0
I am making a desktop application for Linux that interacts with some Ubuntu system files. As such, during the end-user's installation of my software, I need to generate a file in /etc/sudoers.d/
giving a number of scripts access to the system files without knowing the password. The user will input there password during the installation, but after that they shouldn't have to. During the installation, they will run give-sudo.sh
which contains the following lines of Bash code:
echo '$USER ALL=(ALL) NOPASSWD: power_off.sh' >> /etc/sudoers.d/moss-priv
echo '$USER ALL=(ALL) NOPASSWD: reboot.sh' >> /etc/sudoers.d/moss-priv
echo '$USER ALL=(ALL) NOPASSWD: timeout_moss.sh' >> /etc/sudoers.d/moss-priv
echo '$USER ALL=(ALL) NOPASSWD: timeout_default.sh' >> /etc/sudoers.d/moss-priv
echo '$USER ALL=(ALL) NOPASSWD: set_next_os.sh' >> /etc/sudoers.d/moss-priv
echo '$USER ALL=(ALL) NOPASSWD: boot_os_1.sh' >> /etc/sudoers.d/moss-priv
echo '$USER ALL=(ALL) NOPASSWD: boot_os_2.sh' >> /etc/sudoers.d/moss-priv
echo '$USER ALL=(ALL) NOPASSWD: give_sudo.sh' >> /etc/sudoers.d/moss-priv
It is supposed to create a file called moss-priv
, and append the lines necessary to make my scripts run without requiring a password. I have 8 scripts, so I append 8 lines of code. The echo
commands work fine, moss-priv
is generated and its contents read:
$USER ALL=(ALL) NOPASSWD: power_off.sh
$USER ALL=(ALL) NOPASSWD: reboot.sh
$USER ALL=(ALL) NOPASSWD: timeout_moss.sh
$USER ALL=(ALL) NOPASSWD: timeout_default.sh
$USER ALL=(ALL) NOPASSWD: set_next_os.sh
$USER ALL=(ALL) NOPASSWD: boot_os_1.sh
$USER ALL=(ALL) NOPASSWD: boot_os_2.sh
$USER ALL=(ALL) NOPASSWD: give_sudo.sh
This is when the issue occurs. Instead of giving password-less sudo
to the scripts, it prints a stack trace saying an error occurred at each line (1-8). Not only that, but if I try to call sudo
for any reason, it says "authorization failed" and stack traces. As such, I completely lost sudo
access and couldn't even go back to delete the file that was causing this issue. I ended up having to re-install the whole operating system just to get it back to normal.
Now that I have sudo
back, I am ready to try it again as soon as I figure out what is wrong with the moss-priv
file. I can't figure it out though, I think it looks good. Help?
I would be happy with a solution to this problem or a good alternative method.
Error:
\>>> /etc/sudoers.d/moss-priv: syntax error near line 1 <<<
\>>> /etc/sudoers.d/moss-priv: syntax error near line 2 <<<
\>>> /etc/sudoers.d/moss-priv: syntax error near line 3 <<<
\>>> /etc/sudoers.d/moss-priv: syntax error near line 4 <<<
\>>> /etc/sudoers.d/moss-priv: syntax error near line 5 <<<
\>>> /etc/sudoers.d/moss-priv: syntax error near line 6 <<<
\>>> /etc/sudoers.d/moss-priv: syntax error near line 7 <<<
\>>> /etc/sudoers.d/moss-priv: syntax error near line 8 <<<
\sudo: parse error in /etc/sudoers.d/moss-priv near line 1
\sudo: no valid sudoers sources found, quitting
\sudo: unable to initialize policy plugin1\\
UPDATE: Going off of the suggested fixes, I have a file give_sudo.sh
:
echo "$SUDO_USER ALL=(ALL) NOPASSWD: /home/jeremiahdgage/Desktop/MOSS/power_off.sh" >> /etc/sudoers.d/moss-priv
echo "$SUDO_USER ALL=(ALL) NOPASSWD: /home/jeremiahdgage/Desktop/MOSS/reboot.sh" >> /etc/sudoers.d/moss-priv
echo "$SUDO_USER ALL=(ALL) NOPASSWD: /home/jeremiahdgage/Desktop/MOSS/timeout_moss.sh" >> /etc/sudoers.d/moss-priv
echo "$SUDO_USER ALL=(ALL) NOPASSWD: /home/jeremiahdgage/Desktop/MOSS/timeout_default.sh" >> /etc/sudoers.d/moss-priv
echo "$SUDO_USER ALL=(ALL) NOPASSWD: /home/jeremiahdgage/Desktop/MOSS/set_next_os.sh" >> /etc/sudoers.d/moss-priv
echo "$SUDO_USER ALL=(ALL) NOPASSWD: /home/jeremiahdgage/Desktop/MOSS/boot_os_1.sh" >> /etc/sudoers.d/moss-priv
echo "$SUDO_USER ALL=(ALL) NOPASSWD: /home/jeremiahdgage/Desktop/MOSS/boot_os_2.sh" >> /etc/sudoers.d/moss-priv
echo "$SUDO_USER ALL=(ALL) NOPASSWD: /home/jeremiahdgage/Desktop/MOSS/give_sudo" >> /etc/sudoers.d/moss-priv
And one of the scripts, say timeout_moss.sh
:
sudo sed -i 's/GRUB_HIDDEN_TIMEOUT=10/GRUB_HIDDEN_TIMEOUT=0.01/g' /etc/default/grub
When I run it, with bash timeout_moss.sh
(when I am in the current directory) it still asks for my password... why?
1For future reference: I think one can use Ubuntu installer as a live system ("Try Ubuntu" or so). From inside the live system it's possible to mount the disk and remove the troublesome file. This emergency solution should be faster than installing from scratch. – Kamil Maciorowski – 2020-02-10T06:28:04.063
There is no
sudo
inbash timeout_moss.sh
. The relevant line you added allows to runsudo ./timeout_moss.sh …
(or equivalent with e.g. full path). Does it work? Neithersudo sed …
norsudo bash …
matches. This is a separate issue. The original question was about parse errors and IMO it was solved. The new issue is different and if my comment is not enough then you should ask a new question (and rollback the current one to a form without the extra issue). From the new question you can link to this one to provide context, still the new one should be standalone. One issue – one question. – Kamil Maciorowski – 2020-02-11T05:17:16.187But if
– Kamil Maciorowski – 2020-02-11T05:22:47.173sudo /home/jeremiahdgage/Desktop/MOSS/timeout_moss.sh
still asks for password then the original issue is not solved and we should fix it first. Maybe unless it turns out this is not (or never was) what you wanted. Compare this dilemma: Should I use sudo in a script or sudo an entire script?My original question was not about parse errors, someone else edited the title. MY original issue was figuring out how do I give a script sudo access without requiring a password. Your answer did not fix this. I will start a new question, because the focus I think has went off the original issue. With the title change and focus delineation, I think your question is a sufficient solution. Not the solution I was looking for, but still super helpful. Thanks. – ragnvaldr.js – 2020-02-11T16:01:26.267
The title was changed to help other users with similar problems find your question. To test if you have given "a script sudo access without requiring a password", run
sudo -k /home/jeremiahdgage/Desktop/MOSS/timeout_moss.sh
. I realized there may be other conditions. One of them is if the script is executable. See the edited answer (first hint). A feedback from you saying thatsudo /home/jeremiahdgage/Desktop/MOSS/timeout_moss.sh
still requires a password would make me investigate further. But the feedback includedsudo sed
andbash timeout_moss.sh
, these are off the original issue. – Kamil Maciorowski – 2020-02-11T19:07:42.060