9
1
I am in sudo group all right:
$ id
uid=1002(molot) gid=1002(molot) groups=1002(molot),27(sudo),33(www-data)
In my sudores I seem to have appropriate setting:
sudo ALL=(ALL:ALL) NOPASSWD: ALL
and it is the last uncommented line there.
But when I try to git pull, I'm asped to retype my password:
$ sudo -u www-data git --git-dir /var/www/.git --work-tree /var/www pull "origin" master
[sudo] password for molot:
It is not a problem when I am logged in console, but it is unacceptable in scripts. So how can I allow anyone in sudo group to git pull as www-data without retyping password?
When I put my name directly:
molot ALL=(ALL) NOPASSWD: ALL
it works for me. But, obviously, not for marian or other users from sudo group. As far as I understood manual, both usernames and group names should work in first file.
Mołot
Posted 2014-04-23T11:30:02.760
Reputation: 203
Can you not
sudo -u www-data ./your_script.sh? What is the purpose of the script? – jimbobmcgee – 2014-04-23T12:15:51.127@jimbobmcgee it's a git hook, so no, I cannot prepend anything to it. It is called by the user who pushed git changes and I found no real way around it. – Mołot – 2014-04-23T12:18:46.567
The first field (if my quick understanding of the
sudoersfile format is correct) is the username of the invoking user. Have you tried replacing it with the wildcard*, or whichever user the git hook runs as? – a CVn – 2014-04-23T12:34:37.447@MichaelKjörling as stated here it should be possible to write both users and groups in first field.
– Mołot – 2014-04-23T12:42:02.137*does not work. Putting my name directly works for me... but not for other users in sudo group, obviously.@MichaelKjörling thank you, your comment made me to look for special chars and allowed me to find an answer :D Edit: deleted self answer and accepted 3rd party answer from the same moment. – Mołot – 2014-04-23T12:45:52.517