25

Possible Duplicate:
How do I use sudo in my script without needing a password?

I want to run a bash script as root with no password prompt.

I tried visudo with no luck(your_username ALL=(ALL) NOPASSWD: /path/to/your/script).

It seems to me the only way out there, is there any other?

Community
  • 1
Vromoth
  • 721
  • Just to be sure you are aware; you still have to run the script with sudo in front. The only difference is that it shouldn't ask you for a password anymore. – geirha Jul 25 '12 at 09:39
  • No its not, I tried that and it did not work. That is why I started this. – Vromoth Jul 25 '12 at 09:40
  • Geirha, What is the point of it then? What I want to do is run it by a keyboard command and not from terminal. – Vromoth Jul 25 '12 at 09:44
  • ok I can run it from another file though. ta – Vromoth Jul 25 '12 at 09:50
  • The point is, sudo will allow you to run the command as root without requiring password. Only sudo reads the sudoers file. – geirha Jul 25 '12 at 10:02

1 Answers1

43

There is a very neat trick in every Linux which will allow you to do so. It is called the SetUI bit.

Keep in mind that you will need to have the permissions locked down tight in this file for this to be secure.

Make the file owned by root and group root:

sudo chown root.root <my script>

Now set the SetUID bit, make it executable for all and writable only by root:

sudo chmod 4755 <my script>

Keep in mind if this script will allow any input or editing of files, this will also be done as root.

The SetUID bit makes a script or binary always run as the owner of the file/binary, an example of such a binary is 'passwd'.

There is a solution using sudoers here is an example you could use. Add these two lines at the end of your sudoers file. You can use visudo to edit the sudoers file. 

Cmnd_Alias        CMDS = /path/to/your/script

<username>  ALL=NOPASSWD: CMDS

Now just place sudo in front of your script and it should run without asking for a password.

wilson
  • 13
KDragonir
  • 819
  • 2
    If you want to be the only one who can run it do the following: 'chown root. '. and change the permissions: 'chmod 4750 '. – KDragonir Jul 25 '12 at 10:23
  • 16
    setuid on scripts has no effect in Ubuntu due to security issues. It is disabled in the kernel. – geirha Jul 25 '12 at 10:27
  • 1
    Not sure that is true, I am using Ubuntu 12.04 LTS Server and use SetUID for some of my scripts. And they work like a charm. I haven't changed the kernel though. – KDragonir Jul 25 '12 at 10:34
  • I'm on 12.04 too. -rwsr-xr-x 1 root root 18 Jul 25 12:41 /tmp/setuidtest. Script contains two lines, #!/bin/bash and id -u. Running it outputs my uid (1000), not root's (0). – geirha Jul 25 '12 at 10:45
  • It returns 1000 as ID on my machine to, however for some reason when I do 'sudo -s -u ' in a script with the SetUID I am not required to enter a password, while when I do that without the SetUID it requires me to enter my password. And the NOPASSWD is not in my sudoers file. So it should do what Vromoth wants, Run a script without password prompt. Nonetheless I think we should not get off topic too much here, but for some reason it seems to work just not for 100%. – KDragonir Jul 25 '12 at 11:00
  • @geirha: I will try to find out why this is, and will get back to you. – KDragonir Jul 25 '12 at 11:05
  • 2
    Well, "sudoing" to your own user doesn't require a password; sudo is smart enough to handle that case. – geirha Jul 25 '12 at 11:12
  • let us continue this discussion in chat – KDragonir Jul 25 '12 at 12:38