[SOLVED] Allow to run some programs in sudo witout password

vladimir_1922 · 2011-10-13 20:33:14

Hello!

The problem i have is due to some commands I wish to run without having to write the password every time, as hibernate-ram, poweroff, or a custom script to change the brightness (I use a Samsung R530, and the fn keys don't work by themselves). I googled the problem, and did as it is said on the sudoers file (using visudo), but even if i think the syntax is correct, there are not any changes; it continues asking me for password. How can I fix that?

I include a copy of my sudoers file, maybe my lack of experience with sudo don't allow me to see a syntax error.

-----------------------------------------------------------------------------------------------------------------------------

# This is /etc/sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
# Failure to use 'visudo' may result in syntax or file permission errors
# that prevent sudo from running.
#
# See the sudoers man page for the details on how to write a sudoers file.

# Root is allowed to run all commands:
root ALL=(ALL) ALL
alvarez ALL=(ALL) ALL
alvarez ALL =(root) NOPASSWD: /usr/bin/controlbrillo

# Allow members of group wheel to run all commands:
%wheel ALL=(ALL) ALL

# Allow members of group power to shutdown and reboot the computer:
%power ALL = NOPASSWD: /sbin/shutdown,/sbin/halt,/sbin/reboot

# Allow members of group power to use hibernate and suspend:
%power ALL = NOPASSWD: /usr/sbin/pm-hibernate,/usr/sbin/pm-suspend

# Allow members of group power to change CPU frequenzy scaling governor:
%power ALL = NOPASSWD: /usr/bin/cpufreq-set

# Allow members of group network to use wvdial for call-up network connection:
%network ALL = NOPASSWD: /usr/bin/wvdial,/usr/bin/killall wvdial,/usr/bin/poff

# Allow members of group video to change screen settings catalyst driver:
%video ALL = NOPASSWD: /usr/bin/amdcccle

Thanks in advance

Last edited by vladimir_1922 (2011-10-19 23:13:45)

karol · 2011-10-13 20:45:45

What DE / WM are you using and how do you start it?

I have

## Uncomment to allow members of group wheel to execute any command
# %wheel ALL=(ALL) ALL
# %sudo ALL=(ALL) ALL

## Same thing without a password
%wheel ALL=(ALL) NOPASSWD: ALL

Is your user in the 'wheel' group?

Last edited by karol (2011-10-13 20:46:39)

meph · 2011-10-13 21:19:34

Try changing this:
%power ALL = NOPASSWD: /sbin/shutdown (or likewise, whatever you want to run without password)

for this:
%power ALL=(root) NOPASSWD: /sbin/shutdown

Needless to say you need to have the user you run the script under in appropriate groups, but suppose that's not the problem.

vladimir_1922 · 2011-10-18 14:54:08

Ok, sorry for the late answer.

I run jwm which I start with the xinit script, as I mostly use the console, there it is the same, so anything to do with X.

I did as stated by Karol: %wheel ALL=(ALL) NOPASSWD: ALL, and now it works, obviously, it don't ask me password anymore, so it is quite insecure. It won't work if i try to specify concrete commands, so it is just a syntax error. Have to test ir further

Thanks for the answers!

skanky · 2011-10-18 16:54:15

You have to go from general to specific as later permissions overwrite earlier ones.
Also I *think* you have to specify the full command including options (there may be wildcards). You can create command aliases to simplify later entries.

Try something like this

Cmnd_Alias SHUTDOWN=/sbin/shutdown -h now, /sbin/shutdown -r now, /sbin/reboot

%wheel ALL=(ALL) ALL 
%power ALL=(ALL) NOPASSWD: SHUTDOWN
user ALL=(ALL) NOPASSWD: command

See man sudoers for more info (you may not have seen that as many people look at sudo and visudo man pages and miss the sudoers one - I did at first).

Last edited by skanky (2011-10-19 08:21:31)

DSpider · 2011-10-18 22:26:30

Here's what I use (single user mode), which is a little different than yours, OP:

root    ALL=(ALL) ALL
dspider ALL=(ALL) ALL

dspider ALL=NOPASSWD: /bin/mount, /bin/umount
dspider arch=NOPASSWD: /sbin/reboot, /sbin/poweroff

I'm guessing instead of "/sbin/poweroff" you could add your own command/script (path included).

"dspider@arch" -- obviously replace the user and hostname accordingly... Probably something like this:

alvarez your_hostname=NOPASSWD: /usr/bin/controlbrillo

Hope this helps.

Last edited by DSpider (2011-10-18 22:34:54)

vladimir_1922 · 2011-10-19 23:13:10

skanky wrote:

You have to go from general to specific as later permissions overwrite earlier ones.
Also I *think* you have to specify the full command including options (there may be wildcards). You can create command aliases to simplify later entries.

¡Thanks a lot to you and dspider!

The key whas on when invoke the permissons, ¡now it totally works!

I just added this at the end of sudoers, after restoring the file.

##User defined

alvarez ALL=NOPASSWD: /usr/bin/controlbrillo, /bin/mount, /bin/umount
alvarez Portatil=NOPASSWD: /sbin/reboot, /sbin/poweroff, /usr/sbin/hibernate-ram

And worked like a charm.

Arch Linux

#1 2011-10-13 20:33:14

[SOLVED] Allow to run some programs in sudo witout password

#2 2011-10-13 20:45:45

Re: [SOLVED] Allow to run some programs in sudo witout password

#3 2011-10-13 21:19:34

Re: [SOLVED] Allow to run some programs in sudo witout password

#4 2011-10-18 14:54:08

Re: [SOLVED] Allow to run some programs in sudo witout password

#5 2011-10-18 16:54:15

Re: [SOLVED] Allow to run some programs in sudo witout password

#6 2011-10-18 22:26:30

Re: [SOLVED] Allow to run some programs in sudo witout password

#7 2011-10-19 23:13:10

Re: [SOLVED] Allow to run some programs in sudo witout password

Board footer