![]() You'll use chmod u+s (read chmod(1)) when installing such a binary. However, be very careful, you could open a huge security hole.Ĭoncretely, your program should be paranoically coded (so check all arguments and the environment and outside conditions before "acting", assuming a potentially hostile user), then you could use seteuid(2) and friends (see also setreuid(2)) carefully (see also capabilities(7) & credentials(7) & execve(2).) that you have compiled into ELF binary from some C source code) -which is not a script- as root, you might consider making it setuid (and actually /bin/login, /usr/bin/sudo and /bin/su and super are all using that technique). If you want to run some binary executable (e.g. This will run the commands inside the script file without asking for a password.Īnother possibility might be to install, configure, then use the super command to run your script as super /path/to/your/script Now when running the command add sudo before it like: sudo. Replace ahmad with whatever your username is. Open the sudoers file: sudo visudo -f /etc/sudoersĪdd the following line at the end: ahmad ALL=(root) NOPASSWD: /home/ahmad/create_dir.sh Make changes so that this script doesn’t require a password. Save and exit (using :wq!)Īssign execute permissions to it using: sudo chmod u+x create_dir.sh The script will be created in the user’s home directoryĪdd some commands that only a root or sudo user can execute like creating a folder at the root directory level: mkdir /abc ![]() See comments belowĬomplete Solution: The following steps will help you achieve the desired output:Ĭreate a new script file (replace create_dir.sh with your desired script name): vim ~/create_dir.sh WARNING: This answer has been deemed insecure. Make sure that you have Defaults env_reset in /etc/sudoers or that this option is the compile-time default ( sudo sudo -V | grep env should include Reset the environment to a default set of variables). Note for readers who aren't running Ubuntu or who have changed the default sudo configuration (Ubuntu's sudo is ok by default): Running shell scripts with elevated privileges is risky, you need to start from a clean environment (once the shell has started, it's too late (see Allow setuid on shell scripts), so you need sudo to take care of that). ![]() (Don't give more permissions than the minimum required unless you've thought out the implications.) Note the use of (root), to allow the program to be run as root but not as other users. Myusername ALL = (root) NOPASSWD: /path/to/my/program Therefore, if you can execute any command with a password prompt, and you want to be able to execute a particular command without a password prompt, you need the exception last. $ cat ~/.sudopass.If there are multiple matching entries in /etc/sudoers, sudo uses the last one. Now you can reference this file to supply a password in your sudo command. A better method is to put your sudo password in a secure file. ![]() Note that the command above will show up in your terminal history, and also will be viewable by anyone looking over your shoulder. Notice we supply our password with the echo command first. As an example, we’ll run the whoami command with sudo privileges. ![]() You should also use the -k option, which will ensure that you get prompted for a password, even if you recently supplied it and have cached credentials.ġ. This relies on sudo’s -S option, which will accept input from stdin. If you don’t want to permanently disable the sudo password, you could alternatively supply the sudo password in a command. If you need to revert these changes, simply delete the line that you appended to the file. %sudo ALL=(ALL:ALL) NOPASSWD: ALLĪll done. If you would like to grant every user the ability to bypass the sudo password prompt, you’ll want to append this code instead. Save your changes and exit the file when done, and the changes will take effect immediately.ģ. At the bottom of this file, append the following line, while replacing linuxnightly with the name of your user account. Type the following command to edit the /etc/sudoers file. To avoid the sudo prompt ever showing up when you execute a sudo command, follow the instructions below.ġ. Otherwise, anyone logging into your account will have root permissions. Obligatory warning: Disabling the sudo password is a bad idea unless you’re on a test system or you’re the only user on the computer. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |