Use sudo without password INSIDE a script

Question

For some reason I need, as user, to run without sudo a script script.sh which needs root privileges to work.
I saw as the only solution to put sudo INSIDE script.sh. Let

Answer 1

As you noted, the file that must appear in the sudoers configuration is the one that is launched by sudo, and not the one that runs sudo.

That being said, what we often do, is having something like

user ALL=(ALL:ALL) NOPASSWD:/path/to/script.sh

in the sudo configuration, where script.sh has all the commands that the script has to do.

Then we define either a Bash function or an alias so that script.sh is actually

sudo /path/to/script.sh

The only issue is if some commands must not be run as root, you need to insert some su - user -c "command" commands in the script.

Answer 2

If your password isn't something you want to be very secure about, (maybe some testing server in the company etc.) you can elevate to sudo in the script via echo like:

echo YourPasswordHere | sudo -S Command

The prompt still prints the "enter password" text to output though. So don't expect it to be neat.

See this Askubuntu post

Answer 3

Simply, in order to execute commands as root you must use su (even sudo uses su) As long as you execute sudo ./script2.sh successfully just instead : sudo su "#" //commands as root here "#" exit //commands as use here you can make it a shell function with the name sudo, but no other better way i think,however it's the case with scripts inti,rc android ..etc must be tidy ;)

however this requires you to put NOPASSWD: su wich is totaly secure indeed

any way here just lacks POISX permissions principle which is filtering so dont enable something to all users or vice versa simply, call sudo as much as you want with no additional thing then:

chown root script.sh
chmod 0755 script.sh
chgrp sudo script.sh

"make root owner of .sh" "make it read only and exec for others" "and put it in sudo group" of course under sudo that's it

Answer 4

From my blog: IDMRockstar.com:

The kicker is that sometimes, I need to run commands as root. Here's the quick and dirty way I accomplish that without divulging the passwords:

#! /bin/bash
read -s -p "Enter Password for sudo: " sudoPW
echo $sudoPW | sudo -S yum update

This way the user is prompted for the password (and hidden from terminal) and then passed into commands as needed, so I'm not running the entire script as root =)

If you have a better, way, I'd love to hear it! I'm not a shell scripting expert by any means.

Cheers!

.: Adam

Answer 5

If you want to run sudo /usr/bin/apt-get update without a password, you need to have the sudoers entry:

user ALL=(ALL:ALL) NOPASSWD:/usr/bin/apt-get update

For the larger issue of the script as a whole, there are two possible approaches:

Approach 1

For each command in the script that needs sudo, create a line in sudoers specifically for that command. In this case, the script can be called normally:

./script1.sh

Approach 2

Place a line in sudoers for the script as a whole. When this is done, the individual commands do not need sudo. However, sudo must be used to start the script as in:

sudo ./script.sh

Answer 6

I suggest you look at the sudo environment variables - specifically you can use (and check for) $SUDO_USER. Call your script with sudo (1 entry in sudoers), then do user stuff as SUDO_USER and root stuff as root.