1
is it possible to to have a sudo command executed with the admin password?
example :
sudo apt-get update -password is 'root'
this is to put a command into an application on the startup of Ubuntu which needs root access
Suhayb
Posted 2016-11-26T14:01:54.060
Reputation: 111
1
If you want a particilar process to be run at startup as root then I'd suggest that you wrap it in a systemd/init.d script. For systemd something like this would probably work:
[Unit]
Description=Some command
[Service]
User=root
Type=oneshot
ExecStart=/usr/bin/whateverprogram and associated arguments
[Install]
WantedBy=multi-user.target
Although in the above example I believe the User directive is superfluous.
Alternatively, without implementing some secrets management tool (see hashicorps vault, ansible has a similar feature etc) you're pretty much stuck with two options:
Create a /etc/sudoers.d/somefile with an entry to all a program to be run with elevated privileges without the password. Ie.
ALL ALL=/usr/bin/theprogramtorun NOPASSWD
Or you if you dont care in the slightest about the security of the system and your user is a sudoer you could try scripting up something like:
echo "thisisaterribleidea" | sudo -S /usr/bin/command
To pass the password in cleartext over the commandline
hvindin
Posted 2016-11-26T14:01:54.060
Reputation: 141
-1
Well,best practice is:
echo "your password" | sudo --stdin command
This will execute command first then fills the password you entered in the echo statement.
Suhayb
Posted 2016-11-26T14:01:54.060
Reputation: 111
1This solution has two negative effects. One is that the password will be in history of the shell and the second that you can't enter anything while the command executes. – pbies – 2016-11-26T18:38:12.783
@pbies well the first is a real threat ,i dont care about the second since i am trying to run a script bash on system startup – Suhayb – 2016-11-26T18:53:06.350
You can do that in /etc/rc.local file. – pbies – 2016-11-26T18:54:17.990
1To lower a bit the first fact you may want to cat a private hidden read-only file. Another downside is that you need to review all your scripts when you change your password. – A. Loiseau – 2016-11-26T19:18:42.830
1You could modify the sudoers file to disable the password prompt for the user that runs the program. – cascer1 – 2016-11-26T14:25:38.187
@cascer1 no its important to have the password enabled – Suhayb – 2016-11-26T14:29:36.217
3Having password enabled but written in clear text somewhere is what you want? May you did not understand that @cascer1 is speaking about a way to selectively allow password-less execution for specific (user/command) pair which appears to be a quite good idea. The user will still need to enter password for any other sudo commands. You can have a look at sudoer file documentations. – A. Loiseau – 2016-11-26T17:57:11.157