29

I have two users on my system: itsadok, my main user, and elasticsearch, a user with a different ulimit for running ElasticSearch.

I would like to be able to run stuff as the secondary user without being prompted for password every time.

I added the following line to /etc/sudoers:

itsadok ALL=(elasticsearch:elasticsearch) NOPASSWD: ALL

The way I understand it, this should allow the user itsadok, on any host, to run any command as (user or group) elasticsearch without a password. However, trying something like

itsadok@dev001$ sudo -u elasticsearch ls

prompts me for a password. Restarting the machine did not help.

What am I doing wrong?

UPDATE:

It turns our that the order of lines in sudoers is significant. I placed the line under "User privilege specification" which sounded like the right place, but the line for the %admin group that comes later was overriding the setting.

Putting the same line at the end of the sudoers file fixed the issue.

itsadok
  • 2,904

3 Answers3

19

Follow these steps:

  1. Edit sudoers file (this can be present in /etc/sudoers.d/file_name) 
sudo visudo -f /etc/sudoers
  1. Add line at the end of the file 
usernameusedforlogin ALL=(ALL) NOPASSWD:ALL
  1. Save file 
esc :wq!
Giacomo1968
  • 250
jatashankar shukla
  • 199
  • This allows the user to run all commands on all hosts without passwords as any user, but it does not grant any group privileges, which was part of the original question. Generally, this is bad advice as you're giving the user very broad privileges. – d4nyll Jun 18 '19 at 01:11
  • as of 2022, this is the standard way. – Uzumaki D. Ichigo Dec 15 '22 at 18:15
12

Revised answer from comments: If you place directives below #includedir, they are ignored. Move the line next to the sudo or admingroup definitions, or place it in separate file in /etc/sudoers.d/.

Tuminoid
  • 3,952
  • Didn't work. Also, the file already had a root ALL=(ALL:ALL) ALL with no spaces around the colon, so it doesn't seem right. Just to be safe, I tried just (elasticsearch). Doesn't work. – itsadok Jan 10 '13 at 15:03
  • You are correct, it works without whitespace in 12.10 at least. Which Ubuntu you are using and exactly where in sudoers you place this line? I have faint recollection that if on older systems you placed the line after first #includedir, it got ignored. If it is at the end of file, try inserting it above the includedir. – Tuminoid Jan 11 '13 at 06:23
  • 1
    Your comment set me on the right track: the order of the entries matters. Later settings override earlier settings. – itsadok Jan 13 '13 at 12:05
0

Alternately you can use python pudo package: https://pypi.org/project/pudo/1.0.0/

Installation:

user$ sudo -H pip3 install pudo # you can install using pip2 also

Below is the code snippit for using in python automation for running cmds under root privilege::

user$ python3 # or python2
>>> import pudo
>>> (ret, out) = pudo.run(('ls', '/root')) # or pudo.run('ls /root')
>>> print(ret)
>>> 0
>>> print(out)
>>> b'Desktop\nDownloads\nPictures\nMusic\n'

Below is the cmd example for running cmds under root privilege

user$ pudo ls /root
Desktop  Downloads  Pictures  Music
Madhusudhan Kasula
  • 1
  • Please do not repost the same answer to many questions - if the questions are similar to each other enough so that they're duplicates, flag them as duplicates instead. Thank you! – Thomas Ward Feb 14 '20 at 15:27