1

It is a home computer, with no other users using it.

Could someone give a helping hand to create scripts for every each following commands: 

echo 100 > /sys/class/backlight/intel_backlight/brightness

ethtool -s eth0 autoneg off speed 100 duplex full

dhclient eth0

apt-get update && apt-get upgrade && apt-get dist-upgrade -y

apt-get autoremove && remove && clean && autoclean -y

Adding each script in

/etc/sudoers

ALL=(ALL:ALL) ALL you ALL=(ALL:ALL) NOPASSWD: /usr/local/sbin/myscript.sh

So, there will never be need again the sudo password when using these commands.

Or, if you have any other more straight, simple, faster, more minimal way to achieve the request.

XPDIN
  • 577
  • 1
    It's probably not possible with the echo command, since (in bash and zsh afaik) it's a builtin command. To run as sudo, the shell would have to run as sudo, and in that case every command would be run as root. – Tommaso Thea Jun 07 '17 at 21:24
  • 2
    Put all those commands into a script, use fill path to binaries. Run the script with sudo. Probably need to use tee rather then echo. See https://askubuntu.com/questions/20578/redirect-the-output-using-sudo . I would put one command per line, and your commands are incomplete. For example apt-get update && upgrade && dist-upgrade -y should be apt-get update && apt-get upgrade && apt-get -y dist-upgrade` – Panther Jun 07 '17 at 21:27
  • 1
    I think what the OP is trying to do is to execute these frequently used commands without having to enter a password. Scripting this stuff would require passing the password to the script at some point. The password would probably have to be stored somewhere in plain text which would be bad. – jones0610 Jun 07 '17 at 21:36
  • If it is not possible or it is a big risk(like having the password stored somewhere in plain text) to never write the password for every each command, maybe at least it is possible to write it only one after boot. Without to have to write it again until the next reboot, or after system sleeps or hibernates for example. – XPDIN Jun 07 '17 at 22:01
  • Thank you for your replies, @bodhi.zazen I am not so advanced and I have never used or made any script until now, can you please share a link where I can find out more please? And if you have some tips and tricks about add in the script those specific commands I am looking for please. Regards. – XPDIN Jun 08 '17 at 14:17
  • 1
    See http://linuxcommand.org/ I would start at the beginning and work through but you can jump right to http://linuxcommand.org/lc3_writing_shell_scripts.php – Panther Jun 08 '17 at 15:47
  • @bodhi.zazen Thank you for the link, unfortunately I can't figure it out how to do it, if you are in a mood for it, and you can do it extremely fast, can you please show an example for one of the commands I am looking for, and I will do for the other ones please? Thank you. – XPDIN Jun 08 '17 at 21:32
  • It could be this possible to achieve? https://unix.stackexchange.com/a/353764/198195 – XPDIN Jun 08 '17 at 21:48
  • Thank you for your kindness @DavidFoerster I would be extremely thankful if you could help me to create a script more scripts for every each commands from the first post, witch could be add in /etc/sudoers you ALL=(ALL:ALL) ALL you ALL=(ALL:ALL) NOPASSWD: /usr/local/sbin/myscript.sh So I will never be asked again for the sudo password when I will use one of each commands. Or do you have any other more straight, simple, faster. more minimal way to achieve that wanted results please? Thank you. – XPDIN Jun 09 '17 at 13:54
  • I really appreciate your patient @DavidFoerster. I've tried to re-compensate it, offering some time to edit the topic in a more explicit way, hopefully, now it is better. If there are more things to change, looking forward for more suggestions, or even some advises regarding the topic requests please. Regards. – XPDIN Jun 09 '17 at 19:12

2 Answers2

3

The genesis of the sudo feature was to create and restrict root abilities for selected mortal users. Also to create a logged audit trail to look at in case someone broke something using root access. Prior to that time, many users and administrators would log on as root and do all of their work in a root privileged shell whether they needed those capabilities or not. It was not uncommon to log on to a server and see many dozens of root logins from many different terminals. Obviously, this led to chaos.

The only major risk that I see for what you are proposing is that if someone hacks into your account they would have increased access to root owned files and commands. If you have telnet disabled and ssh locked down securely, those risk would be minimized. As a systems administrator for many decades I always advise against circumventing security models but what you want to do, in the context of a limited access home environment is probably relatively safe.

That said, if you are unfamiliar with writing scripts or programming generally, writing a script to bypass sudo security as a first scripting effort is probably ill advised. Unless you write your script in a very clever way, someone could very well come along and figure out your password and / or exploit your script to do bad things.

The easiest, but not at all the wisest way to accomplish what you want is to basically log in as root. This would effectively bypass sudo in that shell.

sudo su

enter your password

Your prompt will change from $ to #

whoami

Verify that you are indeed root

I would use this shell ONLY for commands that require root access. Do NOT use it for day-to-day mortal user operations. You WILL eventually break something accidentally. All experienced Sys Admins have at one time or another.

jones0610
  • 2,157
  • Thank you for advices @jones0610 Can you tell please if these two commands should be enough for your two recommendations? sudo apt-get purge --auto-remove telnet + sudo ufw deny ssh or sudo ufw deny 22 Regards – XPDIN Jun 07 '17 at 22:21
  • 1
    Removing telnet is always a good idea. Also blocking port 23 in the firewall. As for ssh, if you will never need to ssh or sftp into your machine, blocking port 22 would be fine. Personally, I would not do this (because I do need to ssh into my machines) and instead would configure /etc/ssh/sshd_config to be very restrictive. Most hackers try to brute force attack the root account. If you disallow ssh root logins you'll probably be fine. – jones0610 Jun 07 '17 at 22:30
  • Thank you very much @jones0610, I am not going to use any telnet or ssh connection. sudo apt-get purge --auto-remove telnet + sudo ufw deny ssh should be good enough ? Can you say please, they also "disallow ssh root logins" ? After checking if /etc/ssh/sshd_config it seams that this file doesn't exist, should be fine, indeed? Best wishes. – XPDIN Jun 08 '17 at 14:22
  • 1
    Your plan should be fine. I am totally paranoid about system security and tend to lock things down very tightly. For your restricted home environment, your proposal should work well for you. If you liked my answer I always appreciate having it accepted. Best of luck to you! – jones0610 Jun 08 '17 at 15:37
  • I am really grateful for your help, time and professional advices @jones0610 Please excuse me, maybe the most important question in this case was the second one, if you have any suggestions, recommendations please, and we can resolve the issue, it would be my pleasure to check your replay as accepted. Sincerely. – XPDIN Jun 08 '17 at 17:56
  • 1
    Blocking port 22 at the firewall and removing telnet will eliminate most any attempt to hack into your system. Of course there are other vectors that hackers use but for your plan to modify the sudo model I think you are ok. Most of the really bad hacking, most notably installing a rootkit would make what you are planning on doing moot. It's always a good idea to disable unneeded services and to block ports at the firewall that you will never use. Not to be vague in my answer but there is no such thing as an unhackable computer. – jones0610 Jun 08 '17 at 18:05
  • My apologize @jones0610, I was talking about the second question from the main post "I would like to don't have to write at all the sudo password for these commands:" I have been reading in here http://linuxcommand.org/lc3_writing_shell_scripts.php how to write a script, it seams that this is the only way tho achieve the second question. – XPDIN Jun 08 '17 at 18:26
  • 1
    @XPDIN read my updated answer – jones0610 Jun 08 '17 at 19:26
  • "I would like to don't have to write at all the sudo password for these commands:" without to have to login to root, or to use sudo, even after reboot/shutdown/sleep/hibernate. It seams that the only way is to create a script. Thank you. – XPDIN Jun 08 '17 at 19:32
  • 1
    Whatever pleases you. Good luck. – jones0610 Jun 08 '17 at 19:39
0

It seems that these steps resolved this case:

sudo su

Create /usr/local/bin/scriptname and write the beyond lines in it:

#!/bin/bash

command in here without sudo

# the end of the script's name

_

Create /etc/sudoers.d/scriptname and write the following lines in it:

User_Alias scriptname=username
Cmnd_Alias scriptabreviaton=/usr/local/bin/scriptname
scriptname ALL=NOPASSWD: scriptabreviaton

Add at the end of /etc/sudoers the next two lines:

username ALL=(ALL:ALL) ALL
username ALL=(ALL:ALL) NOPASSWD: /usr/local/bin/scriptname

_

chown root:root /etc/sudoers.d/scriptname
chown root:root /usr/local/bin/scriptname
chmod 0700 /usr/local/bin/scriptname
chmod 0440 /etc/sudoers.d/scriptname

_

From the regular user name:

sudo /usr/local/bin/scriptname

It shouldn't ask for sudo password any more.

Everywhere when it is written "scriptname", "usernme", "scriptabreviaton" every each of them should be the same.

XPDIN
  • 577
  • what is scriptabreviaton. Please in my cae i am making n=0 while ! sudo mkdir $n do n=$((n+1)) done target=$/home/USER/RECORD/3/$((n+1)) set ffmpeg -video_size 1336x748 -framerate 10 -f x11grab -i :0.0+10,20 /home/USER/RECORD/3/$n/1.mp4 while I run this script ordinarily outside root it works. But while I use it after following above it shows error "******/7/1.mp4: No such file or directory" – Ajay Jun 12 '21 at 08:21