[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3666
  • Last Modified:

sudo: no tty present and no askpass program specified

I'm stuck. Our Oracle DBA has a script (see code below) which triggers a transport script (from another user's account) to transfer the file over to an external server using the local ch33data userid. However, the message that keeps appearing if the script is run via cron:

sudo: no tty present and no askpass program specified

In the /etc/sudoers file, I have commented out the "Default requiretty" and added the following for the oracle userid:

# Allow user oracle to run commands specified
oracle          ALL=(ch33data) /bin/sh, /bin/*, /home/ch33data/bin/*

#!/bin/sh
# Execute the Materialized Views Refresh, Export, Zip, and Transfer scripts.

set -x
. ~/.bash_profile > /dev/null

### Setting ORACLE_SID
dblist=`cat /etc/oratab | grep -v "#" | awk -F: '{ print $1 }'`
for sid in $dblist;
  do
    echo "ORACLE SID: " $sid
    export ORACLE_SID=$sid
    . ~/${ORACLE_SID}.env > /dev/null
  done

dtStamp=`date +%m%d%y`
# LOG_DIR= --set in profile
EXEC_LOG=${LOG_DIR}/ch33_mview.${dtStamp}.exec.${ORACLE_SID}.log
exec > ${EXEC_LOG} 2>&1

echo "ORACLE_SID is " $ORACLE_SID > ${EXEC_LOG}

# Transfer compressed PAI data to FTP server.
sudo -u ch33data /home/ch33data/bin/pai_exp_mview_transfer.sh >> ${EXEC_LOG}

# Report success or failure for file transference
if [ ${STATUS} -ne 0 ]; then
  echo "subject:FAILED PAI File Transfer."  | cat - $SCRIPT_DIR/emailDist/testHeader.txt ${EXEC_LOG} | /usr/sbin/sendmail -t
  exit 1
fi

echo "subject:SUCCEEDED $ORACLE_SID PAI Transfer."  | cat - $SCRIPT_DIR/emailDist/testHeader.txt ${EXEC_LOG} | /usr/sbin/sendmail -t

Open in new window

0
Michael Worsham
Asked:
Michael Worsham
  • 2
2 Solutions
 
farzanjCommented:
Unfortunately, there are still problems with your sudo file, you need to use NOPASSWD option since script cannot enter password and the second thing is that sudo is very literal.  It would not accept globbing.  You  need to enter the entire commands.

oracle          ALL=(ch33data) /bin/sh, /bin/*, /home/ch33data/bin/*

You need to use
oracle        ALL=(ch33data)       NOPASSWD: /home/ch33data/bin/scriptname
0
 
Michael WorshamInfrastructure / Solutions ArchitectAuthor Commented:
Actually, the following became the solution after I did a bit more research:


## External PAI Server
Runas_Alias PAI = ch33data

#Defaults    requiretty
oracle          ALL = (PAI) NOPASSWD: /bin/sh, /bin/*, /home/ch33data/bin/*

Open in new window

0
 
Michael WorshamInfrastructure / Solutions ArchitectAuthor Commented:
First I tried the following:

oracle          ALL = (ch33data) NOPASSWD: /bin/sh, /bin/*, /home/ch33data/bin/*

But ‘visudoers’ command had a hissy fit over it (i.e. would not allow the file to save as it found a syntax error).

I found that the Runas_Alias was what was needed, then the visudoers command allowed the variables to be saved.

Reference site: http://www.gratisoft.us/sudo/sudoers.man.html
0

Featured Post

Prep for the ITIL® Foundation Certification Exam

December’s Course of the Month is now available! Enroll to learn ITIL® Foundation best practices for delivering IT services effectively and efficiently.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now