for comment/text th1amigo Shell Programming and Scripting 4 05-04-2010 01:59 PM
Bash script prompt for sudo password? PatGmac OS X (Apple) 2 05-01-2009 04:05 PM
sudo, use in script without prompt for password gauravgrover50 Shell Programming and Scripting 4 04-25-2009 08:26 AM
sudo in OS X shell script without password prompt?? Brad_GNET UNIX for Dummies Questions & Answers 1 07-29-2005 06:36 PM

All times are GMT -4. The time now is 03:47 AM.