Run the following command to create and edit your own sudo customization file: sudo visudo -f /etc/sudoers.d/customizations
#Run sudo without password update
This way, you will not run into problems when an update to the original sudo package wants to change the original /etc/sudoers file and the package manager notices conflicting edits done by you. then it is a best practice to add your configuration in its own separate file within the /etc/sudoers.d/ directory, e.g.
#Run sudo without password full
Let's assume you want all sudo users (i.e., Unix users which are members of the Unix group sudo) to run the following commands as superuser ( root) without having to enter their passwords:įirst find out the executable's full path using which: The answer mentioning to set a host confused me, as I want to be able to have a sudo user be able to run privileged commands without requiring to consider such "host aspect" any host should work, hence I use the special ALL reserved word. Pkexec chmod 0440 /etc/sudoers.d/shutdown Use pkexec like this to fix ownership and permissions: pkexec chown root:root /etc/sudoers.d/shutdown r-r- 1 root root 86 Jul 16 15:37 /etc/sudoers.d/shutdown The correct permissions should be like this: $ ls -l /etc/sudoers.d/shutdown If the ownership and/or permissions are incorrect for any sudoers file, the file will be ignored by sudo so you might also find yourself locked out in this situation. To fix /etc/sudoers.d/shutdown: pkexec visudo -f /etc/sudoers.d/shutdown The solution could be to fix the files using pkexec which is an alternative to sudo.
If you did not use visudo to edit your files and then accidentally messed up /etc/sudoers or messed up a file in /etc/sudoers.d then you will be locked out of sudo. This also automatically ensures that the owner and permissions of the new file is set correctly. Note: Again, you should use the command visudo to edit the file to make sure you do not lock yourself out of the system: sudo visudo -f /etc/sudoers.d/shutdown This is an elegant way of separating different changes to the sudo rights and also leaves the original sudoers file untouched for easier upgrades. Using /etc/sudoers.d instead of modifying /etc/sudoersĪs an alternative to editing the /etc/sudoers file, you could add the two lines to a new file in /etc/sudoers.d e.g.
visudo will save your modified file to a temporary location and will only overwrite the real sudoers file if the modified file can be parsed without errors. Note: Always use the command visudo to edit the sudoers file to make sure you do not lock yourself out of the system – just in case you accidentally write something incorrect to the sudoers file. In the following example, the user user can run any command in the directory /home/someuser/bin/: user host = (root) NOPASSWD: /home/someuser/bin/ If the command ends with a trailing / character and points to a directory, the user will be able to run any command in that directory (but not in any sub-directories therein). Providing a relative path is considered a syntax error. using the absolute path to the command to run) as described in the sudoers man page.
The commands specified in the sudoers file must be fully qualified (i.e. All other sudoed commands will still require a password. This will allow the user user to run the desired commands on host without entering a password. User host = (root) NOPASSWD: /sbin/reboot If your user is called user and your host is called host you could add these lines to /etc/sudoers: user host = (root) NOPASSWD: /sbin/shutdown You can use the NOPASSWD directive in your /etc/sudoers file.
0 kommentar(er)
