I would like to execute the following command without interaction:
sudo grep -e "test" /etc/sudoers
I have tried the following method:
tester#compute:~$ echo 'clouduser' | sudo -S grep -e "test" /etc/sudoers
[sudo] password for tester: test ALL=(ALL) NOPASSWD: ALL
The problem is that I am getting the [sudo] password for tester: in front of the response.
How I can cut that part from the front of the answer?
Thanks!
I will answer to my question - maybe someone else will need it:
(echo 'clouduser' | sudo -Si >/dev/null 2>&1); sudo grep -e test /etc/sudoers
Add the following line to your /etc/sudoers file in order to turn on password-less sudo. In this case, I use john as the login account. Change to your own account id.
john ALL=(ALL:ALL) ALL
Alternatively, and perhaps better is to put that line into a file called /etc/sudoers.d/john.
Related
I'm executing a command with sudo from bash script, and I'm wondering how to prevent sudo from displaying anything on the screen
echo "mypassword" | sudo -S cp -u /scripts/.bashrc ~/ > /dev/null 2>&1
The result will be an output displaying: [sudo] password for username:
I want to hide that output..
now, before the first comment;
This isn't the safest way, since you're entering your password into the script, but this is strictly internal servers.
Run sudo --help, we can get answer from the parameter list:
-p, --prompt=prompt use the specified password prompt
Then,
echo "mypassword" | sudo -S --prompt="" cp -u /scripts/.bashrc ~/ > /dev/null 2>&1
may do the trick.
Various times in my scripts I redirect output from the terminal to a file or something. Sometimes I'll specify a user for a command but that user doesn't work on the other side of the redirect.
sudo -i
# We are now the root user.
sudo -u abc echo 'Something...' > a_file.txt
Even though the echo is done as user abc the file will be created as root user.
I understand why this is happening, what I was hoping is that someone knows a way to make it work as desired so that the file a_file.txt gets created with the owner being user abc.
You can run multiple commands in a sudo shell and then all them are going to run under the same user:
sudo -u abc sh -c 'echo sth > a_file.txt'
Or you can use tee pipe:
sudo -u abc sthRequiringSudo | sudo -u abc tee a_file.txt >/dev/null
Or you can pass your commands to a sudo shell standard input:
sudo -u abc -s <<< "echo sth >a_file.txt"
You can even have the commands in multiple lines being sent to a sudo shell standard input:
sudo -u abc -s << EOF
echo sth >a_file.txt
echo sthelse >>a_file.txt
EOF
I need to check from bash script (running with root priveledges) if another user is question can execute sudo as a dedicaite permission via 'username ALL=(ALL) NOPASSWD: ALL' in sudoers.
simple command run from a user in question easily returns 1 or 0:
sudo -n uptime 2>&1|grep 'load'|wc -l
but it always returns as empty if I change the user within script:
sudo -i -u username bash <<EOF
CAN_I_RUN_SUDO="$(sudo -n uptime 2>&1|grep 'load'|wc -l)"
echo "$CAN_I_RUN_SUDO"
whoami
EOF
Here is my full script:
sudo -i -u username bash <<EOF
whoami
CAN_I_RUN_SUDO="$(sudo -n uptime 2>&1|grep 'load'|wc -l)"
echo "$CAN_I_RUN_SUDO"
EOF
if [ ${CAN_I_RUN_SUDO} -gt 0 ]
then
echo "I can run the Sudo command. No need to change sudoers"
else
echo "I can't run the Sudo command. Added to Sudoers."
sh -c "echo \"username ALL=(ALL) NOPASSWD: ALL\" >> /etc/sudoers"
fi
However, $CAN_I_RUN_SUDO is always returns empty (rather then 0 or 1) when I run it as a script. :-( so condition always fails.
I obviously missing something, but can't see it. Could you please help me?
Instead of grepping for output, you may be able to just check the return value of sudo:
if sudo -i -u username sudo -n uptime 2>&1; then
echo "I can run the Sudo command. No need to change sudoers"
else
echo "I can't run the Sudo command. Added to Sudoers."
echo "username ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
fi
If I may, my unrelated security advice would be to avoid automatically adding users to the sudoers file.
I am trying to update the crontab file of 1000+ systems using a for loop from jump host.
The below doesn't work.
echo -e 'pass365\!\n' | sudo -S echo 'hello' >> /var/spool/cron/root
-bash: /var/spool/cron/root: Permission denied
I do have (ALL) ALL in the sudoers file.
This is another solution;
echo 'pass365\!' | sudo -S bash -c 'echo "hello">> /var/spool/cron/root'
The below worked for me.
echo 'pass365\!' | sudo -S echo 'hello' | sudo -S tee -a /var/spool/cron/root > /dev/null
Problem 1: You are trying to send the password via echo to sudo.
Problem 2: You can't use shell redirection in a sudo command like that.
Between the two of these, consider setting up ssh public key authorization and doing
ssh root#host "echo 'hello' \>\> /var/spool/cron/root"
You may eventually get sudo working but it will be so much more pain than this.
I am trying to write a script that appends a line to the /etc/hosts, which means I need sudoer privileges. However, if I run the script from the desktop it does not prompt for a password. I simply get permission denied.
Example script:
#!/bin/bash
sudo echo '131.253.13.32 www.google.com' >> /etc/hosts
dscacheutil -flushcache
A terminal pops up and says permission denied, but never actually prompts for the sudo password. Is there a way to fix this?
sudo doesn't apply to the redirection operator. You can use either echo | sudo tee -a or sudo bash -c 'echo >>':
echo 131.253.13.32 www.google.com | sudo tee -a /etc/hosts
sudo bash -c 'echo 131.253.13.32 www.google.com >> /etc/hosts'
What you are doing here is effectively:
Switch to root, and run echo
Switch back to yourself and try to append the output of sudo onto
/etc/hosts
That doesn't work because you need to be root when you're appending to /etc/hosts, not when you're running echo.
The simplest way to do this is
sudo bash -c "sudo echo '131.253.13.32 www.google.com' >> /etc/hosts"
which will run bash itself as root. However, that's not particularly safe, since you're now invoking a shell as root, which could potentially do lots of nasty stuff (in particular, it will execute the contents of the file whose name is in the environment variable BASH_ENV, if there is one. So you might prefer to do this a bit more cautiously:
sudo env -i bash -c "sudo echo '131.253.13.32 www.google.com' >> /etc/hosts"