• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3849
  • Last Modified:

sudo: no tty present and no askpass program specified

I'm stuck. Our Oracle DBA has a script (see code below) which triggers a transport script (from another user's account) to transfer the file over to an external server using the local ch33data userid. However, the message that keeps appearing if the script is run via cron:

sudo: no tty present and no askpass program specified

In the /etc/sudoers file, I have commented out the "Default requiretty" and added the following for the oracle userid:

# Allow user oracle to run commands specified
oracle          ALL=(ch33data) /bin/sh, /bin/*, /home/ch33data/bin/*

# Execute the Materialized Views Refresh, Export, Zip, and Transfer scripts.

set -x
. ~/.bash_profile > /dev/null

### Setting ORACLE_SID
dblist=`cat /etc/oratab | grep -v "#" | awk -F: '{ print $1 }'`
for sid in $dblist;
    echo "ORACLE SID: " $sid
    export ORACLE_SID=$sid
    . ~/${ORACLE_SID}.env > /dev/null

dtStamp=`date +%m%d%y`
# LOG_DIR= --set in profile
exec > ${EXEC_LOG} 2>&1


# Transfer compressed PAI data to FTP server.
sudo -u ch33data /home/ch33data/bin/pai_exp_mview_transfer.sh >> ${EXEC_LOG}

# Report success or failure for file transference
if [ ${STATUS} -ne 0 ]; then
  echo "subject:FAILED PAI File Transfer."  | cat - $SCRIPT_DIR/emailDist/testHeader.txt ${EXEC_LOG} | /usr/sbin/sendmail -t
  exit 1

echo "subject:SUCCEEDED $ORACLE_SID PAI Transfer."  | cat - $SCRIPT_DIR/emailDist/testHeader.txt ${EXEC_LOG} | /usr/sbin/sendmail -t

Open in new window

Michael Worsham
Michael Worsham
  • 2
2 Solutions
Unfortunately, there are still problems with your sudo file, you need to use NOPASSWD option since script cannot enter password and the second thing is that sudo is very literal.  It would not accept globbing.  You  need to enter the entire commands.

oracle          ALL=(ch33data) /bin/sh, /bin/*, /home/ch33data/bin/*

You need to use
oracle        ALL=(ch33data)       NOPASSWD: /home/ch33data/bin/scriptname
Michael WorshamInfrastructure / Solutions ArchitectAuthor Commented:
Actually, the following became the solution after I did a bit more research:

## External PAI Server
Runas_Alias PAI = ch33data

#Defaults    requiretty
oracle          ALL = (PAI) NOPASSWD: /bin/sh, /bin/*, /home/ch33data/bin/*

Open in new window

Michael WorshamInfrastructure / Solutions ArchitectAuthor Commented:
First I tried the following:

oracle          ALL = (ch33data) NOPASSWD: /bin/sh, /bin/*, /home/ch33data/bin/*

But ‘visudoers’ command had a hissy fit over it (i.e. would not allow the file to save as it found a syntax error).

I found that the Runas_Alias was what was needed, then the visudoers command allowed the variables to be saved.

Reference site: http://www.gratisoft.us/sudo/sudoers.man.html
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now