Skip to main content
Super User

Return to Question

Tweeted twitter.com/super_user/status/1003619728215171072
edited title
Source Link
Yaroslav Mytkalyk
Yaroslav Mytkalyk
  • 247
  • 1
  • 3
  • 9

Sudoers NOPASSWD for single scriptexecutable but allowing others

Operating System: Arch Linux

Linux version: 4.16.11

Sudo version: 1.8.23

What I need:

  • be able to execute any executable with a sudo with a password prompt
  • be able to execute one executable, /home/username/script.sh, without a password prompt.

When I configure like this

username ALL=(ALL) NOPASSWD: /home/username/script.sh

I have the desired effect on the script.sh, but I cannot execute any other executable with sudo.

Example

$ sudo ./script.sh # runs fine!

Attempt something other

$ sudo nano /etc/sudoers
[sudo] password for username: 
Sorry, user username is not allowed to execute '/usr/bin/nano 
/etc/sudoers' as root on hostname.

Seems this is a result of replacing ALL with NOPASSWD, and seems I need both. If the sudoers file has ALL for the user, I can execute whatever I want with password prompt

username ALL=(ALL) ALL

I tried to combine ALL and NOPASSWD but had no results

username ALL=(ALL) ALL, NOPASSWD: /home/username/script.sh

Like this it asks for password for script.sh.

Can I have both?

Sudoers NOPASSWD for single script but allowing others

Operating System: Arch Linux

Linux version: 4.16.11

Sudo version: 1.8.23

What I need:

  • be able to execute any executable with a sudo with a password prompt
  • be able to execute one executable, /home/username/script.sh, without a password prompt.

When I configure like this

username ALL=(ALL) NOPASSWD: /home/username/script.sh

I have the desired effect on the script.sh, but I cannot execute any other executable with sudo.

Example

$./script.sh # runs fine!

Attempt something other

$ sudo nano /etc/sudoers
[sudo] password for username: 
Sorry, user username is not allowed to execute '/usr/bin/nano 
/etc/sudoers' as root on hostname.

Seems this is a result of replacing ALL with NOPASSWD, and seems I need both. If the sudoers file has ALL for the user, I can execute whatever I want with password prompt

username ALL=(ALL) ALL

I tried to combine ALL and NOPASSWD but had no results

username ALL=(ALL) ALL, NOPASSWD: /home/username/script.sh

Like this it asks for password for script.sh.

Can I have both?

Sudoers NOPASSWD for single executable but allowing others

Operating System: Arch Linux

Linux version: 4.16.11

Sudo version: 1.8.23

What I need:

  • be able to execute any executable with a sudo with a password prompt
  • be able to execute one executable, /home/username/script.sh, without a password prompt.

When I configure like this

username ALL=(ALL) NOPASSWD: /home/username/script.sh

I have the desired effect on the script.sh, but I cannot execute any other executable with sudo.

Example

$ sudo ./script.sh # runs fine!

Attempt something other

$ sudo nano /etc/sudoers
[sudo] password for username: 
Sorry, user username is not allowed to execute '/usr/bin/nano 
/etc/sudoers' as root on hostname.

Seems this is a result of replacing ALL with NOPASSWD, and seems I need both. If the sudoers file has ALL for the user, I can execute whatever I want with password prompt

username ALL=(ALL) ALL

I tried to combine ALL and NOPASSWD but had no results

username ALL=(ALL) ALL, NOPASSWD: /home/username/script.sh

Like this it asks for password for script.sh.

Can I have both?

deleted 3 characters in body
Source Link
Yaroslav Mytkalyk
Yaroslav Mytkalyk
  • 247
  • 1
  • 3
  • 9

Operating System: Arch Linux

Linux version: 4.16.11

Sudo version: 1.8.23

What I need: to be able to execute any executable with a sudo with a password prompt, and being able to execute one executable, /home/username/script.sh, without a password prompt.

  • be able to execute any executable with a sudo with a password prompt
  • be able to execute one executable, /home/username/script.sh, without a password prompt.

When I configure like this

username ALL=(ALL) NOPASSWD: /home/username/script.sh

I have the desired effect on the script.sh, but I cannot execute any other executable with sudo command.

Example

$./script.sh # runs fine!

Attempt something other

$ sudo nano /etc/sudoers
[sudo] password for username: 
Sorry, user username is not allowed to execute '/usr/bin/nano 
/etc/sudoers' as root on hostname.

Seems this is a result of replacing ALL with NOPASSWD, and seems I need both. If the sudoers file has ALL for the user, I can execute whatever I want with password prompt

username ALL=(ALL) ALL

I tried to combine ALL and NOPASSWD but had no results

username ALL=(ALL) ALL, NOPASSWD: /home/username/script.sh

Like this it asks for password for script.sh.

Can I have both?

Operating System: Arch Linux

Linux version: 4.16.11

Sudo version: 1.8.23

What I need: to be able to execute any executable with a sudo with a password prompt, and being able to execute one executable, /home/username/script.sh, without a password prompt.

When I configure like this

username ALL=(ALL) NOPASSWD: /home/username/script.sh

I have the desired effect on the script.sh, but I cannot execute any other sudo command.

Example

$./script.sh # runs fine!

Attempt something other

$ sudo nano /etc/sudoers
[sudo] password for username: 
Sorry, user username is not allowed to execute '/usr/bin/nano 
/etc/sudoers' as root on hostname.

Seems this is a result of replacing ALL with NOPASSWD, and seems I need both. If the sudoers file has ALL for the user, I can execute whatever I want with password prompt

username ALL=(ALL) ALL

I tried to combine ALL and NOPASSWD but had no results

username ALL=(ALL) ALL, NOPASSWD: /home/username/script.sh

Like this it asks for password for script.sh.

Can I have both?

Operating System: Arch Linux

Linux version: 4.16.11

Sudo version: 1.8.23

What I need:

  • be able to execute any executable with a sudo with a password prompt
  • be able to execute one executable, /home/username/script.sh, without a password prompt.

When I configure like this

username ALL=(ALL) NOPASSWD: /home/username/script.sh

I have the desired effect on the script.sh, but I cannot execute any other executable with sudo.

Example

$./script.sh # runs fine!

Attempt something other

$ sudo nano /etc/sudoers
[sudo] password for username: 
Sorry, user username is not allowed to execute '/usr/bin/nano 
/etc/sudoers' as root on hostname.

Seems this is a result of replacing ALL with NOPASSWD, and seems I need both. If the sudoers file has ALL for the user, I can execute whatever I want with password prompt

username ALL=(ALL) ALL

I tried to combine ALL and NOPASSWD but had no results

username ALL=(ALL) ALL, NOPASSWD: /home/username/script.sh

Like this it asks for password for script.sh.

Can I have both?

Source Link
Yaroslav Mytkalyk
Yaroslav Mytkalyk
  • 247
  • 1
  • 3
  • 9

Sudoers NOPASSWD for single script but allowing others

Operating System: Arch Linux

Linux version: 4.16.11

Sudo version: 1.8.23

What I need: to be able to execute any executable with a sudo with a password prompt, and being able to execute one executable, /home/username/script.sh, without a password prompt.

When I configure like this

username ALL=(ALL) NOPASSWD: /home/username/script.sh

I have the desired effect on the script.sh, but I cannot execute any other sudo command.

Example

$./script.sh # runs fine!

Attempt something other

$ sudo nano /etc/sudoers
[sudo] password for username: 
Sorry, user username is not allowed to execute '/usr/bin/nano 
/etc/sudoers' as root on hostname.

Seems this is a result of replacing ALL with NOPASSWD, and seems I need both. If the sudoers file has ALL for the user, I can execute whatever I want with password prompt

username ALL=(ALL) ALL

I tried to combine ALL and NOPASSWD but had no results

username ALL=(ALL) ALL, NOPASSWD: /home/username/script.sh

Like this it asks for password for script.sh.

Can I have both?