0

i'm configuring a server for some bioinfo analysis on Centos7 and i installed rundeck. Rundeck seems to launch scripts as its own account name and i decided to use the sudo bypass to make it access my scripts.

using visudo i can make sudo with rundeck change to root having some commands without password. As soon as i put the user bioinfo instead of root, the system asks for a password for the same commands.

here is the part of the sudoers file :

root    ALL=(ALL)       ALL
bioinfo ALL=(ALL)       ALL
rundeck ALL=(bioinfo)      NOPASSWD:/home/bioinfo/singularity_data/Bionano3.5,/usr/local/bin/singularity,/bin/*

i dont know what's different between root and bioinfo as they have the same rights. Would anyone have an idea on what would make it not working with bioinfo when it works fine with root ?

I tried my configuration running as root

su - rundeck

and then doing a 

sudo whoami

if root => root
if bioinfo => ask for password

Thank you

Improve this question
6
  • as root bash -bash-4.2$ which whoami /bin/whoami -bash-4.2$ sudo whoami root as bioinfo bash -bash-4.2$ which whoami /bin/whoami -bash-4.2$ sudo whoami Nous espérons que vous avez reçu de votre administrateur système local les consignes traditionnelles. Généralement, elles se concentrent sur ces trois éléments : #1) Respectez la vie privée des autres. #2) Réfléchissez avant d'utiliser le clavier. #3) De grands pouvoirs confèrent de grandes responsabilités. [sudo] Mot de passe de rundeck :
    – ul.Duc
    Commented Feb 18, 2020 at 14:12
  • i did as rundeck switch from ALL to bioinfo in the sudoers file
    – ul.Duc
    Commented Feb 18, 2020 at 14:14
  • bioinfo has the exact same configuration as root root ALL=(ALL) ALL bioinfo ALL=(ALL) ALL and thus, why it wouldn't ask for root's password too ?
    – ul.Duc
    Commented Feb 18, 2020 at 14:23
  • i did root ALL=(ALL) ALL bioinfo ALL=(ALL) NOPASSWD:ALL rundeck ALL=(bioinfo) NOPASSWD:/home/bioinfo/singularity_data/Bionano3.5,/usr/local/bin/singularity,/bin/* and the result is the same, sudo whoami asks for a password
    – ul.Duc
    Commented Feb 18, 2020 at 14:29
  • and bioinfo is in the group wheel too as root
    – ul.Duc
    Commented Feb 18, 2020 at 14:30

1 Answer 1

Reset to default
0

For the user bioinfo to be able to run sudo commands without typing in a password you need to modify the bioinfo entry in sudoers to include NOPASSWD:

bioinfo ALL=(ALL)   NOPASSWD: ALL

Please note that doing this allows the user to run any sudo command without having to type the password in.

If the user is a member of a group (%wheel or %users for example) that is also specified in sudoers, the last entry takes precedence - so put this entry underneath.

If you are want one user to be able to run things as another user without needing a password:

rundeck ALL=(bioinfo)      NOPASSWD:/home/bioinfo/singularity_data/Bionano3.5,/usr/local/bin/singularity,/bin/*

then you need to invoke commands in the format sudo -u bioinfo <cmd> otherwise it thinks you're still trying to invoke as root

Improve this answer
10
  • I did so and nothing seems to have changed. i su - rundeck as root, i end up in a bash as rundeck, i do sudo whoami and it asks for a password
    – ul.Duc
    Commented Feb 18, 2020 at 14:35
  • so that's why when i put root as sudo for rundeck i have all the rights i see... that's kinda bad for security isn't it ?
    – ul.Duc
    Commented Feb 18, 2020 at 14:42
  • i have root then %wheel then bioinfo then rundeck, bioinfo has NOPASSWD: ALL and still asks for a password after a su - rundeck as root and then sudo whoami
    – ul.Duc
    Commented Feb 18, 2020 at 14:47
  • But one thing i dont get is that bioinfo is supposed to be able to do all the commands rundeck will do without using sudo at any time. Why should i set that bioinfo has a need for a NOPASSWD ?
    – ul.Duc
    Commented Feb 18, 2020 at 14:53
  • you need to run the command as sudo -u bioinfo whoami
    – Smock
    Commented Feb 18, 2020 at 14:58

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .