using a sudo command without a password for a certain app

Question

I'm using a python script to run docker, but docker requires sudo commands to run and it's bad practice to store the sudo password in the file or give the whole python script sudo rights, I've seen a method where you enable the system to run certain commands without entering a password, I've tried it but I can't get my head around it, I mainly entered it wrongly (I think) I even corrupted my sudoers file once and fixed it.

So can anyone explain this line for me and why it's not working?

username ALL = (root) NOPASSWD: /usr/bin/docker

Remove the spaces around = i.e. use username ALL=(root) NOPASSWD: /usr/bin/docker — heemayl, Jun 23 '15 at 12:16
Check the link on the updated answer..that could be a possible reason.. — heemayl, Jun 23 '15 at 12:35
possible duplicate of How to run an application using sudo without a password? — Jacob Vlijm, Jun 23 '15 at 12:40
@JacobVlijm i wanted an explanation for that line, not just how to use it and the manual just got me more confused :( — Newbie, Jun 24 '15 at 07:58

score 4 · Accepted Answer · edited Apr 13 '17 at 12:23

4

To prevent corrupting the /etc/sudoers file, always use the visudo command. If you don't like the default editor set the EDITOR environment variable to your desired one.

Put your user specification line as the last line in the sudoers file.

Update:

Please see: Adding NOPASSWD in /etc/sudoers doesn't work

edited Apr 13 '17 at 12:23

Community

1

answered Jun 23 '15 at 11:42

Árpád Szász

301

1

OP said can anyone explain this line for me and why it's not working? ..please add some explanation.. – heemayl Jun 23 '15 at 11:48
yes exactly what @heemayl said, i've found methods to restore it but i'm don't wanna do the trial and failure method with OS files, also didn't work – Newbie Jun 23 '15 at 12:06
What does sudo -l say as run by your non-root user? – Árpád Szász Jun 23 '15 at 12:11
If your line is before the %sudo ALL=(ALL:ALL) ALL line it will ask for a password. Updated my answer with a link to a better reply. – Árpád Szász Jun 23 '15 at 12:17

score 3 · Answer 2 · answered Jun 23 '15 at 12:39

3

Run the command:

sudo visudo

Now go to the entry of %sudo

 %sudo   ALL=(ALL:ALL) ALL

and replace it with:

 %sudo   ALL=(ALL) NOPASSWD:/usr/bin/docker

this will affect all sudo users. If you just want to do that option for one specific user"must have sudo permissions":

user ALL=(ALL) NOPASSWD:/usr/bin/docker

Now save and exit.

To be sure that everything is correct run the command:

sudo docker

It should run without prompting for user password.

Hint: Be sure your user has sudo permissions and be sure the path of the command is correct. you can check using which docker

answered Jun 23 '15 at 12:39

Maythux

84,289

Why are you suggesting that they remove the ability of all sudoers to run other commands with a password? – Olathe Jun 23 '15 at 12:43
How did you see I suggest that?! – Maythux Jun 23 '15 at 12:47
@Olathe I think you have to reread some concepts http://askubuntu.com/questions/118204/sudoers-simple-explanation-requested – Maythux Jun 23 '15 at 12:50
@Olathe And Why you are downvoting?! – Maythux Jun 23 '15 at 12:51
You said to replace the line %sudo ALL=(ALL:ALL) ALL with another line. This means that you are deleting that line when you replace it with another line. Since the line you are deleting is the line that allows all sudoers to run other commands with a password, those sudoers won't be able to run other commands with a password. – Olathe Jun 23 '15 at 12:53
Nope you misunderstand the syntax this just allow to run those sudoers the command docker without password and everything else remains as default. Read the answer in the uplink – Maythux Jun 23 '15 at 12:55
Hint is the thing! :) – McAngel Feb 08 '22 at 16:00

using a sudo command without a password for a certain app

2 Answers2