[SOLVED] [sudo] allow user to run commands as root

Similar Messages

• Allowing user to run an optional test

  I'm new to Teststand and Labview. Can anyone tell me a simple way for allowing users to run an optional test sequence at the end of another test sequence. I've played around with the message popup step, hoping that I could just call the optional sequence if the operator presses an 'OK' button or end the original test sequence if the operator presses a 'CANCEL' button, but haven't had much luck so far.
  Thanks in advance!

  Hi,
  Make use of the Precondition, an example of this is the Computer Motherboard Test.seq in the TestStand\examples\demo folder.
  This has diagnostics test sequence which it runs if any of the test steps fail.
  Regards
  Ray Farmer
  Regards
  Ray Farmer

• [SOLVED] sudo: unable to set runas group vector: Invalid argument

  I recently made the (idiotic) mistake of overwriting my /etc/passwd and /etc/group files, although I managed to restore them from a backup.  Since restarting the machine I'm having the same issue every time I invoke sudo:
  sudo: unable to set runas group vector: Invalid argument
  I can't find any info on this error. Any ideas on where to start?
  Thanks,
  -- C. M.
  EDIT: I should also note that this is a headless machine that I'm accessing via SSH.
  Last edited by C. M. Harlequin (2014-06-15 10:35:33)

  Thanks for the reply, Amish.
  It's my understanding that the 'group vector' is a term that refers to the specific set of groups to which a user has membership, rather than a specific group named 'vector'.  Although, I could be mistaken.
  From the sudo manpage:
  The -P (preserve group vector) option causes sudo to preserve the user's group vector unaltered. By default, sudo will initialize the group vector to the list of groups the target user is in. The real and effective group IDs, however, are still set to match the target user.
  Similarly, from the sudoers manpage:
  By default, sudo will initialize the group vector to the list of groups the target user is in. When preserve_groups is set, the user's existing group vector is left unaltered. The real and effective group IDs, however, are still set to match the target user. This flag is off by default.
  But the manpages don't offer me much, I'm still clueless as to why I'm getting the error.
  EDIT: although using the -P flag seems to allow sudo to run without error
  Last edited by C. M. Harlequin (2014-06-14 18:42:39)

• [SOLVED] Help, run commands as root in a script

  I was playing with some installs from AUR recently, got tired of compiling and installing all the time. Since I don't do much config,  I decided to make a small script to automate the process
  #!/bin/bash
  makepkg -f PKGBUILD &&
  app=$(ls *.pkg.*) &&
  echo mypass | su -s 'pacman -U $app &'
  the thing is "su -s" do not work and prints out "standard in must be a tty", while I've been using the same script to recompile and install from source and it did work always.
  What should I do to get it running?
  p.s: I don't want any password prompts, nor do I want to make some additional aliases or modify the sudoers file. All I need is this script to execute a command as root and install the app.
  Last edited by tasty_minerals (2011-09-16 09:41:14)

  Mr.Elendig wrote:
  tasty_minerals wrote:
  Ok, I did it. To install a package with "pacman" without any prompts for passwords and yes/no questions.
  #!/bin/bash
  makepkg -f PKGBUILD
  app=$(ls *.pkg.*)
  echo mypass | sudo -S pacman -U --noconfirm $app
  Of course you can do makepkg --install, but I don't want to mess with sudo.
  But your script is messing with sudo in a way worse way than makepkg does...
  People are doing even worse things every single day^^

• How to allow users to run infopackage without giving access to Workbench

  Hi,
  I have certain infopackages which I want to give access to users to run. It mainly relates to loading of flat files which they want to be able to execute when they want and also loading the P&L  data from R/3.
  I am on 3.5..I don't want the users to have access to do anything else on the Admin workebench.
  what is the best way? Is there a program or tcode which I can give access to the users where they specify the infopackage name and run it.
  Thanks

  Hi,
  Create a role in transaction pfcg. Goto authorization tab-> change authorization data-> manual entry of authorization objects -> give the standard authorization object 's_rs_admwb'.
  This autho-object is for protecting DWWB objects.
  Inside this object , you will have option 'data warehouse workbench object' . Click change.. select 'infopackage'. In the activity you can give options display and execute. Save the authorization and generate profile. In the user tab, give the user ids of those who need to execute the infopackage. This should work exactly for your requirement..
  Regards,
  Krishna.

• SOLVED: php shell_exec() run command as root?

  is there a way for me to execute a command as root from the php shell_exec() command?  I am trying to create a simple web interface for my phone to preform simple server operations such as restart deamons. 
  in my php file im calling
  $output = shell_exec('/path/to/my/script.py');
  my script will do a /etc/rc.d/insert_daemon restart so it needs to be ran as root
  I have tried to add
  nobody=ALL :/path/to/my/script.py   
  to my sudoers file.  i have also tried using
  chmod 4755 script.py
  chown root   script.py
  on the script.  nothing seems to work for me. 
  I realize this is probably a security risk.  anyone have any suggestions?
  Last edited by murfMan (2010-04-11 17:09:48)

  solved it:
  added
  http ALL=NOPASSWD :/path/to/script.py
  to sudoers
  Last edited by murfMan (2010-04-11 17:13:43)

• [SOLVED]Home directory confusion when running Emacs as root

  Hi, just set up my first Arch system.  I've installed emacs-nox, and it insists on using the .emacs file of the one normal user I have set up, even when I'm not logged in as that user.  Bits in that .emacs file which use a tilde to signify $HOME do point to /root when I'm logged in as root, causing various weirdnesses.
  Here's what --debug-init says when I run emacs as root; if there's anything apart from the complaint about the "missing" (not in /root) haskell-mode files, I'm afraid it means nothing to me
  edit: nope, all of that junk really was about the haskell-mode stuff, so I'm deleting it since that's "fixed" by copying that stuff to /root/.emacs.d.  Now --debug-init tells me nothing and I still have no idea why emacs insists on using the dotfile in /home/j
  Last edited by cuns (2011-12-25 23:21:06)

  I have this issue, too if starting emacs after doing a "su" - when logging in as root it works as expecte. Googling brought the emacs changelog:
  1987-05-12  Richard M. Stallman  (rms at prep)
      * startup.el (command-line): If running under `su',
      use user's original login name to get init file.
      Otherwise use $HOME.
  A workaround would be to define an alias like
  alias emacs='emacs -u root'
  in your root's ".bashrc" (/root/.bashrc).
  Hope that helps,
  greetings
  matse

• Allow users to run installed applications

  doing tons of homework on this to no avail--safarie and other applications are available to admin--i want to select applications as admin and pick which ones users can use--how the heck do you do this?--new to mac but tons of computer exp including some unix

  Any program installed in the /Applications folder (at the top level of the hard drive) should by default be accessible to all other users, except when access for a specific user has been blocked with Parental Controls.

• [SOLVED] sudo -i changes ownership of .Xauthority to root, breaks X

  From a normal user's terminal session running in xmonad, I tried to enter a root terminal session with "sudo -i".
  I got sent to the virtual console and couldn't switch back to X. An error message told me .Xauthority was not writable. The user's .Xauthority file was now owned by root and not writable.
  After removing the root-owned files, I could start X and everything seems normal.
  "sudo -s" and "su" work as expected.
  Do I have a bad configuration? Do I not understand "sudo -i"?
  Edit: Could sudo's "initial login" try to start X as root? I have auto-login configured for the first virtual console. I'll try to switch that off and try again.
  SOLVED: The cause was my root user's .bash_profile and .zprofile. I copied my user's .bash_profile and .zprofile over to root and didn't notice that I should comment the following line to automatically start X:
  [[ -z $DISPLAY && $XDG_VTNR -eq 1 ]] && exec startx
  Last edited by Markus00000 (2013-06-13 13:04:31)

  Change
  archimedes ALL = (ALL) NOPASSWD: SHUT, NOPASSWD: PAC
  to
  archimedes ALL=(ALL) NOPASSWD: SHUT, NOPASSWD: PAC

• Run command as root at startup

  Hello
  I would need to learn how to run a command at startup as root. Like :
  sudo lxterminal --command="sudo powertop"
  to run powertop at startup so that i can keep an eye on it. (it's the only example i think of right now, but there are some other)
  I've seen some things about tmpfiles.d, but I didn't find anything about running a command. So any help would be very welcome
  thanks,
  Quentin

  Hello,
  As I said, there are many commands I would like to run as root at startup, so I have found a more convenient way. I'm "auto-responding", just in case someone needs it and search this topic:
  http://askubuntu.com/questions/155791/h … a-password
  which consists in creating a script, setting root as owner so that user can't "just run it", and configuring the sudoers not to ask a password for this script, as cris said. Then I can just call the script from the autostart file of LXDE.

• Running commands as normal user

  Hi.
  Is it possible to do these things?
  Run audio without sudo...
  (Un)mount partitions without sudo...
  Poweroff, or reboot, without sudo...
  For instance, If I run:
  adduser myusername audio
  I'm told that the user already exists. I'm pretty sure nobody would design a system where everything you do needs to be sudo'ed. What am I doing wrong?

  I use pmount/pumount for mounting/unmounting as user.
  I've edited my sudoers file to give my user account access (only on this computer) to issue certain commands without a password. As far as I'm concerned, system commands such as shutdown should only be allowed to run as root. It's just a convenience for me not to have to type my password when using sudo.
  # less /etc/sudoers
  # sudoers file.
  # This file MUST be edited with the 'visudo' command as root.
  # Failure to use 'visudo' may result in syntax or file permission errors
  # that prevent sudo from running.
  # See the sudoers man page for the details on how to write a sudoers file.
  # Host alias specification
  # User alias specification
  # Cmnd alias specification
  # Defaults specification
  # Runas alias specification
  # User privilege specification
  root ALL=(ALL) ALL
  tom ALL=(ALL) ALL
  # Uncomment to allow people in group wheel to run all commands
  # %wheel ALL=(ALL) ALL
  # Same thing without a password
  # %wheel ALL=(ALL) NOPASSWD: ALL
  # Samples
  # %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
  # %users localhost=/sbin/shutdown -h now
  tom kiwi = NOPASSWD: /sbin/halt
  tom kiwi = NOPASSWD: /sbin/reboot
  tom kiwi = NOPASSWD: /usr/bin/eject
  tom kiwi = NOPASSWD: /usr/sbin/pm-suspend
  tom kiwi = NOPASSWD: /home/tom/bin/backup
  tom kiwi = NOPASSWD: /etc/rc.d/httpd
  Which says: For the user tom on the computer kiwi allow him to run command /sbin/halt without a password.
  Last edited by BaconPie (2011-01-05 14:43:09)

• [solved] hook to run commands when user logs in? (before bash profile)

  Is there any way to run commands when a user logs in but before the bash profile is sourced?
  For example, I have a user account with a home directory on /tmp. When the user logs in, the home directory might not exist so there will be no .bash_profile to source. I want to run a script to create the directory if necessary and copy some files into it. How can that be done?
  I thought of putting something in /etc/profile or /etc/profile.d/, but I would like to run something before the user's shell and environment become active.
  I can use /etc/rc.local to do what I want, but I would prefer a hook to ensure that everything is set right when the user logs in.
  Any ideas?
  *edit*
  Solution
  In my case, I found that I could write my own shell script and set it as a login shell. In the script, I can configure everything I need before launching the interactive shell, then clean up anything after it exits.
  Last edited by Xyne (2011-12-10 19:34:07)

  Thanks, dammannj. PAM could probably do what I need but I think I have found a simpler solution (see original post).

• Sudo can't execute some commands[SOLVED]

  Hi Archers,
  I am using sudo and disable root account. There is some problems with sudo such as the following commands:
  #sudo echo "1234"  >/etc/rc.local
  # sudo cd /root
  I can't execute these commands with sudo, instead i have to login as root and execute the commands. So the question is how can I solve these problems?
  The Second issue is how can I give certain user the commands that they can execute. For example, user A is only allowed to use "ls" commands and not any other commands?
  Cheers
  Last edited by hungsonbk (2008-11-17 02:02:29)

  You can't use those commands because it aren't real commands, it are shell builtins and they are ran by your shell which is ran by your regular user.
  sudo echo foo > bar
  This runs the "echo" binary as root but the ">" part is handled by the shell, appropriate way to handle this:
  echo foo|sudo tee bar
  cd wont work neither, if it did you could cd to a directory you don't have permissions to and then you would be in their as regular user, unable to do anything... You should just work from outside /root or use sudo -s.
  For the user thing: man sudoers.
  Last edited by Ramses de Norre (2008-11-15 16:52:55)

• [SOLVED] Sudo does not accept user password

  Hello , again !
  usually i run root commands with sudo , and i enter my current user password and everything works !
  Today , i updated my Arch linux with :
  pacman -Syu
  and my arch upgraded to 3.4.2-2. 
  but when i want to run a command with sudo , i cannot use my current user password ?
  thankyou
  Last edited by arashroshan (2012-06-19 11:10:52)

  thank you for reply but i have read sudo wiki and also sudo was working before updating .
  by the way su is still working .
  here is my sudoer file :
  ## sudoers file.
  ## This file MUST be edited with the 'visudo' command as root.
  ## Failure to use 'visudo' may result in syntax or file permission errors
  ## that prevent sudo from running.
  ## See the sudoers man page for the details on how to write a sudoers file.
  ## Host alias specification
  ## Groups of machines. These may include host names (optionally with wildcards),
  ## IP addresses, network numbers or netgroups.
  # Host_Alias    WEBSERVERS = www1, www2, www3
  ## User alias specification
  ## Groups of users.  These may consist of user names, uids, Unix groups,
  ## or netgroups.
  # User_Alias    ADMINS = millert, dowdy, mikef
  ## Cmnd alias specification
  ## Groups of commands.  Often used to group related commands together.
  # Cmnd_Alias    PROCESSES = /usr/bin/nice, /bin/kill, /usr/bin/renice, \
  #                           /usr/bin/pkill, /usr/bin/top
  ## Defaults specification
  ## You may wish to keep some of the following environment variables
  ## when running commands via sudo.
  ## Locale settings
  # Defaults env_keep += "LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET"                                                                                                                               
  ## Run X applications through sudo; HOME is used to find the                                                                                                                                   
  ## .Xauthority file.  Note that other programs use HOME to find                                                                                                                                 
  ## configuration files and this may lead to privilege escalation!                                                                                                                               
  # Defaults env_keep += "HOME"                                                                                                                                                                   
  ## X11 resource path settings
  # Defaults env_keep += "XAPPLRESDIR XFILESEARCHPATH XUSERFILESEARCHPATH"
  ## Desktop path settings
  # Defaults env_keep += "QTDIR KDEDIR"
  ## Allow sudo-run commands to inherit the callers' ConsoleKit session
  # Defaults env_keep += "XDG_SESSION_COOKIE"
  ## Uncomment to enable special input methods.  Care should be taken as
  ## this may allow users to subvert the command being run via sudo.
  # Defaults env_keep += "XMODIFIERS GTK_IM_MODULE QT_IM_MODULE QT_IM_SWITCHER"
  ## Uncomment to enable logging of a command's output, except for
  ## sudoreplay and reboot.  Use sudoreplay to play back logged sessions.
  # Defaults log_output
  # Defaults!/usr/bin/sudoreplay !log_output
  # Defaults!/usr/local/bin/sudoreplay !log_output
  # Defaults!/sbin/reboot !log_output
  ## Runas alias specification
  ## User privilege specification
  root ALL=(ALL) ALL
  ## Uncomment to allow members of group wheel to execute any command
  %wheel ALL=(ALL) ALL
  ## Same thing without a password
  # %wheel ALL=(ALL) NOPASSWD: ALL
  #arashr ALL=(ALL) All
  ## Uncomment to allow members of group sudo to execute any command
  # %sudo ALL=(ALL) ALL
  ## Uncomment to allow any user to run sudo if they know the password
  ## of the user they are running the command as (root by default).
  # Defaults targetpw  # Ask for the password of the target user
  # ALL ALL=(ALL) ALL  # WARNING: only use this together with 'Defaults targetpw'
  ## Read drop-in files from /etc/sudoers.d
  ## (the '#' here does not indicate a comment)
  #includedir /etc/sudoers.d
  Last edited by arashroshan (2012-06-17 10:02:55)

• [solved] sudo command in a Bash function?

  Hello there,
  I need to use sudo inside of a Bash function in order to allow my laptop to hibernate after a certain time using "systemctl hibernate".
  However, I cannot figure out what's the correct way to include sudo inside of my function snippet:
  function hibernate {
  echo "System is going to hibernate in $1 minute(s)..."
  sleep $1m ; systemctl hibernate
  alias hibernate_timer=sudo hibernate # sudo misplaced here
  Last edited by orschiro (2013-06-26 20:33:47)

  you'd need sudo's -E parameter for that, otherwise that function is not defined in the su environment.
  EDIT: -E is not sufficient.
  man sudoers wrote:In all cases, environment variables with a value beginning with () are
       removed as they could be interpreted as bash functions.  The list of environ‐
       ment variables that sudo allows or denies is contained in the output of “sudo
       -V” when run as root.
  You cannot pass functions to sudo - the alias is not relevant, you couldn't do this directly: `sudo hibernate` would fail.
  I'd also recommend putting the sudo as "deep" as possible: right on the systemctl command.  There is a reason bash functions are not allowed to be 'sudo'ed - and running sudo on a function that includes a sleep command seem particularly bad to me.
  Last edited by Trilby (2013-06-26 17:59:18)