How do I edit /etc/sudoers from a script?

Question

I need to edit /etc/sudoers from a script to add/remove stuff from white lists.

Assuming I have a command that would work on a normal file, how could I

Answer 1

Old thread, but what about:

echo 'foobar ALL=(ALL:ALL) ALL' | sudo EDITOR='tee -a' visudo

Answer 2

This worked for me based off what others posted here. When i used other peoples script it would open visudo for me but would not make the edit. This made the edit i needed to allow all users, including standard users, to install java 7u17 for safari/firefox.

#!/usr/bin/env bash
rm /etc/sudoers.new
cp /etc/sudoers /etc/sudoers.new
echo "%everyone   ALL = NOPASSWD: /usr/sbin/installer -pkg /Volumes/Java 7 Update 17/Java 7 Update 17.pkg -target /" >> /etc/sudoers.new
cp /etc/sudoers.new /etc/sudoers

This added the %everyone blah blah blah to the bottom of the sudoers file. I had to run the script like this.

sudo sh sudoersedit.sh

Good luck :D

Answer 3

Use visudo for this with a custom editor. This solves all the race conditions and "hack" problems with Brian's solution.

#!/bin/sh
if [ -z "$1" ]; then
  echo "Starting up visudo with this script as first parameter"
  export EDITOR=$0 && sudo -E visudo
else
  echo "Changing sudoers"
  echo "# Dummy change to sudoers" >> $1
fi

This script will add the line "# Dummy change to sudoers" to the end of sudoers. No hacks and no race conditions.

Annotated version that explains how this actually works:

if [ -z "$1" ]; then

  # When you run the script, you will run this block since $1 is empty.

  echo "Starting up visudo with this script as first parameter"

  # We first set this script as the EDITOR and then starts visudo.
  # Visudo will now start and use THIS SCRIPT as its editor
  export EDITOR=$0 && sudo -E visudo
else

  # When visudo starts this script, it will provide the name of the sudoers 
  # file as the first parameter and $1 will be non-empty. Because of that, 
  # visudo will run this block.

  echo "Changing sudoers"

  # We change the sudoers file and then exit  
  echo "# Dummy change to sudoers" >> $1
fi

Answer 4

On Debian and it's derivates, you can insert custom script into/etc/sudoers.d/directory, with rights0440– for more info see /etc/sudoers.d/README.

It might help.

Answer 5

Lots of answers, been working with sudo for yonks but did not have a need to automate the setup config till now. I used a mix of some of the answers above, writing my config line to the /etc/sudoers.d include location so i don't have to modify the main sudoers file, then checked that file for syntax , simple example below:

Write your line to a sudoers include file:

sudo bash -c 'echo "your_user ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers.d/99_sudo_include_file'

Check that your sudoers include file passed the visudo syntax checks:

sudo visudo -cf /etc/sudoers.d/99_sudo_include_file

Answer 6

You should make your edits to a temporary file, then use visudo -c -f sudoers.temp to confirm that the changes are valid and then copy it over the top of /etc/sudoers

#!/bin/sh
if [ -f "/etc/sudoers.tmp" ]; then
    exit 1
fi
touch /etc/sudoers.tmp
edit_sudoers /tmp/sudoers.new
visudo -c -f /tmp/sudoers.new
if [ "$?" -eq "0" ]; then
    cp /tmp/sudoers.new /etc/sudoers
fi
rm /etc/sudoers.tmp