Execute shell script without password
Clash Royale CLAN TAG#URR8PPP
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;
I have a shell script with a bunch of commands, one of them needs root. I want to execute the script without entering passwords at all: neither before script nor in the middle of execution. How can I make it?
shell-script
add a comment |
I have a shell script with a bunch of commands, one of them needs root. I want to execute the script without entering passwords at all: neither before script nor in the middle of execution. How can I make it?
shell-script
Is sudo involved?
– Jeff Schaller♦
Mar 16 at 14:28
You can register the script withsudo
. Seeman sudoers
– ctrl-alt-delor
Mar 16 at 14:33
@Jeff Schaller Yes
– w3punk
Mar 16 at 14:34
add a comment |
I have a shell script with a bunch of commands, one of them needs root. I want to execute the script without entering passwords at all: neither before script nor in the middle of execution. How can I make it?
shell-script
I have a shell script with a bunch of commands, one of them needs root. I want to execute the script without entering passwords at all: neither before script nor in the middle of execution. How can I make it?
shell-script
shell-script
asked Mar 16 at 14:25
w3punkw3punk
112
112
Is sudo involved?
– Jeff Schaller♦
Mar 16 at 14:28
You can register the script withsudo
. Seeman sudoers
– ctrl-alt-delor
Mar 16 at 14:33
@Jeff Schaller Yes
– w3punk
Mar 16 at 14:34
add a comment |
Is sudo involved?
– Jeff Schaller♦
Mar 16 at 14:28
You can register the script withsudo
. Seeman sudoers
– ctrl-alt-delor
Mar 16 at 14:33
@Jeff Schaller Yes
– w3punk
Mar 16 at 14:34
Is sudo involved?
– Jeff Schaller♦
Mar 16 at 14:28
Is sudo involved?
– Jeff Schaller♦
Mar 16 at 14:28
You can register the script with
sudo
. See man sudoers
– ctrl-alt-delor
Mar 16 at 14:33
You can register the script with
sudo
. See man sudoers
– ctrl-alt-delor
Mar 16 at 14:33
@Jeff Schaller Yes
– w3punk
Mar 16 at 14:34
@Jeff Schaller Yes
– w3punk
Mar 16 at 14:34
add a comment |
3 Answers
3
active
oldest
votes
sudo is a common practice , to give privileges to some user .
a simple example with multiple command :
i want the user nagios to use a specific command to dump informations.
nagios ALL=(root) NOPASSWD: /usr/bin/dmidecode, /bin/netstat -ntp
Another example , you manage multiple servers , you want to deploy the same sudoers file on each . and the rule will be valid only on one server .
nagios srvpeug1208 =(root) NOPASSWD: /usr/bin/dmidecode, /bin/netstat -ntp
this will allow nagios on srvpeu1208 to execute some commands .
1
"you can deploy only one sudoers file" This is not entirely accurate. Some *NIX distributions include the /etc/sudoers.d/ directory, which you may configure sudo to read and parse file from, which can contain additional sudo rules.
– 0xSheepdog
Mar 16 at 18:55
1
@0xSheepdog i rewrote my statement
– EchoMike444
Mar 16 at 19:17
add a comment |
As others have touched on, the key thing that your script needs is to run the command that requires root permissions as root without requiring a password prompt.
This is a common problem in *nix when a user needs to run a particular command that would normally require root permissions but we don't want to give that user root permissions in general.
Unix has a general solution for this: the setuid bit. When the setuid bit is set/enabled on a binary, that binary will always run as the file owner (so if the owner of the executable file is root, it will execute as root).
To set this, make sure that the binary that requires root permission is owned by root, and then set its permissions to include the setuid bit:
sudo chown root /path-to-binary
sudo chmod 4755 /path-to-binary
That binary will now execute as root, without requiring a password from the calling user. Note that if you have a shell script instead of a binary you'll need to use the workaround described at Why does setuid not work?
This will work regardless of the user who accesses the file, so be careful. If you want to restrict this ability to only one particular user, then you can instead modify the sudoers configuration as others have suggested.
add a comment |
Some options:
- read
man sudoers
, and register the script with sudo as not needing a password to run by you. Be careful to read the bit on visudo (and how not to get your self locked out). If you don't you will be back here asking how to edit the file, when sudo is not working. - re-write it in
golang
and use setuid bit.
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f506683%2fexecute-shell-script-without-password%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
3 Answers
3
active
oldest
votes
3 Answers
3
active
oldest
votes
active
oldest
votes
active
oldest
votes
sudo is a common practice , to give privileges to some user .
a simple example with multiple command :
i want the user nagios to use a specific command to dump informations.
nagios ALL=(root) NOPASSWD: /usr/bin/dmidecode, /bin/netstat -ntp
Another example , you manage multiple servers , you want to deploy the same sudoers file on each . and the rule will be valid only on one server .
nagios srvpeug1208 =(root) NOPASSWD: /usr/bin/dmidecode, /bin/netstat -ntp
this will allow nagios on srvpeu1208 to execute some commands .
1
"you can deploy only one sudoers file" This is not entirely accurate. Some *NIX distributions include the /etc/sudoers.d/ directory, which you may configure sudo to read and parse file from, which can contain additional sudo rules.
– 0xSheepdog
Mar 16 at 18:55
1
@0xSheepdog i rewrote my statement
– EchoMike444
Mar 16 at 19:17
add a comment |
sudo is a common practice , to give privileges to some user .
a simple example with multiple command :
i want the user nagios to use a specific command to dump informations.
nagios ALL=(root) NOPASSWD: /usr/bin/dmidecode, /bin/netstat -ntp
Another example , you manage multiple servers , you want to deploy the same sudoers file on each . and the rule will be valid only on one server .
nagios srvpeug1208 =(root) NOPASSWD: /usr/bin/dmidecode, /bin/netstat -ntp
this will allow nagios on srvpeu1208 to execute some commands .
1
"you can deploy only one sudoers file" This is not entirely accurate. Some *NIX distributions include the /etc/sudoers.d/ directory, which you may configure sudo to read and parse file from, which can contain additional sudo rules.
– 0xSheepdog
Mar 16 at 18:55
1
@0xSheepdog i rewrote my statement
– EchoMike444
Mar 16 at 19:17
add a comment |
sudo is a common practice , to give privileges to some user .
a simple example with multiple command :
i want the user nagios to use a specific command to dump informations.
nagios ALL=(root) NOPASSWD: /usr/bin/dmidecode, /bin/netstat -ntp
Another example , you manage multiple servers , you want to deploy the same sudoers file on each . and the rule will be valid only on one server .
nagios srvpeug1208 =(root) NOPASSWD: /usr/bin/dmidecode, /bin/netstat -ntp
this will allow nagios on srvpeu1208 to execute some commands .
sudo is a common practice , to give privileges to some user .
a simple example with multiple command :
i want the user nagios to use a specific command to dump informations.
nagios ALL=(root) NOPASSWD: /usr/bin/dmidecode, /bin/netstat -ntp
Another example , you manage multiple servers , you want to deploy the same sudoers file on each . and the rule will be valid only on one server .
nagios srvpeug1208 =(root) NOPASSWD: /usr/bin/dmidecode, /bin/netstat -ntp
this will allow nagios on srvpeu1208 to execute some commands .
edited Mar 16 at 19:16
answered Mar 16 at 15:17
EchoMike444EchoMike444
1,06017
1,06017
1
"you can deploy only one sudoers file" This is not entirely accurate. Some *NIX distributions include the /etc/sudoers.d/ directory, which you may configure sudo to read and parse file from, which can contain additional sudo rules.
– 0xSheepdog
Mar 16 at 18:55
1
@0xSheepdog i rewrote my statement
– EchoMike444
Mar 16 at 19:17
add a comment |
1
"you can deploy only one sudoers file" This is not entirely accurate. Some *NIX distributions include the /etc/sudoers.d/ directory, which you may configure sudo to read and parse file from, which can contain additional sudo rules.
– 0xSheepdog
Mar 16 at 18:55
1
@0xSheepdog i rewrote my statement
– EchoMike444
Mar 16 at 19:17
1
1
"you can deploy only one sudoers file" This is not entirely accurate. Some *NIX distributions include the /etc/sudoers.d/ directory, which you may configure sudo to read and parse file from, which can contain additional sudo rules.
– 0xSheepdog
Mar 16 at 18:55
"you can deploy only one sudoers file" This is not entirely accurate. Some *NIX distributions include the /etc/sudoers.d/ directory, which you may configure sudo to read and parse file from, which can contain additional sudo rules.
– 0xSheepdog
Mar 16 at 18:55
1
1
@0xSheepdog i rewrote my statement
– EchoMike444
Mar 16 at 19:17
@0xSheepdog i rewrote my statement
– EchoMike444
Mar 16 at 19:17
add a comment |
As others have touched on, the key thing that your script needs is to run the command that requires root permissions as root without requiring a password prompt.
This is a common problem in *nix when a user needs to run a particular command that would normally require root permissions but we don't want to give that user root permissions in general.
Unix has a general solution for this: the setuid bit. When the setuid bit is set/enabled on a binary, that binary will always run as the file owner (so if the owner of the executable file is root, it will execute as root).
To set this, make sure that the binary that requires root permission is owned by root, and then set its permissions to include the setuid bit:
sudo chown root /path-to-binary
sudo chmod 4755 /path-to-binary
That binary will now execute as root, without requiring a password from the calling user. Note that if you have a shell script instead of a binary you'll need to use the workaround described at Why does setuid not work?
This will work regardless of the user who accesses the file, so be careful. If you want to restrict this ability to only one particular user, then you can instead modify the sudoers configuration as others have suggested.
add a comment |
As others have touched on, the key thing that your script needs is to run the command that requires root permissions as root without requiring a password prompt.
This is a common problem in *nix when a user needs to run a particular command that would normally require root permissions but we don't want to give that user root permissions in general.
Unix has a general solution for this: the setuid bit. When the setuid bit is set/enabled on a binary, that binary will always run as the file owner (so if the owner of the executable file is root, it will execute as root).
To set this, make sure that the binary that requires root permission is owned by root, and then set its permissions to include the setuid bit:
sudo chown root /path-to-binary
sudo chmod 4755 /path-to-binary
That binary will now execute as root, without requiring a password from the calling user. Note that if you have a shell script instead of a binary you'll need to use the workaround described at Why does setuid not work?
This will work regardless of the user who accesses the file, so be careful. If you want to restrict this ability to only one particular user, then you can instead modify the sudoers configuration as others have suggested.
add a comment |
As others have touched on, the key thing that your script needs is to run the command that requires root permissions as root without requiring a password prompt.
This is a common problem in *nix when a user needs to run a particular command that would normally require root permissions but we don't want to give that user root permissions in general.
Unix has a general solution for this: the setuid bit. When the setuid bit is set/enabled on a binary, that binary will always run as the file owner (so if the owner of the executable file is root, it will execute as root).
To set this, make sure that the binary that requires root permission is owned by root, and then set its permissions to include the setuid bit:
sudo chown root /path-to-binary
sudo chmod 4755 /path-to-binary
That binary will now execute as root, without requiring a password from the calling user. Note that if you have a shell script instead of a binary you'll need to use the workaround described at Why does setuid not work?
This will work regardless of the user who accesses the file, so be careful. If you want to restrict this ability to only one particular user, then you can instead modify the sudoers configuration as others have suggested.
As others have touched on, the key thing that your script needs is to run the command that requires root permissions as root without requiring a password prompt.
This is a common problem in *nix when a user needs to run a particular command that would normally require root permissions but we don't want to give that user root permissions in general.
Unix has a general solution for this: the setuid bit. When the setuid bit is set/enabled on a binary, that binary will always run as the file owner (so if the owner of the executable file is root, it will execute as root).
To set this, make sure that the binary that requires root permission is owned by root, and then set its permissions to include the setuid bit:
sudo chown root /path-to-binary
sudo chmod 4755 /path-to-binary
That binary will now execute as root, without requiring a password from the calling user. Note that if you have a shell script instead of a binary you'll need to use the workaround described at Why does setuid not work?
This will work regardless of the user who accesses the file, so be careful. If you want to restrict this ability to only one particular user, then you can instead modify the sudoers configuration as others have suggested.
answered Mar 16 at 18:41
DanDan
114
114
add a comment |
add a comment |
Some options:
- read
man sudoers
, and register the script with sudo as not needing a password to run by you. Be careful to read the bit on visudo (and how not to get your self locked out). If you don't you will be back here asking how to edit the file, when sudo is not working. - re-write it in
golang
and use setuid bit.
add a comment |
Some options:
- read
man sudoers
, and register the script with sudo as not needing a password to run by you. Be careful to read the bit on visudo (and how not to get your self locked out). If you don't you will be back here asking how to edit the file, when sudo is not working. - re-write it in
golang
and use setuid bit.
add a comment |
Some options:
- read
man sudoers
, and register the script with sudo as not needing a password to run by you. Be careful to read the bit on visudo (and how not to get your self locked out). If you don't you will be back here asking how to edit the file, when sudo is not working. - re-write it in
golang
and use setuid bit.
Some options:
- read
man sudoers
, and register the script with sudo as not needing a password to run by you. Be careful to read the bit on visudo (and how not to get your self locked out). If you don't you will be back here asking how to edit the file, when sudo is not working. - re-write it in
golang
and use setuid bit.
answered Mar 16 at 14:51
ctrl-alt-delorctrl-alt-delor
12.5k52662
12.5k52662
add a comment |
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f506683%2fexecute-shell-script-without-password%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Is sudo involved?
– Jeff Schaller♦
Mar 16 at 14:28
You can register the script with
sudo
. Seeman sudoers
– ctrl-alt-delor
Mar 16 at 14:33
@Jeff Schaller Yes
– w3punk
Mar 16 at 14:34