Return to Revisions

1 of 3

asked Jun 4, 2018 at 9:39

Sudoers NOPASSWD for single script but allowing others

Operating System: Arch Linux

Linux version: 4.16.11

Sudo version: 1.8.23

What I need: to be able to execute any executable with a sudo with a password prompt, and being able to execute one executable, /home/username/script.sh, without a password prompt.

When I configure like this

username ALL=(ALL) NOPASSWD: /home/username/script.sh

I have the desired effect on the script.sh, but I cannot execute any other sudo command.

Example

$./script.sh # runs fine!

Attempt something other

$ sudo nano /etc/sudoers
[sudo] password for username: 
Sorry, user username is not allowed to execute '/usr/bin/nano 
/etc/sudoers' as root on hostname.

Seems this is a result of replacing ALL with NOPASSWD, and seems I need both. If the sudoers file has ALL for the user, I can execute whatever I want with password prompt

username ALL=(ALL) ALL

I tried to combine ALL and NOPASSWD but had no results

username ALL=(ALL) ALL, NOPASSWD: /home/username/script.sh

Like this it asks for password for script.sh.

Can I have both?

asked Jun 4, 2018 at 9:39

Yaroslav Mytkalyk