Therefore internally in the script I need the command to identify that type of non-root user - so the non-root users that can't not use sudo must be notified and stop the script execution.įor example: # an if statement about 'id -u' not equals a 0Ĭan_use_sudo=$( whoami) # so the non-root user Goal: only the non-root users - that can use sudo - can be able to execute some bash scripts.
#Passwordless sudo for specific command password
Or if exists other parameter such as sudo -k that does not ask for the password (of course it does other thing) or other command to accomplish my goal. Problem I want avoid the password prompt part. So until here there is a clear difference and the solution but because I am working with Bash Shell and I need use Command Substitution is_user_sudo=$(sudo -v) # if is empty sudo can be used otherwise not If either it is valid or sudo's timeout is still valid it returns empty. If the user can use sudo then the sudo -v asks for the password. With sudo -v so far almost the solution happens the following:įor an user that does not have a configuration about sudoers the command returns Sorry, user may not run sudo on. Problem: so with this approach is not possible really know through a command know if the user can use sudo - the solution is only viable to know if the sudo's timeout is still valid or not. And if the user can use sudo and if the sudo's timeout is still valid - it returns 1, otherwise it returns 0 And if the user can use sudo -whether sudo was not executed in the session or the sudo's timeout expired - it prints again the sudo: a password is required message.Īdditionally, with the correct solution (but for the other scenario) $(sudo -n uptime 2>&1 | grep "load" | wc -l)įor an user without sudo permission always returns 0. Sudo - is there a command to check if I have sudo and/or how much time is left?įor a user that does not have a configuration through in sudoers - therefore impossible to use sudo - the execution of sudo -n always prints in the terminal the sudo: a password is required message.Traditionally in Debian based distributions, for the sudo command you use the sudo group.I want to check if a user is able to use sudo - but without the need to write the password - for bash shell scripts purposes. NOTE: In Debian the group wheel is often used to restrict in PAM the use of su to a group, instead of using it for the sudo command as in RedHat/SuSE based distributions. If logged in the system, the intended user has then to logout and login for the change of the user belonging to the sudo group to take effect. To: # Allow members of group sudo to execute any command, no password You then edit the default line in /etc/sudoers for the sudo group with: $ sudo visudoĪnd change it from: # Allow members of group sudo to execute any command Modify /etc/sudoers for adding the NOPASSWD directive When you already have a sudo user, it is advised as good security practice, to set up the other users in the sudo group via that user: $ sudo gpasswd -a sudo When setting up the first sudo user, you have got to the first as root: # gpasswd -a sudo
#Passwordless sudo for specific command install
you do not have /etc/sudoers), run as root: # apt install sudoĪdd a user to the sudo group, if it is not already in the sudo group (Ubuntu and derivatives add a user created in installation automatically to the sudo group). If the package sudo is not installed (e.g. In Debian, depending on the installation options, you often end up without sudo installed by default. So to add passwordless sudo enabled users to a Debian based system, the steps are:
Traditionally on Debian based distributions such as Debian/Ubuntu/Mint/Kali/Antix, the default group for sudo is, well, sudo.
0 kommentar(er)
