15

I am writing a bash script to perform a daily backup. This script will ultimately run automatically every morning (cron or systemd).

What I would like to accomplish is

  1. Stop myservice
  2. Perform backup procedures
  3. Start myservice

The bash script I have created looks something like this:

# Stop myservice
systemctl stop myservice.service

# Do all the backing up here...

# Start myservice
systemctl start myservice.service

The issue I am having is that when I run this script, it requires my password during the systemctl stop/start calls. If this is to run automatically, obviously it can't require a password every time. How do I run this script automatically without requiring this password?

Ubuntu 18.04

Thanks!

muru
  • 197,895
  • 55
  • 485
  • 740
noslenkwah
  • 263
  • 1
  • 5
  • 8

3 Answers3

17

You have multiple possibilities, depending on your needs and preferences.

An apparent approach …

… would be to run the whole script as user root by adding it to root's crontab (using sudo crontab -e). It won't need any password then when systemctl stop/start myservice.service is run. The downside is that you may need to run the backup tasks as another user (say noslenkwah) and have to switch to that other user for the backup. Example:

# Stop myservice
systemctl stop myservice.service

# Do all the backing up here...
# ... and run the backup_command as user "otheruser":
sudo -u noslenkwah /path/to/backup_command --with --some --options

# Start myservice
systemctl start myservice.service

Another approach …

… would be to add the systemctl commands to a file in the /etc/sudoers.d directory so that a specific user may run them without supplying a password.

  1. issue sudo visudo -f /etc/sudoers.d/noslenkwah (The filename, noslenkwah doesn't matter, it is just a personal habit of mine to name the files after the "main" user affected by the settings in that file. It just needs to be a file below the directory /etc/sudoers.d.)

  2. Add the following lines and save the file.

    Cmnd_Alias MYSERVICE = \
    /bin/systemctl stop myservice.service, \
    /bin/systemctl start myservice.service

noslenkwah ALL = (root) NOPASSWD: MYSERVICE

This allows the user noslenkwah to run sudo systemctl stop myservice.service and sudo systemctl start myservice.service without a password. It defines a socalled command alias (collection of commands) named MYSERVICE and then allows

  • the user noslenkwah
  • on ALL computers
  • as user root
  • without a password
  • to run the commands defined by MYSERVICE

Replace noslenkwah and myservice with the actual username and service name. Note that you really must issue sudo systemctl start myservice.service for this to work (not sudo systemctl start myservice (without .service, for example).

Don't care about the "on ALL computers" part. This is relevant only if you intend to distribute the very same sudoers file to multiple computers.

You would then change your backup script to

# Stop myservice
sudo systemctl stop myservice.service

# Do all the backing up here...
/path/to/backup_command --with --some --options

# Start myservice
sudo systemctl start myservice.service

and have it run as user noslenkwah.

PerlDuck
  • 13,335
4

Run this shell script as root.

For example, put it in the root crontab: sudo crontab -e

Linus
  • 51
0

You can run it as sudo Or, create a user without a home directory, add it to the sudoers file, give it special permissions to not require a password and run that script, as per PerlDuck's answer (item 2), and then run the command with

sudo -u <your_created_user>
Maximo Migliari
  • 1