Execute shell script without password

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;








1















I have a shell script with a bunch of commands, one of them needs root. I want to execute the script without entering passwords at all: neither before script nor in the middle of execution. How can I make it?










share|improve this question






















  • Is sudo involved?

    – Jeff Schaller
    Mar 16 at 14:28











  • You can register the script with sudo. See man sudoers

    – ctrl-alt-delor
    Mar 16 at 14:33











  • @Jeff Schaller Yes

    – w3punk
    Mar 16 at 14:34

















1















I have a shell script with a bunch of commands, one of them needs root. I want to execute the script without entering passwords at all: neither before script nor in the middle of execution. How can I make it?










share|improve this question






















  • Is sudo involved?

    – Jeff Schaller
    Mar 16 at 14:28











  • You can register the script with sudo. See man sudoers

    – ctrl-alt-delor
    Mar 16 at 14:33











  • @Jeff Schaller Yes

    – w3punk
    Mar 16 at 14:34













1












1








1








I have a shell script with a bunch of commands, one of them needs root. I want to execute the script without entering passwords at all: neither before script nor in the middle of execution. How can I make it?










share|improve this question














I have a shell script with a bunch of commands, one of them needs root. I want to execute the script without entering passwords at all: neither before script nor in the middle of execution. How can I make it?







shell-script






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Mar 16 at 14:25









w3punkw3punk

112




112












  • Is sudo involved?

    – Jeff Schaller
    Mar 16 at 14:28











  • You can register the script with sudo. See man sudoers

    – ctrl-alt-delor
    Mar 16 at 14:33











  • @Jeff Schaller Yes

    – w3punk
    Mar 16 at 14:34

















  • Is sudo involved?

    – Jeff Schaller
    Mar 16 at 14:28











  • You can register the script with sudo. See man sudoers

    – ctrl-alt-delor
    Mar 16 at 14:33











  • @Jeff Schaller Yes

    – w3punk
    Mar 16 at 14:34
















Is sudo involved?

– Jeff Schaller
Mar 16 at 14:28





Is sudo involved?

– Jeff Schaller
Mar 16 at 14:28













You can register the script with sudo. See man sudoers

– ctrl-alt-delor
Mar 16 at 14:33





You can register the script with sudo. See man sudoers

– ctrl-alt-delor
Mar 16 at 14:33













@Jeff Schaller Yes

– w3punk
Mar 16 at 14:34





@Jeff Schaller Yes

– w3punk
Mar 16 at 14:34










3 Answers
3






active

oldest

votes


















3














sudo is a common practice , to give privileges to some user .



a simple example with multiple command :
i want the user nagios to use a specific command to dump informations.



nagios ALL=(root) NOPASSWD: /usr/bin/dmidecode, /bin/netstat -ntp


Another example , you manage multiple servers , you want to deploy the same sudoers file on each . and the rule will be valid only on one server .



nagios srvpeug1208 =(root) NOPASSWD: /usr/bin/dmidecode, /bin/netstat -ntp


this will allow nagios on srvpeu1208 to execute some commands .






share|improve this answer




















  • 1





    "you can deploy only one sudoers file" This is not entirely accurate. Some *NIX distributions include the /etc/sudoers.d/ directory, which you may configure sudo to read and parse file from, which can contain additional sudo rules.

    – 0xSheepdog
    Mar 16 at 18:55






  • 1





    @0xSheepdog i rewrote my statement

    – EchoMike444
    Mar 16 at 19:17


















1














As others have touched on, the key thing that your script needs is to run the command that requires root permissions as root without requiring a password prompt.

This is a common problem in *nix when a user needs to run a particular command that would normally require root permissions but we don't want to give that user root permissions in general.



Unix has a general solution for this: the setuid bit. When the setuid bit is set/enabled on a binary, that binary will always run as the file owner (so if the owner of the executable file is root, it will execute as root).

To set this, make sure that the binary that requires root permission is owned by root, and then set its permissions to include the setuid bit:



sudo chown root /path-to-binary
sudo chmod 4755 /path-to-binary


That binary will now execute as root, without requiring a password from the calling user. Note that if you have a shell script instead of a binary you'll need to use the workaround described at Why does setuid not work?



This will work regardless of the user who accesses the file, so be careful. If you want to restrict this ability to only one particular user, then you can instead modify the sudoers configuration as others have suggested.






share|improve this answer






























    0














    Some options:



    • read man sudoers, and register the script with sudo as not needing a password to run by you. Be careful to read the bit on visudo (and how not to get your self locked out). If you don't you will be back here asking how to edit the file, when sudo is not working.

    • re-write it in golang and use setuid bit.





    share|improve this answer























      Your Answer








      StackExchange.ready(function()
      var channelOptions =
      tags: "".split(" "),
      id: "106"
      ;
      initTagRenderer("".split(" "), "".split(" "), channelOptions);

      StackExchange.using("externalEditor", function()
      // Have to fire editor after snippets, if snippets enabled
      if (StackExchange.settings.snippets.snippetsEnabled)
      StackExchange.using("snippets", function()
      createEditor();
      );

      else
      createEditor();

      );

      function createEditor()
      StackExchange.prepareEditor(
      heartbeatType: 'answer',
      autoActivateHeartbeat: false,
      convertImagesToLinks: false,
      noModals: true,
      showLowRepImageUploadWarning: true,
      reputationToPostImages: null,
      bindNavPrevention: true,
      postfix: "",
      imageUploader:
      brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
      contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
      allowUrls: true
      ,
      onDemand: true,
      discardSelector: ".discard-answer"
      ,immediatelyShowMarkdownHelp:true
      );



      );













      draft saved

      draft discarded


















      StackExchange.ready(
      function ()
      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f506683%2fexecute-shell-script-without-password%23new-answer', 'question_page');

      );

      Post as a guest















      Required, but never shown

























      3 Answers
      3






      active

      oldest

      votes








      3 Answers
      3






      active

      oldest

      votes









      active

      oldest

      votes






      active

      oldest

      votes









      3














      sudo is a common practice , to give privileges to some user .



      a simple example with multiple command :
      i want the user nagios to use a specific command to dump informations.



      nagios ALL=(root) NOPASSWD: /usr/bin/dmidecode, /bin/netstat -ntp


      Another example , you manage multiple servers , you want to deploy the same sudoers file on each . and the rule will be valid only on one server .



      nagios srvpeug1208 =(root) NOPASSWD: /usr/bin/dmidecode, /bin/netstat -ntp


      this will allow nagios on srvpeu1208 to execute some commands .






      share|improve this answer




















      • 1





        "you can deploy only one sudoers file" This is not entirely accurate. Some *NIX distributions include the /etc/sudoers.d/ directory, which you may configure sudo to read and parse file from, which can contain additional sudo rules.

        – 0xSheepdog
        Mar 16 at 18:55






      • 1





        @0xSheepdog i rewrote my statement

        – EchoMike444
        Mar 16 at 19:17















      3














      sudo is a common practice , to give privileges to some user .



      a simple example with multiple command :
      i want the user nagios to use a specific command to dump informations.



      nagios ALL=(root) NOPASSWD: /usr/bin/dmidecode, /bin/netstat -ntp


      Another example , you manage multiple servers , you want to deploy the same sudoers file on each . and the rule will be valid only on one server .



      nagios srvpeug1208 =(root) NOPASSWD: /usr/bin/dmidecode, /bin/netstat -ntp


      this will allow nagios on srvpeu1208 to execute some commands .






      share|improve this answer




















      • 1





        "you can deploy only one sudoers file" This is not entirely accurate. Some *NIX distributions include the /etc/sudoers.d/ directory, which you may configure sudo to read and parse file from, which can contain additional sudo rules.

        – 0xSheepdog
        Mar 16 at 18:55






      • 1





        @0xSheepdog i rewrote my statement

        – EchoMike444
        Mar 16 at 19:17













      3












      3








      3







      sudo is a common practice , to give privileges to some user .



      a simple example with multiple command :
      i want the user nagios to use a specific command to dump informations.



      nagios ALL=(root) NOPASSWD: /usr/bin/dmidecode, /bin/netstat -ntp


      Another example , you manage multiple servers , you want to deploy the same sudoers file on each . and the rule will be valid only on one server .



      nagios srvpeug1208 =(root) NOPASSWD: /usr/bin/dmidecode, /bin/netstat -ntp


      this will allow nagios on srvpeu1208 to execute some commands .






      share|improve this answer















      sudo is a common practice , to give privileges to some user .



      a simple example with multiple command :
      i want the user nagios to use a specific command to dump informations.



      nagios ALL=(root) NOPASSWD: /usr/bin/dmidecode, /bin/netstat -ntp


      Another example , you manage multiple servers , you want to deploy the same sudoers file on each . and the rule will be valid only on one server .



      nagios srvpeug1208 =(root) NOPASSWD: /usr/bin/dmidecode, /bin/netstat -ntp


      this will allow nagios on srvpeu1208 to execute some commands .







      share|improve this answer














      share|improve this answer



      share|improve this answer








      edited Mar 16 at 19:16

























      answered Mar 16 at 15:17









      EchoMike444EchoMike444

      1,06017




      1,06017







      • 1





        "you can deploy only one sudoers file" This is not entirely accurate. Some *NIX distributions include the /etc/sudoers.d/ directory, which you may configure sudo to read and parse file from, which can contain additional sudo rules.

        – 0xSheepdog
        Mar 16 at 18:55






      • 1





        @0xSheepdog i rewrote my statement

        – EchoMike444
        Mar 16 at 19:17












      • 1





        "you can deploy only one sudoers file" This is not entirely accurate. Some *NIX distributions include the /etc/sudoers.d/ directory, which you may configure sudo to read and parse file from, which can contain additional sudo rules.

        – 0xSheepdog
        Mar 16 at 18:55






      • 1





        @0xSheepdog i rewrote my statement

        – EchoMike444
        Mar 16 at 19:17







      1




      1





      "you can deploy only one sudoers file" This is not entirely accurate. Some *NIX distributions include the /etc/sudoers.d/ directory, which you may configure sudo to read and parse file from, which can contain additional sudo rules.

      – 0xSheepdog
      Mar 16 at 18:55





      "you can deploy only one sudoers file" This is not entirely accurate. Some *NIX distributions include the /etc/sudoers.d/ directory, which you may configure sudo to read and parse file from, which can contain additional sudo rules.

      – 0xSheepdog
      Mar 16 at 18:55




      1




      1





      @0xSheepdog i rewrote my statement

      – EchoMike444
      Mar 16 at 19:17





      @0xSheepdog i rewrote my statement

      – EchoMike444
      Mar 16 at 19:17













      1














      As others have touched on, the key thing that your script needs is to run the command that requires root permissions as root without requiring a password prompt.

      This is a common problem in *nix when a user needs to run a particular command that would normally require root permissions but we don't want to give that user root permissions in general.



      Unix has a general solution for this: the setuid bit. When the setuid bit is set/enabled on a binary, that binary will always run as the file owner (so if the owner of the executable file is root, it will execute as root).

      To set this, make sure that the binary that requires root permission is owned by root, and then set its permissions to include the setuid bit:



      sudo chown root /path-to-binary
      sudo chmod 4755 /path-to-binary


      That binary will now execute as root, without requiring a password from the calling user. Note that if you have a shell script instead of a binary you'll need to use the workaround described at Why does setuid not work?



      This will work regardless of the user who accesses the file, so be careful. If you want to restrict this ability to only one particular user, then you can instead modify the sudoers configuration as others have suggested.






      share|improve this answer



























        1














        As others have touched on, the key thing that your script needs is to run the command that requires root permissions as root without requiring a password prompt.

        This is a common problem in *nix when a user needs to run a particular command that would normally require root permissions but we don't want to give that user root permissions in general.



        Unix has a general solution for this: the setuid bit. When the setuid bit is set/enabled on a binary, that binary will always run as the file owner (so if the owner of the executable file is root, it will execute as root).

        To set this, make sure that the binary that requires root permission is owned by root, and then set its permissions to include the setuid bit:



        sudo chown root /path-to-binary
        sudo chmod 4755 /path-to-binary


        That binary will now execute as root, without requiring a password from the calling user. Note that if you have a shell script instead of a binary you'll need to use the workaround described at Why does setuid not work?



        This will work regardless of the user who accesses the file, so be careful. If you want to restrict this ability to only one particular user, then you can instead modify the sudoers configuration as others have suggested.






        share|improve this answer

























          1












          1








          1







          As others have touched on, the key thing that your script needs is to run the command that requires root permissions as root without requiring a password prompt.

          This is a common problem in *nix when a user needs to run a particular command that would normally require root permissions but we don't want to give that user root permissions in general.



          Unix has a general solution for this: the setuid bit. When the setuid bit is set/enabled on a binary, that binary will always run as the file owner (so if the owner of the executable file is root, it will execute as root).

          To set this, make sure that the binary that requires root permission is owned by root, and then set its permissions to include the setuid bit:



          sudo chown root /path-to-binary
          sudo chmod 4755 /path-to-binary


          That binary will now execute as root, without requiring a password from the calling user. Note that if you have a shell script instead of a binary you'll need to use the workaround described at Why does setuid not work?



          This will work regardless of the user who accesses the file, so be careful. If you want to restrict this ability to only one particular user, then you can instead modify the sudoers configuration as others have suggested.






          share|improve this answer













          As others have touched on, the key thing that your script needs is to run the command that requires root permissions as root without requiring a password prompt.

          This is a common problem in *nix when a user needs to run a particular command that would normally require root permissions but we don't want to give that user root permissions in general.



          Unix has a general solution for this: the setuid bit. When the setuid bit is set/enabled on a binary, that binary will always run as the file owner (so if the owner of the executable file is root, it will execute as root).

          To set this, make sure that the binary that requires root permission is owned by root, and then set its permissions to include the setuid bit:



          sudo chown root /path-to-binary
          sudo chmod 4755 /path-to-binary


          That binary will now execute as root, without requiring a password from the calling user. Note that if you have a shell script instead of a binary you'll need to use the workaround described at Why does setuid not work?



          This will work regardless of the user who accesses the file, so be careful. If you want to restrict this ability to only one particular user, then you can instead modify the sudoers configuration as others have suggested.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Mar 16 at 18:41









          DanDan

          114




          114





















              0














              Some options:



              • read man sudoers, and register the script with sudo as not needing a password to run by you. Be careful to read the bit on visudo (and how not to get your self locked out). If you don't you will be back here asking how to edit the file, when sudo is not working.

              • re-write it in golang and use setuid bit.





              share|improve this answer



























                0














                Some options:



                • read man sudoers, and register the script with sudo as not needing a password to run by you. Be careful to read the bit on visudo (and how not to get your self locked out). If you don't you will be back here asking how to edit the file, when sudo is not working.

                • re-write it in golang and use setuid bit.





                share|improve this answer

























                  0












                  0








                  0







                  Some options:



                  • read man sudoers, and register the script with sudo as not needing a password to run by you. Be careful to read the bit on visudo (and how not to get your self locked out). If you don't you will be back here asking how to edit the file, when sudo is not working.

                  • re-write it in golang and use setuid bit.





                  share|improve this answer













                  Some options:



                  • read man sudoers, and register the script with sudo as not needing a password to run by you. Be careful to read the bit on visudo (and how not to get your self locked out). If you don't you will be back here asking how to edit the file, when sudo is not working.

                  • re-write it in golang and use setuid bit.






                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered Mar 16 at 14:51









                  ctrl-alt-delorctrl-alt-delor

                  12.5k52662




                  12.5k52662



























                      draft saved

                      draft discarded
















































                      Thanks for contributing an answer to Unix & Linux Stack Exchange!


                      • Please be sure to answer the question. Provide details and share your research!

                      But avoid


                      • Asking for help, clarification, or responding to other answers.

                      • Making statements based on opinion; back them up with references or personal experience.

                      To learn more, see our tips on writing great answers.




                      draft saved


                      draft discarded














                      StackExchange.ready(
                      function ()
                      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f506683%2fexecute-shell-script-without-password%23new-answer', 'question_page');

                      );

                      Post as a guest















                      Required, but never shown





















































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown

































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown






                      Popular posts from this blog

                      How to check contact read email or not when send email to Individual?

                      Displaying single band from multi-band raster using QGIS

                      How many registers does an x86_64 CPU actually have?