1

I'm trying to make my jenkins user able to execute a script with www-data user so I've tried adding

jenkins ALL=NOPASSWD:ALL

at the end of my sudoers file but it didn't work, password was asked when I used the command

sudo -u www-data /path/to/script.sh

I also tried adding the line in a file under /etc/sudoers.d/ but it didn't help.

Here is my sudoers file as of today

#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults        env_reset
Defaults        mail_badpass
Defaults        secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

# Host alias specification

#Cmnd alias specification

# User privilege specification
root    ALL=(ALL:ALL) ALL

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

# See sudoers(5) for more information on "#include" directives:

#includedir /etc/sudoers.d

# User alias specification

I've seen in lots of forums that the line had to be added at the end of the sudoers file which I did but it never worked. Do you have an idea?

Tony Martin
  • 11
  • Because your user matched multiple options in the file, are you not also a member of either sudo or admin group? comment out those options or remove your user from that group(s). – Panther Sep 19 '14 at 21:08
  • This is quite strange, try this link. @bodhi.zazen: according to sudoers manual: When multiple entries match for a user, they are applied in order. Where there are multiple matches, the last match is used (which is not necessarily the most specific match). It is not necessary remove user from those groups or comment out those line. – Lety Sep 19 '14 at 23:19
  • Yes exactly, that's why I've tried adding line at the end. Also here are the groups of my jenkins user : jenkins : jenkins www-data shadow – Tony Martin Sep 20 '14 at 07:45
  • I've also tried to add the line specifically for my script and it didn't work, sudo was asked again. But now, I realize that jenkins can sudo with no password when launching a sudo service restart for example or sudo apt update... Only asking for the script, I'll look on the script side. – Tony Martin Sep 20 '14 at 07:52

1 Answers1

0

Find the following line:

%sudo   ALL=(ALL:ALL) ALL

Replace it with this line:

%sudo   ALL=(ALL:ALL) NOPASSWD: ALL
Eliah Kagan
  • 117,780
mostafa sobhy
  • 1