Ubuntu: run script as root without password [closed]



Question:

I want to run a script without prompt for password. I edited /etc/sudoers file and I wrote several lines behind last one. This is my file:

#  Defaults    env_reset    # Host alias specification    # User alias specification    # Cmnd alias specification    # User privilege specification  root    ALL=(ALL:ALL) ALL    # Members of the admin group may gain root privileges  %admin ALL=(ALL) ALL    # Allow members of group sudo to execute any command  %sudo   ALL=(ALL:ALL) ALL    #includedir /etc/sudoers.d    jose ALL= NOPASSWD: /sbin/shutdown -h now  jose ALL= NOPASSWD: /sbin/shutdown -r now  jose ALL= NOPASSWD: /home/jose/sync.sh  

The script code (it works fine with password) is:

#!/bin/bash   #Filename: sync.sh    echo "Empezando sincronizar....."    ping -c 1 -t 1 172.18.2.100 > /dev/null 2> /dev/null # ping and discard output    if [ $? -eq 0 ]; then # check the exit code  echo "${ip} is up" # display the output  sudo mount -t smbfs //172.18.2.100/Downloads /home/jose/pc1  rsync -r -u -verbose /home/jose/pc1/movies/ /home/jose/Movies/  rsync -r -u -verbose /home/jose/pc1/series/ /home/jose/TV?Shows/  sudo umount /home/jose/pc1    # you could send this to a log file by using the >>pinglog.txt redirect  else  echo "${ip} is down"  fi    echo "Fin sincronizacion"  

I can shutdown and reboot without type password but when I try to run the last line, the script prompt for password. I replace the script path for "ALL" and I can run root comands without password but I can't run the mount / umount command and the script.

User belongs....

jose : jose adm dialout cdrom floppy audio video plugdev users lpadmin sambashare admin

Any help? Thanks in advance.


Solution:1

The fix

  1. In /etc/sudoers make sure the line is still there says:

    jose ALL= NOPASSWD: /home/jose/sync.sh  

    Do NOT delete that line!

  2. Optional: In your script, remove the sudos in front of every command using for exapmle:

    sed -i 's/^\(\s*\)sudo\s*/\1/g' /home/jose/sync.sh  

    This is not necessary but proofs a point. You can leave the files as it is, if you want to be able to execute it as regular user, without sudo /home/jose/sync.sh, and then be asked for a password.

  3. Run your script with:

    sudo /home/jose/sync.sh  

    sudo will not prompt you for a password. It is important to have the sudo in front of your call to the script.

Also for security reasons run the following commands on your script:

sudo chown root:root /home/jose/sync.sh  sudo chmod o-rwx /home/jose/sync.sh  

This way no one can edit your script without the root password. This important because else everyone that sits on your computer as a free and password-less method to execute commands as root.

The problem

The problem with the way you did it is, that you give permissions to run the script with root privileges but don't actually run it as root using sudo.

The only thing you run as root are the two commands that have "sudo" in front of them (which are of course umount /home/jose/pc1 and mount -t smbfs //172.18.2.100/Downloads /home/jose/pc1). But those two mount commands do NOT have root permissions (and should NOT despite pl1nk describing how you'd give them root permission in his answer), as they are not listed in /etc/sudoers to have NOPASSWD fot the user jose.


Solution:2

In /etc/sudoers (please use visudo to edit) add:

jose ALL= NOPASSWD: /bin/mount  jose ALL= NOPASSWD: /bin/umount  

Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Previous
Next Post »