You are not logged in.
- Topics: Active | Unanswered
#1 2023-08-09 05:21:51
- Morta
- Member
- Registered: 2019-07-07
- Posts: 660
[SOLVED]Execute systemd service without PWD
Hi want to execute a systemd service with a deploy hook.
So I want execute
sudo systemctl restart flask.serviceor
systemctl restart flask.servicewithout PWD promt with user vcb.
When I edit /etc/suoders to
vcb ALL=NOPASSWD: ALLIt's ask anyway for a PWD
When I edit /etc/suoders to
vcb ALL=NOPASSWD:/bin/systemctl restart flask.serviceIt's says I cant' execute the service as root when I prompt
systemctl restart flask.serviceThe systemd service starts with user vcb and group wheel
What is the problem?
I prefer to add the second line to /etc/suoders.d/vcb
Last edited by Morta (2023-08-09 17:50:10)
Offline
#2 2023-08-09 07:11:17
- seth
- Member
- From: Don't DM me only for attention
- Registered: 2012-09-03
- Posts: 73,044
Re: [SOLVED]Execute systemd service without PWD
PWD is a *very* confusing abridge for "password"…
In order for sudo to have any effect you'll have to, wel, use sudo 
If you just run systemctl it'll check polkit and ask you for permissions this way.
sudo systemctl restart flask.serviceOffline
#3 2023-08-09 10:46:59
- Morta
- Member
- Registered: 2019-07-07
- Posts: 660
Re: [SOLVED]Execute systemd service without PWD
I not totally stupid. The problem is that the sudo password prompt comes anyway on every configuration.
Offline
#4 2023-08-09 12:23:54
- seth
- Member
- From: Don't DM me only for attention
- Registered: 2012-09-03
- Posts: 73,044
Re: [SOLVED]Execute systemd service without PWD
I not totally stupid.
Maybe not, but your posts would have consistently misrepresented the commands you issued - and made it appear this way.
sudo -lOffline
#5 2023-08-09 16:04:17
- Morta
- Member
- Registered: 2019-07-07
- Posts: 660
Re: [SOLVED]Execute systemd service without PWD
[vcb@mail root]$ sudo -l
User vcb may run the following commands on mail:
(vcb) NOPASSWD: /usr/bin/systemctl restart flask-vcb.servicesudo cat /etc/sudoers
[sudo] password for vcb:
Sorry, user vcb is not allowed to execute '/usr/bin/cat /etc/sudoers' as root on mail.## User privilege specification
##
root ALL=(ALL:ALL) ALL
morta ALL=(ALL:ALL) ALL
stefan ALL=(ALL:ALL) ALL
vcb ALL=(vcb) NOPASSWD: /usr/bin/systemctl restart flask-vcb.service # Also tried vcb ALL=(root) and ALL=(ALL:ALL)Offline
#6 2023-08-09 16:47:55
- Morta
- Member
- Registered: 2019-07-07
- Posts: 660
Re: [SOLVED]Execute systemd service without PWD
Ok im stupid. User vcb was not in the group wheel
Offline
#7 2023-08-09 17:08:54
- seth
- Member
- From: Don't DM me only for attention
- Registered: 2012-09-03
- Posts: 73,044
Re: [SOLVED]Execute systemd service without PWD
This has nothing to do w/ vcb being in the wheel group.
The sudoers you posted can *obviously* not work because you're allowing vcb to execute "systemctl restart flask-vcb.service" as vcb w/o issuing a password (sudo -u vcb systemctl restart flask-vcb.service, what's pointless)
If adding it to the group wheel did anything that's likely because you've a sudoers entry " %wheel ALL=(ALL) NOPASSWD: ALL"
# Also tried vcb ALL=(root) and ALL=(ALL:ALL)
You might want to post "sudo -l" for that attempt.
Offline
#8 2023-08-09 17:25:32
- Morta
- Member
- Registered: 2019-07-07
- Posts: 660
Re: [SOLVED]Execute systemd service without PWD
[vcb@mail /]$ sudo -l
User vcb may run the following commands on mail:
(ALL : ALL) NOPASSWD: /usr/bin/systemctl restart flask-vcb.serviceOffline
#9 2023-08-09 17:27:47
- seth
- Member
- From: Don't DM me only for attention
- Registered: 2012-09-03
- Posts: 73,044
Re: [SOLVED]Execute systemd service without PWD
And what's then the output for
[vcb@mail /]$ sudo /usr/bin/systemctl restart flask-vcb.serviceEdit: if you've the %wheel rule and vcb in %wheel, this is obviously pointless, so comment the %wheel rule or remove vcb from that group (requires re-login to apply)
Last edited by seth (2023-08-09 17:28:57)
Offline
#10 2023-08-09 17:33:58
- Morta
- Member
- Registered: 2019-07-07
- Posts: 660
Re: [SOLVED]Execute systemd service without PWD
sudo /usr/bin/systemctl restart flask-vcb
[sudo] password for vcb:
Sorry, user vcb is not allowed to execute '/usr/bin/systemctl restart flask-vcb' as root on mail.#%wheel is comment out
Offline
#11 2023-08-09 17:36:19
- seth
- Member
- From: Don't DM me only for attention
- Registered: 2012-09-03
- Posts: 73,044
Re: [SOLVED]Execute systemd service without PWD
That's not the command I suggested or you permitted.
This has to match literal, omitting ".service" is not allowed.
Offline
#12 2023-08-09 17:41:39
- Morta
- Member
- Registered: 2019-07-07
- Posts: 660
Re: [SOLVED]Execute systemd service without PWD
Ok with .service its don't ask the password!
Offline
#13 2023-08-09 17:44:15
- seth
- Member
- From: Don't DM me only for attention
- Registered: 2012-09-03
- Posts: 73,044
Re: [SOLVED]Execute systemd service without PWD
"quelle surprise"
Please always remember to mark resolved threads by editing your initial posts subject - so others will know that there's no task left, but maybe a solution to find.
Thanks.
Offline