anand_sridharan
asked on
Linux executing sudo without password
Hi,
I am executing a sudo blah blah command through perl script on the linux ubuntu 10.11 shell. Everytime it asks me for a password for user anand.
I tried editing the sudoers file in /etc/sudoers and the file looks as shown below.
#!/usr/local/bin/perl
use strict;
use warnings;
my $dir = '/home/anand/exinda/automa te/tests/S wiftTest// tc001246/A utomation/ Results';
opendir DIR, $dir or die "could not open $dir dir: $!";
#my @dirs = grep { -d $_ } readdir DIR;
my @dirs = readdir DIR;
closedir DIR;
foreach my $d((@dirs)) {
if ($d eq ".." || $d eq ".") {
next;
}
opendir DIR, "$dir/$d" or die "could not open $dir/$d dir: $!";
my @files = readdir DIR;
closedir DIR;
print "found the files:\n", join("\n", @files), "\n";
}
This works in the same terminal. However if i open a different again it prompts me for a password. How do i get rid of this password pormpt everytime.
Kindly help.
Regards,
Anand.
I am executing a sudo blah blah command through perl script on the linux ubuntu 10.11 shell. Everytime it asks me for a password for user anand.
I tried editing the sudoers file in /etc/sudoers and the file looks as shown below.
#!/usr/local/bin/perl
use strict;
use warnings;
my $dir = '/home/anand/exinda/automa
opendir DIR, $dir or die "could not open $dir dir: $!";
#my @dirs = grep { -d $_ } readdir DIR;
my @dirs = readdir DIR;
closedir DIR;
foreach my $d((@dirs)) {
if ($d eq ".." || $d eq ".") {
next;
}
opendir DIR, "$dir/$d" or die "could not open $dir/$d dir: $!";
my @files = readdir DIR;
closedir DIR;
print "found the files:\n", join("\n", @files), "\n";
}
This works in the same terminal. However if i open a different again it prompts me for a password. How do i get rid of this password pormpt everytime.
Kindly help.
Regards,
Anand.
ASKER
OOOOps... sorry about that..
# /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL) ALL
anand ALL=NOPASSWD: ALL
# Allow members of group sudo to execute any command
# (Note that later entries override this, so you might need to move
# it further down)
%sudo ALL=(ALL) ALL
#
#includedir /etc/sudoers.d
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
# /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL) ALL
anand ALL=NOPASSWD: ALL
# Allow members of group sudo to execute any command
# (Note that later entries override this, so you might need to move
# it further down)
%sudo ALL=(ALL) ALL
#
#includedir /etc/sudoers.d
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
can you run id anand?
If you are a member of multiple groups (sudo,admin), you will be prompted for a password because of the settings for these groups which require a password.
If you are a member of multiple groups (sudo,admin), you will be prompted for a password because of the settings for these groups which require a password.
ASKER
Here is the output of "id" command
anand@anand-OptiPlex-980:~ $ id anand
uid=1000(anand) gid=1000(anand) groups=1000(anand),0(root) ,119(admin )
So should I remove anand from any of the groups?
- A -
anand@anand-OptiPlex-980:~
uid=1000(anand) gid=1000(anand) groups=1000(anand),0(root)
So should I remove anand from any of the groups?
- A -
You are in "root" and "admin" groups, so you should remove "anand ALL=NOPASSWD: ALL" in /etc/sudoers file.
ASKER
Ganjos,
That didn't work. I removed and tried from another linux terminal but it's asking for password. Thanks.
-A-
That didn't work. I removed and tried from another linux terminal but it's asking for password. Thanks.
-A-
In new terminal you need to enter password once, then rest should be passwd free. Is that correct?
Are you using visudo (/usr/sbin/visudo) to make the changes to the configuration?
I thought you may need to, but tested it and it seems that the more specific (per user) overrides the group (%groupname)
altough the user with which I was testing has a UID < 1000.
I thought you may need to, but tested it and it seems that the more specific (per user) overrides the group (%groupname)
altough the user with which I was testing has a UID < 1000.
Try this:
anand ALL = (root) NOPASSWD: ALL
anand ALL = (root) NOPASSWD: ALL
ASKER
Hi,
Ok.. What I am trying to achieve is..In my test automation whenever I kick off a test on my linux (ubuntu) box the tests should start running without asking for password. Not even once. To kck of a test case I issue a sudo command through perl script which prompts me for password presently.
I tried editing throgh visudo i couldn't achieve this.
I tried the ganjos solution I couldnt' achieve this. Is this achievable at all.
-A-
Ok.. What I am trying to achieve is..In my test automation whenever I kick off a test on my linux (ubuntu) box the tests should start running without asking for password. Not even once. To kck of a test case I issue a sudo command through perl script which prompts me for password presently.
I tried editing throgh visudo i couldn't achieve this.
I tried the ganjos solution I couldnt' achieve this. Is this achievable at all.
-A-
anand ALL=(ALL) ALL NO PASSWD: ALL
Does this work?
Does this work?
I've just added the following to sudoers:
simon ALL=(ALL) NOPASSWD: ALL
on Ubuntu 10.04 and it lets me (username = "simon") run commands without a password.
It might be worth moving the line to the bottom of the file.
simon ALL=(ALL) NOPASSWD: ALL
on Ubuntu 10.04 and it lets me (username = "simon") run commands without a password.
It might be worth moving the line to the bottom of the file.
By the way, please do this through visudo, not by editing the sudoers file directly - visudo not only locks the file so that only one person can edit it at a time, but it also validates the contents before it tries to use them.
Since you have sudo rights, it is wasteful then not to elevate your rights and configure/setup the test script to run as root from the get go as opposed to start with a limited/restricted user and then run sudo to elevate ones rights.
If you have access to both a truck and a small car, you would pick one to do the job, you would not start with the car and then sometime through the process switch to the truck.
If you have access to both a truck and a small car, you would pick one to do the job, you would not start with the car and then sometime through the process switch to the truck.
If I had access to a whittling knife and a chainsaw, I'd use the chainsaw to chop the tree into chunks, and the knife to carve a chunk into a duck. Being root for longer than necessary is like trying to whittle with a chainsaw. (Yes, I know that there are people who whittle with a chainsaw, but it is very difficult, takes a long time to get it right, and it is so easy to end up with a headless duck!)
Simon, was that meant to counter my analogy?
administrative scripts/tasks should be run with administrative rights.
Or as the user that has access to the data which all can be setup without the need to run a script as the admin and then elevate rights for individual tasks.
I'll skip another analogy and spare you ......
administrative scripts/tasks should be run with administrative rights.
Or as the user that has access to the data which all can be setup without the need to run a script as the admin and then elevate rights for individual tasks.
I'll skip another analogy and spare you ......
Your second point is the same as my analogy - do as many things as a normal user as you can, then become root to perform tasks which need to be root.
ASKER
Hi,
So how do I run a command as root instead of user "anand" in my case?
-A-
So how do I run a command as root instead of user "anand" in my case?
-A-
What is the command that you want to run?
What is the task that you want the script to perform?
What is the task that you want the script to perform?
ASKER
Currently from my perl script i issue a command as follows
$ret = system("sudo ./execute_tests");
When perl hits this statement I am prompted for a password Since there was a suggestion earlier from one of you to run this command as root, I wanted to know how to do the same. There is only one user in my system which is me (anand). I want to trigger the test cases without the need for typing a password. Am I still confusing you? Please let me know.
-A-
$ret = system("sudo ./execute_tests");
When perl hits this statement I am prompted for a password Since there was a suggestion earlier from one of you to run this command as root, I wanted to know how to do the same. There is only one user in my system which is me (anand). I want to trigger the test cases without the need for typing a password. Am I still confusing you? Please let me know.
-A-
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi,
Whatever I do it looks like I will be prompted for password atleast once. All the options work only if I run the command in the same window. If I open a different terminal and then I am prompted for password. Not sure how to avoid this. May be if I don't get any solution today I will close this question. Thanks to everyone.
-A-
Whatever I do it looks like I will be prompted for password atleast once. All the options work only if I run the command in the same window. If I open a different terminal and then I am prompted for password. Not sure how to avoid this. May be if I don't get any solution today I will close this question. Thanks to everyone.
-A-
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi,
So how to run this command as a root. I have only one user account in my ubuntu.
Regards,
Anand.
So how to run this command as a root. I have only one user account in my ubuntu.
Regards,
Anand.
From
$ sudo command/script.sh
To
# command/script.sh
$ sudo command/script.sh
To
# command/script.sh
ASKER
Hi,
I guess I wasn't clear with my previous question. How do I log in as root? I don't know what is the password for root if I do a su command? I am a little new to linux administration so please excuse me if I am being silly. :)
Currently my login prompt is ....$> ..How do I get the # prompt without issuing a su command
-A-
I guess I wasn't clear with my previous question. How do I log in as root? I don't know what is the password for root if I do a su command? I am a little new to linux administration so please excuse me if I am being silly. :)
Currently my login prompt is ....$> ..How do I get the # prompt without issuing a su command
-A-
I thought you have a "root" password from your last "id" command:
$ id anand
uid=1000(anand) gid=1000(anand) groups=1000(anand),0(root) ,119(admin )
You login as yourself, ie anand, then
$ /bin/su -
To root, you need root password. Then will give you
#
$ id anand
uid=1000(anand) gid=1000(anand) groups=1000(anand),0(root)
You login as yourself, ie anand, then
$ /bin/su -
To root, you need root password. Then will give you
#
ASKER
But I don't know what is my root password. I don't remember setting one. I set just one user name in my ubuntu linux 10.10.
You either need to recover root password, or run sudo as a user.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Anad,
Just to make sure we haven't missed anything, could you please post your current /etc/sudoers file?
Thanks,
Simon
Just to make sure we haven't missed anything, could you please post your current /etc/sudoers file?
Thanks,
Simon
The other thing to check is your /etc/pam.d/sudo file (if you have one) - that may require at least one password per session.
ASKER
My sudoers file below:
# /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL) ALL
anand ALL =(ALL) NOPASSWD: /home/anand/test/run.exe
# Allow members of group sudo to execute any command
# (Note that later entries override this, so you might need to move
# it further down)
%sudo ALL=(ALL) ALL
#
#includedir /etc/sudoers.d
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
# /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL) ALL
anand ALL =(ALL) NOPASSWD: /home/anand/test/run.exe
# Allow members of group sudo to execute any command
# (Note that later entries override this, so you might need to move
# it further down)
%sudo ALL=(ALL) ALL
#
#includedir /etc/sudoers.d
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
One more thing to try:
$ id anand
uid=1000(anand) gid=1000(anand) groups=1000(anand),0(root) ,119(admin )
Add your gid to admin group, and change last line of /etc/sudoers file to be:
%admin ALL =(ALL) NOPASSWD: /home/anand/test/run.exe
$ id anand
uid=1000(anand) gid=1000(anand) groups=1000(anand),0(root)
Add your gid to admin group, and change last line of /etc/sudoers file to be:
%admin ALL =(ALL) NOPASSWD: /home/anand/test/run.exe
ASKER
Hi,
Sorry but how do I add my gid to admin group?
-A-
Sorry but how do I add my gid to admin group?
-A-
useradd -G admin -u anand
ASKER
I am getting this error message
anand@anand-OptiPlex-980:~ $ id
uid=1000(anand) gid=1000(anand) groups=1000(anand),0(root) ,119(admin )
anand@anand-OptiPlex-980:~ $ useradd -G admin -u anand
useradd: invalid user ID 'anand'
anand@anand-OptiPlex-980:~ $
anand@anand-OptiPlex-980:~
uid=1000(anand) gid=1000(anand) groups=1000(anand),0(root)
anand@anand-OptiPlex-980:~
useradd: invalid user ID 'anand'
anand@anand-OptiPlex-980:~
useradd -G admin -u 1000
ASKER
Still I am not getting the desired result. It displays me the help menu...
anand@anand-OptiPlex-980:~ $ useradd -G admin -u 1000
Usage: useradd [options] LOGIN
Options:
-b, --base-dir BASE_DIR base directory for the home directory of the
new account
-c, --comment COMMENT GECOS field of the new account
-d, --home-dir HOME_DIR home directory of the new account
-D, --defaults print or change default useradd configuration
-e, --expiredate EXPIRE_DATE expiration date of the new account
-f, --inactive INACTIVE password inactivity period of the new account
-g, --gid GROUP name or ID of the primary group of the new
account
-G, --groups GROUPS list of supplementary groups of the new
account
-h, --help display this help message and exit
-k, --skel SKEL_DIR use this alternative skeleton directory
-K, --key KEY=VALUE override /etc/login.defs defaults
-l, --no-log-init do not add the user to the lastlog and
faillog databases
-m, --create-home create the user's home directory
-M, --no-create-home do not create the user's home directory
-N, --no-user-group do not create a group with the same name as
the user
-o, --non-unique allow to create users with duplicate
(non-unique) UID
-p, --password PASSWORD encrypted password of the new account
-r, --system create a system account
-s, --shell SHELL login shell of the new account
-u, --uid UID user ID of the new account
-U, --user-group create a group with the same name as the user
-Z, --selinux-user SEUSER use a specific SEUSER for the SELinux user mapping
anand@anand-OptiPlex-980:~ $
anand@anand-OptiPlex-980:~
Usage: useradd [options] LOGIN
Options:
-b, --base-dir BASE_DIR base directory for the home directory of the
new account
-c, --comment COMMENT GECOS field of the new account
-d, --home-dir HOME_DIR home directory of the new account
-D, --defaults print or change default useradd configuration
-e, --expiredate EXPIRE_DATE expiration date of the new account
-f, --inactive INACTIVE password inactivity period of the new account
-g, --gid GROUP name or ID of the primary group of the new
account
-G, --groups GROUPS list of supplementary groups of the new
account
-h, --help display this help message and exit
-k, --skel SKEL_DIR use this alternative skeleton directory
-K, --key KEY=VALUE override /etc/login.defs defaults
-l, --no-log-init do not add the user to the lastlog and
faillog databases
-m, --create-home create the user's home directory
-M, --no-create-home do not create the user's home directory
-N, --no-user-group do not create a group with the same name as
the user
-o, --non-unique allow to create users with duplicate
(non-unique) UID
-p, --password PASSWORD encrypted password of the new account
-r, --system create a system account
-s, --shell SHELL login shell of the new account
-u, --uid UID user ID of the new account
-U, --user-group create a group with the same name as the user
-Z, --selinux-user SEUSER use a specific SEUSER for the SELinux user mapping
anand@anand-OptiPlex-980:~
Who created your account and sudoers file?
useradd -G admin anand
ASKER
nand@anand-OptiPlex-980:~$ useradd -G admin anand
useradd: user 'anand' already exists
anand@anand-OptiPlex-980:~ $
I created user anand when I installed ubuntu 10.10. Sudoers file was there already after installation.
useradd: user 'anand' already exists
anand@anand-OptiPlex-980:~
I created user anand when I installed ubuntu 10.10. Sudoers file was there already after installation.
Is there "root" account when you installed, recover root password is easy. Just boot the server from installation CD/DVD in "recover" mode, mount the /root partition to /mnt. Then remove root password in /mnt/etc/shadow and save. Then reboot you machin, you have a root account without password.
ASKER
Yes. root account is there but asking for some password which I never set up when i say "su". Let me try and get back to you.
But isn't a root account without a password dangerous? Is there a way to reset the password rather than a password-less root account?
But isn't a root account without a password dangerous? Is there a way to reset the password rather than a password-less root account?
Once you recovered, after you login, just reset root password as:
# passwd root
# passwd root
Your account anand, is limited to running one command, your rights are derived from the admin group.
Change
%admin ALL=NOPASSWD: ALL
And you will no longer be prompted for a password.
The default for root after install is not to have a password i.e. sudo bash; grep root /etc/passwd and /etc/shadow will likely reflect !!. You can set the root's password in the elevated mode using passwd root.
There is no point in trying to recover a password that was not set.
Change
%admin ALL=NOPASSWD: ALL
And you will no longer be prompted for a password.
The default for root after install is not to have a password i.e. sudo bash; grep root /etc/passwd and /etc/shadow will likely reflect !!. You can set the root's password in the elevated mode using passwd root.
There is no point in trying to recover a password that was not set.
ASKER
Hurray!!! This worked. Thankyou Arnold.. Now I can execute the command without password in any terminal. Thanks for all your help.
ASKER
I wish I had other another alternative solution to achieve what I wanted to. Looks like I have to dig it out from somewhere.
Normally you need to put user anand in /etc/sudoers, ie.
anand ALL=(ALL) ALL