1

I want to make a sudoless passwordless script which doesn't prompt for password to any user executing that script.

Problem: my script contains rsync utility to send files to a backup server, but i always get permission denied error when the folder which needs to be send contains some files for which the access is set to none. whereas other files are also owned by root but their access is set to read only. I'm using public key authentication to send files to destination/backup so that it doesn't prompt for password input but it cannot send access protected files like above without sudo and password input.

Tries: I tried https://unix.stackexchange.com/a/229653/332764 this solution but it is not working. Still same error is there.

EDIT: sudoers file

#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults    env_reset
Defaults    mail_badpass
Defaults    secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root    ALL=(ALL:ALL) ALL

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

ortega ALL=(ALL) NOPASSWD: /home/usr/path/transmit_ckpnt.sh
# See sudoers(5) for more information on "#include" directives:

#includedir /etc/sudoers.d
Improve this question
14
  • The solution in that unix.se question allows you to run the script with sudo, but without requiring a password. When you tested it, did you use sudo?
    – Gordon Davisson
    Commented Nov 5, 2020 at 6:40
  • @GordonDavisson yes i've tested it with sudo. then i've to enter the password to make it work. without sude it didn't worked corrctly, gave the same error for the protected file.
    – ram
    Commented Nov 5, 2020 at 7:20
  • 1
    In theory, you could use a setuid script. This is like pointing a loaded cannon towards your house and hoping nobody pulls the trigger.
    – tripleee
    Commented Nov 5, 2020 at 7:56
  • 1
    @ram I think you copied that sudoers entry too literally -- the "ortega" part is the username that's allowed to use that entry, so if that's not your username it won't have any effect. Change it to the username that backups will be run from.
    – Gordon Davisson
    Commented Nov 5, 2020 at 14:19
  • 1
    If you are not having root access, then I don't think it's possible, I encountered same problem some time ago, I used rsync with public key authentication and was running everything as root using sudo -i, then only it worked. It never prompted for password for sending permission protected files as I was running as root. Try this if you have root access.
    – y_159
    Commented Dec 29, 2020 at 14:07

2 Answers 2

Reset to default
0

You have a few options:

  1. Setup a root crontab job to do a chown (Have root do a job periodically)
  2. Use docker privilege escalation to chmod your file in a container with a mounted volume.
  3. Devise a non-root task equivalent to the root one you are doing

1. Root crontab

A crontab schedules commands execution at Specified time or time interval. Here you could create a root crontab with the command sudo crontab -u root -e. This will open you into an editor to write your crontab: best practices

2. Docker privilege escalation

This method requires either already being root or being part of a machines docker group. As a non-root user who is a member of the docker group you have the ability to mount any directory as a volume within a docker container. Within the container you are root, and changes you make to the mounted volume will persist. Simply chmod the file in the container.

File Permissions

Password-less rsync

  • The rsync command supports using ssh-keys which allow you to log into other machines password-less after a quick one time key-exchange.

If you cannot chown or chmod a file because of a permission error, that is because a user with more permissions than you (root) will need to help you change the file permissions.

Improve this answer
4
  • I've to repeatedly do this that's why i want to automate this and don't want to be prompted everytime for password input, even if i use chmod everytime before rsync, i still have to enter the password. is there any way can do chmod without entering password? i think it comes back again to this question.
    – ram
    Commented Nov 5, 2020 at 7:24
  • I've updated the post to expand on a crontab approach to get root to periodically do a task requiring root and a docker approach which to be honest, is a bit of a hack, but could be made as part of a script
    – Lenna
    Commented Nov 5, 2020 at 13:07
  • crontab will run the task at satrtup, my problem deals with a period of 50ms, i.e a new folder is added to a specific folder periodically and it contains a file for which while rsyncing it throws the above error.
    – ram
    Commented Nov 5, 2020 at 13:14
  • A crontab could execute as frequently as one a minute. The docker volume mount is simply one command and could be executed wherever/whenever you’d like
    – Lenna
    Commented Nov 5, 2020 at 13:29
0

I use this Sudoless no password bash script

1. Open the /etc/sudoers file (as root, of course!) by running:
sudo nano /etc/sudoers

2. At the end of the /etc/sudoers file add this line:
username ALL=(ALL) NOPASSWD:ALL
Improve this answer

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Not the answer you're looking for? Browse other questions tagged or ask your own question.