0

I have got a program which to start needs to be started with sudo, but as it would be very useful for this program to start up at startup without me having to manually start it, is there a way to get a program to start up at start up that would need to have sudo before it and then an admin password given to run it? And is there any way of doing this without causing a security risk?

OS Information:

Description:    Ubuntu 14.10
Release:    14.10
  • If it is important (or preferable) for you not to edit the sudoers file, there is an other option (from the "trickery and deceit" department) to run an application after log- in from root. Let me know and I'll post it. – Jacob Vlijm Apr 04 '15 at 21:01
  • @JacobVlijm I'm curious, what is it ? – MoonSweep Apr 05 '15 at 10:28
  • @MoonSweep: What is what? The application that I want to run? –  Apr 05 '15 at 10:29
  • No, the root trick. – MoonSweep Apr 05 '15 at 10:29
  • @Moonsweep it is a bit of a dirty trick, and it depends on the situation if it fits. I remember having it posted some time ago (although I would rethink the concept a bit if I would write it now): http://askubuntu.com/a/486304/72216 I am curious however what is the application (Torodial). – Jacob Vlijm Apr 05 '15 at 11:47
  • @JacobVlijm: Well, you see I asked a question here about how I could get OSSEC HIDS to start up at start up, but as that was very specific and the commands were not working for that I decided to make a more general question on it here. But now I can't really make this a duplicate of that one or something because this is much more general, but might be good to merge them as they are both leading to answers about the same thing. –  Apr 05 '15 at 12:00

1 Answers1

2

I think it's not possible without configuring sudo to let the user launch the program without a password (through /etc/sudoers and the NOPASSWD option), which can be considered like a more or less important security risk depending on the program involved.

The best that can be done is to instruct sudo to restrict this to a single user, and only for that particular program, with a line like:

my_user ALL = (root:root) NOPASSWD: /path/to/my_program

MoonSweep
  • 388