executing a command without password prompt or root

Question

For the sake of writing a script, I'd like my minikube-role-user to execute the command minikube tunnel without a password prompt, without switching user to root, be it by su or temporarily by sudo, or permanently with visudo.

I have tried giving my minikube-role-user the executable permission for, and ownership of, the executable /bin/minikube and /usr/bin/minikube but the password prompt persists. I don't think the minikube executable prompts for a password itself, I think it just executes a second executable that I don't have permission for and need to discover so I can get permission for it. I suspect this because the minikibe tunnel command doesn't prompt for a password immediately, does print some stdout before and after prompting for the password, and other minikube commands don't prompt for a password. I thought this hypothetical second executable maybe nftables because minikube tunnel may write an nftables rule, but giving my minikube-role-user ownership permissions of nftables did not get rid of the password prompt.

Answer 1

For Linux minikube tunnel uses hard-coded sudo under-the-hood, as such you won't get around visudo / adjusting sudoers.

I think you already found what the minikube docs say on avoiding password prompts and want something more granular than giving access to sudo ip.

/etc/sudoers can configure sudo quite granular, you can also allow password-less sudo for specific commands only:

username ALL=(ALL) NOPASSWD: /usr/bin/ip route add 10.96.0.0/12 via 192.168.64.194

• the 10.96.0.0/12 is the cluster's service CIDR
  here the default and most likely also yours, otherwise check this SO.
• the 192.168.64.194 is your minikube ip

I unfortunately cannot test this right now, but maybe it is you worth a try :)