![]() ![]() My script has a lot of commands (with some cd to root-access-only config files), and the solution can't be "Well, just do it directly with apt-get". I want to insist on the fact that this "apt-get update" was just an example FAR from whhat my script actually is. This post is then for helping people having this problem and searching for the same solution (I didn't find a good post on it), and perhaps have better solutions coming from you guys. But I am not truly satisfied of this solution, particularly by the fact that I have to use 2 scripts for every command. So, ok, I create another script script2.sh as following : script2.sh Well, so I say to myself "Ok, that means that if I have a file refered in sudoers as I did, it will work without prompt only if I call him with sudo, what is not what I want". (I think I didn't fully understand the difference)īut this doesn't solve my problem if I don't use sudo to execute this script : #. Then I added to my sudoers file (at the end to override everything else) : user ALL=(ALL:ALL) NOPASSWD:/path/to/script.shīy the way, I also tried the line : user ALL=(ALL) NOPASSWD:/path/to/script.sh Of course, if I execute this script, I get a prompt asking me for a password. I saw as the only solution to put sudo INSIDE script.sh. I just wanted to let you know about the Ubuntu convention of preferring sudo instead and let you know that there is an alternative.For some reason I need, as user, to run without sudo a script script.sh which needs root privileges to work. Just to clarify, you can, if you choose, give the root user a password allowing logins as root, if you specifically want to do things this way instead. It's a good security principle not to stay as a superuser for longer than necessary, just to lessen the possibility of accidentally causing some damage to the system (without it, you can only damage files your user owns). However when doing so you just need to be aware that you are acting as a superuser for every command. and this can still be done without any root password, because sudo gives superuser privileges to the su command.Īnd similarly, instead of su - for a login shell you can use sudo su - or even sudo -i. With sudo, you still have the option of opening a permanent (interactive) superuser shell with the command: sudo su This can lead to people staying in the superuser shell for longer than necessary just because it's more convenient than logging out and in again later. With su, you permanently drop to a superuser shell which must be exited using exit or logout. Sudo makes it easier to perform a single command with superuser privileges. Instead, an attacker would need to know a local account name. Not having a root password makes brute force attacks on the root account impossible: this is relevant if you allow login over SSH. And lastly, if there is a security breach it can in some cases leave a better audit trail showing which user account was compromised. ![]() You can even choose which commands a user is allowed to perform using sudo and which commands are forbidden for that user. If you have multiple users, you can revoke one's superuser access just by removing their sudo permission, without needing to change the root password and notify everyone of a new password. ![]() There is no need for them to remember a root password, as they use their own password. With sudo, you choose in advance which users have sudo access. You will see the above usage of sudo pretty much anywhere you read a tutorial about Ubuntu on the web. This is remembered for a few minutes so if you have a few tasks to do with sudo it will only ask you for your password on the first. For instance, to run apt-get dist-upgrade as a superuser, you could use: sudo apt-get dist-upgradeīy default, sudo will ask you for your own account password when performing this. In a default Ubuntu install the person who installed the OS is given "sudo" permission by default.Īnybody with "sudo" permission may perform something "as a superuser" by pre-pending sudo to their command. Sudo is an alternative to giving people a root password in order to perform superuser duties. ![]() While you can create a password for the root account allowing you to log in as root with su, there are some distinct benefits to using sudo. Instead you are given the ability to perform tasks with superuser privileges using sudo. By default the Ubuntu installer does not set up a root password and therefore you don't get the ability to log in as root. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |