You are not logged in.

Pages: 1

#1 2023-08-09 05:21:51

Morta
Member
Registered: 2019-07-07
Posts: 655

[SOLVED]Execute systemd service without PWD

Hi want to execute a systemd service with a deploy hook.

So I want execute

sudo systemctl restart flask.service

or

systemctl restart flask.service

without PWD promt with user vcb.

When I edit /etc/suoders to

vcb     ALL=NOPASSWD: ALL

It's ask anyway for a PWD

When I edit /etc/suoders to

vcb ALL=NOPASSWD:/bin/systemctl restart flask.service

It's says I cant' execute the service as root when I prompt

systemctl restart flask.service

The systemd service starts with user vcb and group wheel

What is the problem?

I prefer to add the second line to /etc/suoders.d/vcb

Last edited by Morta (2023-08-09 17:50:10)

Offline

#2 2023-08-09 07:11:17

seth
Member
Registered: 2012-09-03
Posts: 52,282

Re: [SOLVED]Execute systemd service without PWD

PWD is a *very* confusing abridge for "password"…

In order for sudo to have any effect you'll have to, wel, use sudo roll
If you just run systemctl it'll check polkit and ask you for permissions this way.

sudo systemctl restart flask.service

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc

Offline

#3 2023-08-09 10:46:59

Morta
Member
Registered: 2019-07-07
Posts: 655

Re: [SOLVED]Execute systemd service without PWD

I not totally stupid. The problem is that the sudo password prompt comes anyway on every configuration.

Offline

#4 2023-08-09 12:23:54

seth
Member
Registered: 2012-09-03
Posts: 52,282

Re: [SOLVED]Execute systemd service without PWD

I not totally stupid.

Maybe not, but your posts would have consistently misrepresented the commands you issued - and made it appear this way.

sudo -l

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc

Offline

#5 2023-08-09 16:04:17

Morta
Member
Registered: 2019-07-07
Posts: 655

Re: [SOLVED]Execute systemd service without PWD

[vcb@mail root]$ sudo -l
User vcb may run the following commands on mail:
    (vcb) NOPASSWD: /usr/bin/systemctl restart flask-vcb.service
sudo cat /etc/sudoers
[sudo] password for vcb:
Sorry, user vcb is not allowed to execute '/usr/bin/cat /etc/sudoers' as root on mail.
## User privilege specification
##
root ALL=(ALL:ALL) ALL
morta ALL=(ALL:ALL) ALL
stefan ALL=(ALL:ALL) ALL
vcb ALL=(vcb) NOPASSWD: /usr/bin/systemctl restart flask-vcb.service # Also tried vcb ALL=(root) and ALL=(ALL:ALL)

Offline

#6 2023-08-09 16:47:55

Morta
Member
Registered: 2019-07-07
Posts: 655

Re: [SOLVED]Execute systemd service without PWD

Ok im stupid. User vcb was not in the group wheel

Offline

#7 2023-08-09 17:08:54

seth
Member
Registered: 2012-09-03
Posts: 52,282

Re: [SOLVED]Execute systemd service without PWD

This has nothing to do w/ vcb being in the wheel group.
The sudoers you posted can *obviously* not work because you're allowing vcb to execute "systemctl restart flask-vcb.service" as vcb w/o issuing a password (sudo -u vcb systemctl restart flask-vcb.service, what's pointless)

If adding it to the group wheel did anything that's likely because you've a sudoers entry " %wheel ALL=(ALL) NOPASSWD: ALL"

# Also tried vcb ALL=(root) and ALL=(ALL:ALL)

You might want to post "sudo -l" for that attempt.

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc

Offline

#8 2023-08-09 17:25:32

Morta
Member
Registered: 2019-07-07
Posts: 655

Re: [SOLVED]Execute systemd service without PWD

[vcb@mail /]$ sudo -l
User vcb may run the following commands on mail:
    (ALL : ALL) NOPASSWD: /usr/bin/systemctl restart flask-vcb.service

Offline

#9 2023-08-09 17:27:47

seth
Member
Registered: 2012-09-03
Posts: 52,282

Re: [SOLVED]Execute systemd service without PWD

And what's then the output for 

[vcb@mail /]$ sudo /usr/bin/systemctl restart flask-vcb.service

Edit: if you've the %wheel rule and vcb in %wheel, this is obviously pointless, so comment the %wheel rule or remove vcb from that group (requires re-login to apply)

Last edited by seth (2023-08-09 17:28:57)

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc

Offline

#10 2023-08-09 17:33:58

Morta
Member
Registered: 2019-07-07
Posts: 655

Re: [SOLVED]Execute systemd service without PWD

sudo /usr/bin/systemctl restart flask-vcb
[sudo] password for vcb:
Sorry, user vcb is not allowed to execute '/usr/bin/systemctl restart flask-vcb' as root on mail.

#%wheel is comment out

Offline

#11 2023-08-09 17:36:19

seth
Member
Registered: 2012-09-03
Posts: 52,282

Re: [SOLVED]Execute systemd service without PWD

That's not the command I suggested or you permitted.
This has to match literal, omitting ".service" is not allowed.

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc

Offline

#12 2023-08-09 17:41:39

Morta
Member
Registered: 2019-07-07
Posts: 655

Re: [SOLVED]Execute systemd service without PWD

Ok with .service its don't ask the password!

Offline

#13 2023-08-09 17:44:15

seth
Member
Registered: 2012-09-03
Posts: 52,282

Re: [SOLVED]Execute systemd service without PWD

"quelle surprise"

Please always remember to mark resolved threads by editing your initial posts subject - so others will know that there's no task left, but maybe a solution to find.
Thanks.

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc

Offline

Pages: 1

Board footer

Powered by FluxBB