Linux executing sudo without password

Hi,

I am executing a sudo blah blah command through perl script on the linux ubuntu 10.11 shell. Everytime it asks me for a password for user anand.
I tried editing the sudoers file in /etc/sudoers and the file looks as shown below.

#!/usr/local/bin/perl

use strict;
use warnings;

my $dir = '/home/anand/exinda/automate/tests/SwiftTest//tc001246/Automation/Results';

opendir DIR, $dir or die "could not open $dir dir: $!";
#my @dirs = grep { -d $_ } readdir DIR;
my @dirs = readdir DIR;
closedir DIR;

foreach my $d((@dirs)) {
    if ($d eq ".." || $d eq ".") {
        next;
    }

    opendir DIR, "$dir/$d" or die "could not open $dir/$d dir: $!";
    my @files = readdir DIR;
    closedir DIR;
    print "found the files:\n", join("\n", @files), "\n";
}

This works in the same terminal. However if i open a different again it prompts me for a password. How do i get rid of this password pormpt everytime.

Kindly help.

Regards,
Anand.

anand_sridharanAsked:
Who is Participating?
 
anand_sridharanAuthor Commented:
Ok then.. Looks like I have to think someother way out.. thanks for all your help..

-A-
0
 
Joseph GanSystem AdminCommented:
This looks not the sudoers file to me. This looks like a perl script.

Normally you need to put user anand in /etc/sudoers, ie.

anand   ALL=(ALL)  ALL
0
 
anand_sridharanAuthor Commented:
OOOOps... sorry about that..


# /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the man page for details on how to write a sudoers file.
#

Defaults    env_reset

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root    ALL=(ALL) ALL
anand   ALL=NOPASSWD: ALL

# Allow members of group sudo to execute any command
# (Note that later entries override this, so you might need to move
# it further down)
%sudo ALL=(ALL) ALL
#
#includedir /etc/sudoers.d

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
arnoldCommented:
can you run id anand?
If you are a member of multiple groups (sudo,admin), you will be prompted for a password because of the settings for these groups which require a password.

0
 
anand_sridharanAuthor Commented:
Here is the output of "id" command

anand@anand-OptiPlex-980:~$ id anand
uid=1000(anand) gid=1000(anand) groups=1000(anand),0(root),119(admin)

So should I remove anand from any of the groups?

- A -
0
 
Joseph GanSystem AdminCommented:
You are in "root" and "admin" groups, so you should remove "anand   ALL=NOPASSWD: ALL" in /etc/sudoers file.
0
 
anand_sridharanAuthor Commented:
Ganjos,

That didn't work.  I removed and tried from another linux terminal but it's asking for password. Thanks.

-A-
0
 
Joseph GanSystem AdminCommented:
In new terminal you need to enter password once, then rest should be passwd free. Is that correct?
0
 
arnoldCommented:
Are you using visudo (/usr/sbin/visudo) to make the changes to the configuration?

I thought you may need to, but tested it and it seems that the more specific (per user) overrides the group (%groupname)
altough the user with which I was testing has a UID < 1000.
0
 
Joseph GanSystem AdminCommented:
Try this:

anand  ALL = (root) NOPASSWD: ALL
0
 
anand_sridharanAuthor Commented:
Hi,

Ok.. What I am trying to achieve is..In my test automation whenever I kick off a test on my linux (ubuntu) box the tests should start running without asking for password. Not even once. To kck of a test case I issue a sudo command through perl script which prompts me for password presently.

I tried editing throgh visudo i couldn't achieve this.

I tried the ganjos solution I couldnt' achieve this. Is this achievable at all.

-A-
0
 
florjanCommented:
anand ALL=(ALL) ALL NO PASSWD: ALL
Does this work?
0
 
simon3270Commented:
I've just added the following to sudoers:

   simon ALL=(ALL) NOPASSWD: ALL

on Ubuntu 10.04 and it lets me (username = "simon") run commands without a password.

It might be worth moving the line to the bottom of the file.
0
 
simon3270Commented:
By the way, please do this through visudo, not by editing the sudoers file directly - visudo not only locks the file so that only one person can edit it at a time, but it also validates the contents before it tries to use them.
0
 
arnoldCommented:
Since you have sudo rights, it is wasteful then not to elevate your rights and configure/setup the test script to run as root from the get go as opposed to start with a limited/restricted user and then run sudo to elevate ones rights.

If you have access to both a truck and a small car, you would pick one to do the job, you would not start with the car and then sometime through the process switch to the truck.

0
 
simon3270Commented:
If I had access to a whittling knife and a chainsaw, I'd use the chainsaw to chop the tree into chunks, and the knife to carve a chunk into a duck.  Being root for longer than necessary is like trying to whittle with a chainsaw.  (Yes, I know that there are people who whittle with a chainsaw, but it is very difficult, takes a long time to get it right, and it is so easy to end up with a headless duck!)
0
 
arnoldCommented:
Simon, was that meant to counter my analogy?
administrative scripts/tasks should be run with administrative rights.
Or as the user that has access to the data which all can be setup without the need to run a script as the admin and then elevate rights for individual tasks.
I'll skip another analogy and spare you ......

0
 
simon3270Commented:
Your second point is the same as my analogy - do as many things as a normal user as you can, then become root to perform tasks which need to be root.
0
 
anand_sridharanAuthor Commented:
Hi,

So how do I run a command as root instead of user "anand" in my case?

-A-
0
 
arnoldCommented:
What is the command that you want to run?
What is the task that you want the script to perform?
0
 
anand_sridharanAuthor Commented:
Currently from my perl script i issue a command as follows


$ret = system("sudo ./execute_tests");

When perl hits this statement I am prompted for a password Since there was a suggestion earlier from one of you to run this command as root, I wanted to know how to do the same. There is only one user in my system which is me (anand). I want to trigger the test cases without the need for typing a password. Am I still confusing you? Please let me know.

-A-
0
 
arnoldCommented:
Why not run the execute_tests from cron of a root user?
If you want to see the output, you may want to either log to a file where your user can view it, or into a database(mysql) etc.

A sudo with nopasswd, is a security risk given that anyone who gets to the terminal and runs sudo bash gets elevated shell, you could create a separate user with no password, but restricted to running a specific task, i.e. execute_tests.
0
 
simon3270Commented:
You could still use sudo, but replace the last ALL on the line with a list of the commands that you want to allow.  For example, I had this when I was experimenting with sudo a while ago:

  simon ALL=(ALL) NOPASSWD: /usr/bin/vi, /home/simon/execute.sh

You have to be careful which commands you allow - if, for example, you do allow /usr/bin/vi, the user can get a shell by just entering :sh when they are in vi.  Also put the full path in - when sudo tries to find the command it is running, it uses a minimal PATH, so wouldn't find the execute.sh here - specify it as "sudo /home/simon/execute.sh".
0
 
anand_sridharanAuthor Commented:
Hi,

Whatever I do it looks like I will be prompted for password atleast once. All the options work only if I run the command in the same window. If I open a different terminal and then I am prompted for password. Not sure how to avoid this. May be if I don't get any solution today I will close this question. Thanks to everyone.

-A-
0
 
Joseph GanSystem AdminCommented:
Sound is normal to me, ie. if you run as user first teim in a terminal, will prompt you password once. Because this is a security enhancement, if the user be compermised, the account can run anything as root on ther server. However, if run command/script as root, shouldn't need any password.
0
 
anand_sridharanAuthor Commented:
Hi,

So how to run this command as a root. I have only one user account in my ubuntu.

Regards,
Anand.
0
 
Joseph GanSystem AdminCommented:
From
$ sudo command/script.sh
To
# command/script.sh
0
 
anand_sridharanAuthor Commented:
Hi,
I guess I wasn't clear with my previous question.  How do I log in as root? I don't know what is the password for root if I do a su command? I am a little new to linux administration so please excuse me if I am being silly. :)

Currently my login prompt is ....$> ..How do I get the # prompt without issuing a su command


-A-
0
 
Joseph GanSystem AdminCommented:
I thought you have a "root" password from your last "id" command:
$ id anand
uid=1000(anand) gid=1000(anand) groups=1000(anand),0(root),119(admin)

You login as yourself, ie anand, then
$ /bin/su -

To root, you need root password. Then will give you
#
0
 
anand_sridharanAuthor Commented:
But I don't know what is my root password. I don't remember setting one. I set just one user name in  my ubuntu linux 10.10.

0
 
Joseph GanSystem AdminCommented:
You either need to recover root password, or run sudo as a user.
0
 
simon3270Commented:
Anad,

Just to make sure we haven't missed anything, could you please post your current /etc/sudoers file?

Thanks,
Simon
0
 
simon3270Commented:
The other thing to check is your /etc/pam.d/sudo file (if you have one) - that may require at least one password per session.
0
 
anand_sridharanAuthor Commented:
My sudoers file below:

# /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the man page for details on how to write a sudoers file.
#

Defaults        env_reset

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root    ALL=(ALL) ALL
anand  ALL =(ALL) NOPASSWD: /home/anand/test/run.exe


# Allow members of group sudo to execute any command
# (Note that later entries override this, so you might need to move
# it further down)
%sudo ALL=(ALL) ALL
#
#includedir /etc/sudoers.d

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
0
 
Joseph GanSystem AdminCommented:
One more thing to try:

$ id anand
uid=1000(anand) gid=1000(anand) groups=1000(anand),0(root),119(admin)

Add your gid to admin group, and change last line of /etc/sudoers file to be:

%admin ALL =(ALL) NOPASSWD: /home/anand/test/run.exe



0
 
anand_sridharanAuthor Commented:
Hi,

Sorry but how do I add my gid to admin group?

-A-
0
 
Joseph GanSystem AdminCommented:
useradd -G admin -u anand
0
 
anand_sridharanAuthor Commented:
I am getting this error message

anand@anand-OptiPlex-980:~$ id
uid=1000(anand) gid=1000(anand) groups=1000(anand),0(root),119(admin)
anand@anand-OptiPlex-980:~$ useradd -G admin -u anand
useradd: invalid user ID 'anand'
anand@anand-OptiPlex-980:~$
0
 
Joseph GanSystem AdminCommented:
useradd -G admin -u 1000
0
 
anand_sridharanAuthor Commented:
Still I am not getting the desired result. It displays me the help menu...


anand@anand-OptiPlex-980:~$ useradd -G admin -u 1000
Usage: useradd [options] LOGIN

Options:
  -b, --base-dir BASE_DIR       base directory for the home directory of the
                                new account
  -c, --comment COMMENT         GECOS field of the new account
  -d, --home-dir HOME_DIR       home directory of the new account
  -D, --defaults                print or change default useradd configuration
  -e, --expiredate EXPIRE_DATE  expiration date of the new account
  -f, --inactive INACTIVE       password inactivity period of the new account
  -g, --gid GROUP               name or ID of the primary group of the new
                                account
  -G, --groups GROUPS           list of supplementary groups of the new
                                account
  -h, --help                    display this help message and exit
  -k, --skel SKEL_DIR           use this alternative skeleton directory
  -K, --key KEY=VALUE           override /etc/login.defs defaults
  -l, --no-log-init             do not add the user to the lastlog and
                                faillog databases
  -m, --create-home             create the user's home directory
  -M, --no-create-home          do not create the user's home directory
  -N, --no-user-group           do not create a group with the same name as
                                the user
  -o, --non-unique              allow to create users with duplicate
                                (non-unique) UID
  -p, --password PASSWORD       encrypted password of the new account
  -r, --system                  create a system account
  -s, --shell SHELL             login shell of the new account
  -u, --uid UID                 user ID of the new account
  -U, --user-group              create a group with the same name as the user
  -Z, --selinux-user SEUSER     use a specific SEUSER for the SELinux user mapping

anand@anand-OptiPlex-980:~$

0
 
Joseph GanSystem AdminCommented:
Who created your account and sudoers file?
0
 
Joseph GanSystem AdminCommented:
useradd -G admin anand
0
 
anand_sridharanAuthor Commented:
nand@anand-OptiPlex-980:~$ useradd -G admin anand
useradd: user 'anand' already exists
anand@anand-OptiPlex-980:~$

I created user anand when I installed ubuntu 10.10. Sudoers file was there already after installation.
0
 
Joseph GanSystem AdminCommented:
Is there "root" account when you installed, recover root password is easy. Just boot the server from installation CD/DVD in "recover" mode, mount the /root partition to /mnt. Then remove root password in /mnt/etc/shadow and save. Then reboot you machin, you have a root account without password.
0
 
anand_sridharanAuthor Commented:
Yes. root account is there but asking for some password which I never set up when i say "su". Let me try and get back to you.

But isn't a root account without a password dangerous? Is there a way to reset the password rather than a password-less root account?
0
 
Joseph GanSystem AdminCommented:
Once you recovered, after you login, just reset root password as:
# passwd root
0
 
arnoldCommented:
Your account anand, is limited to running one command, your rights are derived from the admin group.
Change
%admin ALL=NOPASSWD: ALL
And you will no longer be prompted for a password.
The default for root after install is not to have a password i.e. sudo bash; grep root /etc/passwd and /etc/shadow will likely reflect !!. You can set the root's password in the elevated mode using passwd root.
There is no point in trying to recover a password that was not set.
0
 
anand_sridharanAuthor Commented:
Hurray!!! This worked. Thankyou Arnold.. Now I can execute the command without password in any terminal. Thanks for all your help.
0
 
anand_sridharanAuthor Commented:
I wish I had other another alternative solution to achieve what I wanted to. Looks like I have to dig it out from somewhere.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.