18

I have got postfix installed on my machine and I am updating virtual_alias on the fly programmatically(using python)(on some action). Once I update the entry in the /etc/postfix/virtual_alias, I am running the command:

sudo /usr/sbin/postmap /etc/postfix/virtual_alias 2>>/work/postfix_valias_errorfile
But I am getting the error:
sudo: sorry, you must have a tty to run sudo

I want to run the mentioned sudo command in a non-human way(meaning, I am running this system command from a python script.). So how do I get this command run programmatically?

Nanda Kishore
  • 2,789
  • 5
  • 38
  • 61

6 Answers6

20

You can either run your python script as root itself - then you won't need to add privilege to reload postfix.

Or you can configure sudo to not need a password for /etc/init.d/postfix.

sudo configuration (via visudo) allows NOPASSWD: to allow the command without a password. See http://www.sudo.ws/sudo/man/sudoers.html#nopasswd_and_passwd

<username>  ALL = NOPASSWD: /etc/init.d/postfix

or something similar.

Douglas Leeder
  • 52,368
  • 9
  • 94
  • 137
  • Douglas! How do I configure sudo to not need a password on that script(/etc/init.d/postfix reload) alone? – Nanda Kishore Feb 24 '09 at 20:14
  • Making sudo need not passwork is subject of sudoers, and out of the scope of programming question, sudo can be configured per program per user. – myroslav Feb 24 '09 at 20:43
4
#include <unistd.h>
#include <stdlib.h>

// gcc -o reload_postfix reload_postfix.c
// chown root reload_postfix
// chmod +s reload_postfix

int main( int argc, char **argv ) {
    setuid( geteuid() );
    system("/etc/init.d/postifx reload");
}

Wrap your command in setuid-ed program. This will let any user restart postfix. You can of course further restrict the execute permission to certain groups.

codelogic
  • 71,764
  • 9
  • 59
  • 54
  • I was talking about python script! – Nanda Kishore Feb 24 '09 at 19:51
  • Since you're making postfix configuration changes, I assumed this is for a server and that security would be far more important than using a specific programming language. You can't setuid() scripts because of the way they are executed, hence this solution (a very common one). – codelogic Feb 24 '09 at 19:55
  • sudo is considered be superior way to gain root privileges. It changes idea of scattering setuid bits across filesystem to single executable capable of that functionality (sudo) with central configuration, more flexible policies with audit-able usage. – myroslav Feb 24 '09 at 21:39
3

To answer the error:"sudo: sorry, you must have a tty to run sudo", we have a setting called "Defaults requiretty" in sudoers file. I tried commenting it out and it worked :D.

Nanda Kishore
  • 2,789
  • 5
  • 38
  • 61
  • The other way is to stick an exclamation mark in front of requiretty i.e. "Defaults !requiretty". That way anyone reading the sudoers file can see that you're explicitly allowing sudo without a tty – Ian Ellis Feb 12 '16 at 22:10
2
import os
os.popen("sudo -S /etc/init.d/postifx reload", 'w').write("yourpassword")

This of course is almost always not a good idea as the password is in plain text.

CTT
  • 16,901
  • 6
  • 41
  • 37
  • 2
    A sudo password in plaintext is a TERRIBLE idea, there are far more secure ways. The setuid bit specifically addresses this concern. – codelogic Feb 24 '09 at 19:50
  • Plain text password? Eeek! Set NOPASSWD in /etc/sudoers for the user or group, so no password will need to be supplied to sudo. – Ian Ellis Feb 13 '16 at 00:00
  • 1
    It's not that much of a bad idea if you want a quick and dirty solution on your own personal computer. It's just bad in a production environment. – answerSeeker Jan 05 '17 at 18:44
1

if you're gonna do this in python you should just do the following:

write this command before the line that you call the shell command

os.setuid(os.geteuid())

then, you call the shell command without "sudo" prefix

Brian Mains
  • 50,520
  • 35
  • 148
  • 257
torkashvan
  • 11
  • 1
0

See StackLick

You need to grant a user to run sudo command without password.

Mohammad Shokouhi Gol
  • 349
  • 2
  • 18