-1

My script, when executed as root, uses the sudo without passwd, and that is fine. Sometimes however, I must execute that script as an ordinary user, which "switches" to itself by that sudo command. I must omit the passwd procedure in this case also.

Currently I use the default (almost empty) sudoers file. I'd like to extend it with a simple, general, not user-specific rule for the above.

I tried to setup some wildcard rules with * and ALL, but failed.

Thank you for your help.

stoqlt
  • 81
  • 1
  • 5

2 Answers2

0

Say that the user that must execute the script is someuser, the full path to the script is /usr/local/bin/somescript.

Using visudo, add the following line

someuser ALL=(someuser) NOPASSWD: /usr/local/bin/somescript

To execute this (you can omit the full path if the script is in the $PATH:

someuser@somehost:~$ sudo -u someuser /usr/local/bin/somescript

But... there's any reason why you can't execute the command without sudo? There shouldn't be any difference calling it sudo'ed this way or just without sudo

update

If you need to allow all users to execute any command as any user, put the following line (but take into account that this is a TOTALLY INSECURE AND RISKY configuration. This would allow any user (first column) to execute on any machine (non-important, 2nd column) any command(fourth column) as any user (third column, between parentheses))

ALL ALL=(ALL) ALL
Carlos Campderrós
  • 773
  • 2
  • 6
  • 17
  • "There shouldn't be any difference calling it sudo'ed this way or just without sudo" `You are right. But I have to use the script 'as is'` –  Jun 11 '12 at 22:32
  • Thanks Carlos, your suggestion seems to be correct, and I will use it if I cannot find a less explicit solution. However, I am looking for a less specialized config. For all users. For all commands. Nothing specific, just the "No difference" phenomenon mentioned above. –  Jun 11 '12 at 22:40
  • I'd like to specify something like (%Myself) or (%Sameuser) in the parantheses. Then NOPASSWD: would do its job. –  Jun 13 '12 at 01:17
-2

You want to execute a script that will run as root, but allow non-privileged users to run it. This means you should enable the setuid bit.

berg
  • 101