Solved - sudo into user instead of root with rundeck

For the user bioinfo to be able to run sudo commands without typing in a password you need to modify the bioinfo entry in sudoers to include NOPASSWD:

bioinfo ALL=(ALL)   NOPASSWD: ALL

Please note that doing this allows the user to run any sudo command without having to type the password in.

If the user is a member of a group (%wheel or %users for example) that is also specified in sudoers, the last entry takes precedence - so put this entry underneath.

If you are want one user to be able to run things as another user without needing a password:

rundeck ALL=(bioinfo)      NOPASSWD:/home/bioinfo/singularity_data/Bionano3.5,/usr/local/bin/singularity,/bin/*

then you need to invoke commands in the format sudo -u bioinfo <cmd> otherwise it thinks you're still trying to invoke as root

Smock

Posted 2020-02-18T13:39:28.420

Reputation: 359

I did so and nothing seems to have changed. i su - rundeck as root, i end up in a bash as rundeck, i do sudo whoami and it asks for a password – ul.Duc – 2020-02-18T14:35:28.253

so that's why when i put root as sudo for rundeck i have all the rights i see... that's kinda bad for security isn't it ? – ul.Duc – 2020-02-18T14:42:26.283

i have root then %wheel then bioinfo then rundeck, bioinfo has NOPASSWD: ALL and still asks for a password after a su - rundeck as root and then sudo whoami – ul.Duc – 2020-02-18T14:47:10.820

But one thing i dont get is that bioinfo is supposed to be able to do all the commands rundeck will do without using sudo at any time. Why should i set that bioinfo has a need for a NOPASSWD ? – ul.Duc – 2020-02-18T14:53:32.167

you need to run the command as sudo -u bioinfo whoami – Smock – 2020-02-18T14:58:28.617

this seems to work ! but then again the sudoers file only tells what rundeck as the right to use without password ? – ul.Duc – 2020-02-18T15:01:08.873

Dude(if you are a man) you are the BEST ! thank you so much ! – ul.Duc – 2020-02-18T15:02:18.397

Sorry - it took me a while to spot you had (bioinfo) rather than (ALL) in the rundeck sudoers line! – Smock – 2020-02-18T15:03:01.110

Don't be sorry, you helped me so much, my boss, when i told him the solution told me he knew but he didn't think about it... so thank you so much and sorry i dont have enough karma to upvote your answer. – ul.Duc – 2020-02-18T15:22:25.980

That's ok - I like figuring stuff out like this more than getting points. You've marked it as the accepted answer anyway - that's plenty reward enough! – Smock – 2020-02-18T15:46:47.573

as root

-bash-4.2$ which whoami
/bin/whoami
-bash-4.2$ sudo whoami
root

as bioinfo

-bash-4.2$ which whoami /bin/whoami -bash-4.2$ sudo whoami Nous espérons que vous avez reçu de votre administrateur système local les consignes traditionnelles. Généralement, elles se concentrent sur ces trois éléments : #1) Respectez la vie privée des autres. #2) Réfléchissez avant d'utiliser le clavier. #3) De grands pouvoirs confèrent de grandes responsabilités. [sudo] Mot de passe de rundeck : – ul.Duc – 2020-02-18T14:12:11.050

i did as rundeck switch from ALL to bioinfo in the sudoers file – ul.Duc – 2020-02-18T14:14:52.370

bioinfo has the exact same configuration as root root ALL=(ALL) ALL bioinfo ALL=(ALL) ALL and thus, why it wouldn't ask for root's password too ? – ul.Duc – 2020-02-18T14:23:51.230

i did root ALL=(ALL) ALL bioinfo ALL=(ALL) NOPASSWD:ALL rundeck ALL=(bioinfo) NOPASSWD:/home/bioinfo/singularity_data/Bionano3.5,/usr/local/bin/singularity,/bin/* and the result is the same, sudo whoami asks for a password – ul.Duc – 2020-02-18T14:29:25.797

and bioinfo is in the group wheel too as root – ul.Duc – 2020-02-18T14:30:14.927

done, let's go on the next answer ! – ul.Duc – 2020-02-18T14:38:21.383

Solved - sudo into user instead of root with rundeck

Answers