0

I need than a deployer (member of group deploy) can run some scripts with root priviegies. But I dont want that deployers can run anythig. I try this.

With a root user I do:

~$ echo "touch /opt/expe/\$file_name.txt" > create_file.sh
~$ echo "chown \$USER /opt/expe/\$file_name.txt" >> create_file.sh
~$ cat create_file.sh
touch /opt/expe/$file_name.txt
chown $USER /opt/expe/$file_name.txt

~$ sudo mv create_file.sh /opt/expe/create_file.sh
~$ sudo chgrp deploy /opt/expe/create_file.sh
~$ sudo chmod g+x /opt/expe/create_file.sh
~$ sudo visudo 
%deploy ALL=(root) NOPASSWD:/opt/expe/create_file.sh

With a deploy not-root user I do:

~$ groups
deploy
~$ /opt/expe/create_file.sh
touch: cannot touch '/opt/expe/my_text.txt': Permission denied
chown: cannot access '/opt/expe/my_text.txt': No such file or directory

Why the touch command did not executed as root?

How can I do a script that excute commands as root for a non root user?

Refs:

terdon
  • 100,812
Emilio Platzer
  • 234
  • Your sudoers entry removes the need to type a password - you still need to prepend the command with sudo – steeldriver Jul 30 '17 at 16:21
  • But if I prepend sudo I get: /opt/expe/create_file.sh \n [sudo] password for user_deploy: \n Sorry, user user_deploy is not allowed to execute '/usr/bin/touch /opt/expe/my_text.txt' as root on this_server. – Emilio Platzer Jul 30 '17 at 16:27

0 Answers0