![]() ![]() Specifically I want passwordless sudo for this new user. I want to add a new user that has the same behavior as the default Ubuntu user. The example above shows that when we log in as the user guest and start the script with sudo, we must type the password. 283 How does the ubuntu user on the AWS images for Ubuntu Server 12.04 have passwordless sudo for all commands when there is no configuration for it in /etc/sudoers I'm using Ubuntu server 12.04 on Amazon. rw- 1 root root 19768 Oct 24 23:05 root_vimrc user ALL (ALL) NOPASSWD:/path/to/script.sh (I think I didn't fully understand the difference) But this doesn't solve my problem if I don't use sudo to execute this script. Therefore, if we execute the same script as another regular user, we have to provide the correct password: guest$ sudo. However, this privilege is only assigned to the user kent. Further, we haven’t leaked the password anywhere. rw- 1 root root 19768 Oct 24 22:59 root_vimrcĪs we’ve seen in the output, this time, sudo didn’t prompt for the password and copied the file directly. Next, let’s save the change and test if it works as we expected: kent$ sudo. Now if you want a command executing with sudo should ask for the password again, simply open the configuration file using a text editor and remove that line you. This line tells sudo: When the user kent executes the script /tmp/test/cpvimrc.sh with sudo, the sudo command will run the script as root without asking for a password. To achieve that, we can add one line to the sudo command’s configuration: kent ALL=(root) NOPASSWD: /tmp/test/cpvimrc.sh cpvimrc.sh” command in a non-interactive mode. Our goal is to allow the kent user to run the “ sudo. Both of them require root permission to save the changes. See below.To edit the sudo command’s configuration, we can either execute the visudo command or edit the file /etc/sudoers. For many situations (such as for real servers) this would be considered too much of a security risk. Looks like you can edit additional sudo config files with visudo. Using sudo without a password You can also configure sudo to not ask for a password to verify your identity. ![]() I should also mention that I used vim to create the new file within /etc/sudoers.d, as it seems that the visudo command is only for editing /etc/sudoers. Am I missing a step, like a restart/reload)? Configuring something wrong? Tried chmodding 755 on the app, but don't think that should make a difference, since ubuntu owns it anyway.Įven tried rebooting the system with no difference. rwxr-r- 1 ubuntu ubuntu 1874 Oct 29 06:47 unicorn_my_app I found sudo still popped up to ask me password even after I had added my user with NOPASSWD: ALL in visudo. Service is there in the init.d directory: $ ls -l /etc/init.d | grep unicorn However there's still a password prompt following running systemctl restart unicorn_my_app.service (The hash sign in #includedir is not a comment, but part of the #include directive syntax). # See sudoers(5) for more information on "#include" directives: # Allow members of group sudo to execute any command # Members of the admin group may gain root privileges # See the man page for details on how to write a sudoers file.ĭefaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" # Please consider adding local content in /etc/sudoers.d/ instead of # This file MUST be edited with the 'visudo' command as root. %LimitedAdmins ALL=NOPASSWD: /bin/systemctl/unicorn_ofn_america restart, /bin/systemctl/unicorn_ofn_america startĬontent of /etc/sudoers/ is the default as confirmed with sudo visudo (or sudo cat /etc/sudoers): # %LimitedAdmins ALL=NOPASSWD: /etc/init.d/unicorn_ofn_america restart, /etc/init.d/unicorn_ofn_america start Have followed the instructions here to add user ubuntu to a newly created group, LimitedAdmins, which is confirmed with: $ getent group LimitedAdminsĬreated a new file, limitedadmins (using sudo vim) in the /etc/sudoers.d directory containing the following text: Specifically systemctl restart unicorn_my_app.service. I want the default user, ubuntu to be able to run a specific service without being prompted for a password. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |