Sudo without password

punkrockguy318 · 2004-10-15 20:07:35

How can I set it up to "sudo foobarcommand" and do it without a passwd? I keep getting syntax errors....

phrakture · 2004-10-15 20:17:45

you have to add a user and command allowed to the sudoers file... I didn't like sudo when I installed it, because I'd end up with a file and like 40 commands.... I'd run:

cd ~/blah/some/dir
sudo do_soemthing
sudo something_else
sudo another_command
sudo blahblahblah

and then every now and then I'd hit a command I needed but didn't have, edit the file and add it... when I could jsut go:

cd ~/blah/some/dir
su
password: ******
command1
command2
command3
....

no file upkeep here!

punkrockguy318 · 2004-10-15 20:21:23

Yeah, I know how to use su.. But I want to set up so that the "wheel" group can execute "updatedb" through sudo without a password. I know it's possible

phrakture · 2004-10-15 20:46:19

%wheel ALL=(updatedb) NOPASSWD: ALL

punkrockguy318 · 2004-10-15 20:53:27

that doesn't work... it needs to be /usr/bin/updatedb

phrakture · 2004-10-15 21:12:04

bah whatever... it was close enough...

punkrockguy318 · 2004-10-15 21:21:20

but it doesn't work when you change it to /usr/bin/updatedb either....

phrakture · 2004-10-15 22:42:43

hmmm see if it works without the NOPASSWD first:

%wheel ALL = (/usr/bin/updatedb) ALL

I may have the password syntax off...

cactus · 2004-10-16 03:14:48

make sure you edit the sudoers file with
visudo
instead of directly editing the sudoers file..it doesn't work otherwise. And you need to have the user be a member of the wheel group if you are setting it up by groups.

if you just want to do it for one user:
$ visudo

then edit file and add the following

username localhost=/path/to/command,/pathtoothercommands_seperatedby_commas,/bin/* root

it goes like this if I recall correctly
username host(s) = command(s)[,morecommands] user_su_targets

consult man sudoers for more information

Dusty · 2004-10-16 04:48:20

man sudoers has *got* to be nominated for the 'most confusing manpage ever' award.

Try something like this:

# Defaults specification
Defaults:username  !authenticate
  
# User privilege specification
root    ALL = (ALL) ALL
username   ALL = (ALL) ALL

The Defaults section sets up the non authentication; I assume you can do something similar with groups, but I don't know.

Dusty

cactus · 2004-10-16 08:41:25

Dusty wrote:

man sudoers has *got* to be nominated for the 'most confusing manpage ever' award.

punkrockguy318 · 2004-10-17 03:16:05

Thanks dusty... Is there anyway to be able to execute some commands without a passwd, but a passwd is needed for others?

Dusty · 2004-10-17 04:39:40

punkrockguy318 wrote:

Thanks dusty... Is there anyway to be able to execute some commands without a passwd, but a passwd is needed for others?

Yes but... I don't know exactly how... read that sudoers manpage. Um.... Start Monday morning and you may have it figured out by Friday.

You can set up different command aliases and groups and everything.

Dusty

z4ziggy · 2004-10-18 01:08:36

just a small comment about sudo with no password -
u can edit /etc/pam.d/sudo and set the following as the 1st line to allow wheel group to use sudo with no password :

auth           sufficient      pam_wheel.so trust use_uid

hope this helps,
z4ziggy

Arch Linux

#1 2004-10-15 20:07:35

Sudo without password

#2 2004-10-15 20:17:45

Re: Sudo without password

#3 2004-10-15 20:21:23

Re: Sudo without password

#4 2004-10-15 20:46:19

Re: Sudo without password

#5 2004-10-15 20:53:27

Re: Sudo without password

#6 2004-10-15 21:12:04

Re: Sudo without password

#7 2004-10-15 21:21:20

Re: Sudo without password

#8 2004-10-15 22:42:43

Re: Sudo without password

#9 2004-10-16 03:14:48

Re: Sudo without password

#10 2004-10-16 04:48:20

Re: Sudo without password

#11 2004-10-16 08:41:25

Re: Sudo without password

#12 2004-10-17 03:16:05

Re: Sudo without password

#13 2004-10-17 04:39:40

Re: Sudo without password

#14 2004-10-18 01:08:36

Re: Sudo without password

Board footer