Join Log in
Score:0
Mitu Gabriel avatar Ubuntu

Sudo ask password for an app if it was typed in NOPASSWD option with visudo

mx flag
Mitu Gabriel

First of all, I have succeeded to eliminate sudo password from all apps simply: I create a new file in /etc/sudoers.d with sudo visudo -f /etc/sudors.myfile with the line:

ghegheg ALL= NOPASSWD: ALL

it works well for all non ssh apps. But due to security reason I want to escape of sudo password only for amdgpu-pro-fans.sh app installed in /home/ghegheg/Install/amdgpu-pro-fans/amdgpu-pro-fans.sh, but It not works. I put in myfile the line:

ghegheg ALL= NOPASSWD: /home/ghegheg/Install/amdgpu-pro-fans/amdgpu-pro-fans.sh

but after type command /home/ghegheg/Install/amdgpu-pro-fans/amdgpu-pro-fans.sh -s 50 it ask sudo password. I tried the same thing with other apps like: visudo,

ghegheg ALL= NOPASSWD: /usr/sbin/visudo /sbin/visudo

and they idem asked sudo password, if previously with NOPASSWD: ALL didn't ask any password. I don't know what to do! I list below the output of sudo -l command:

User ghegheg may run the following commands on ...
    (ALL : ALL) ALL
    (root) NOPASSWD: /home/ghegheg/Install/amdgpu-pro-fans/amdgpu-pro-fans.sh
92
1 + 4
hr flag
steeldriver
When you type command `/home/ghegheg/Install/amdgpu-pro-fans/amdgpu-pro-fans.sh -s 50`, sudo isn't involved at all - unless something *inside* the script invokes other commands via `sudo`?
1
Reply
Mitu Gabriel avatar
mx flag
Mitu Gabriel
Indeed the script contains ```sudo chown``` and ```sudo echo``` that cannot be modified to escape sudo password, maybe It is not recommended to do it. There is the script, ```https://github.com/DominiLux/amdgpu-pro-fans/blob/master/amdgpu-pro-fans.sh```, I want to run this script on I3 at launch but It cannot because it ask for password. I don't know what to do.
0
Reply
hr flag
steeldriver
So what happens when you type `sudo /home/ghegheg/Install/amdgpu-pro-fans/amdgpu-pro-fans.sh -s 50`? The `sudo`s inside the script should not need passwords since the UID will already be 0
0
Reply
Mitu Gabriel avatar
mx flag
Mitu Gabriel
I delete sudo before chown and echo command and it gives me next error: ``` chown: changing ownership of '/sys/class/drm/card0/device/hwmon/hwmon4/pwm1_enable': Operation not permitted chown: changing ownership of '/sys/class/drm/card0/device/hwmon/hwmon4/pwm1': Operation not permitted /home/ghegheg/Install/amdgpu-pro-fans/amdgpu-pro-fans.sh: line 63: /sys/class/drm/card0/device/hwmon/hwmon4/pwm1_enable: Permission denied /home/ghegheg/Install/amdgpu-pro-fans/amdgpu-pro-fans.sh: line 64: /sys/class/drm/card0/device/hwmon/hwmon4/pwm1: Permission denied```
0
Reply
Score:0
Luke Attard avatar Ubuntu
in flag
Luke Attard

I believe Sudo reads permissions top to bottom, and stops as soon as it finds a match, based on the output from sudo -l above, ghegheg is part of a group that matches an earlier permission rule that grants sudo access with the rule (ALL : ALL) ALL therefore it is prompting you for a password, either remove ghegheg from the earlier match, or rearrange the rules so it matches your NOPASSWORD: rule first.

+ 8
Mitu Gabriel avatar
mx flag
Mitu Gabriel
The permission is written separately into file in ```/etc/sudors.d/myfile```, so I don't think this matter. But, indeed, the app is a script that contain ```sudo chown``` and ```sudo echo```, I want to write in i3 config file something like ```exec --no-startup-id /home/ghegheg/Install/amdgpu-pro-fans/amdgpu-pro-fans.sh -s 50``` to make this settings after pc launchs, but i3 doesn't see this line, perhaps it need user password, I don't know, I have to run script manually.
0
Reply
Mitu Gabriel avatar
mx flag
Mitu Gabriel
This is the script: link(https://github.com/DominiLux/amdgpu-pro-fans/blob/master/amdgpu-pro-fans.sh)
0
Reply
Luke Attard avatar
in flag
Luke Attard
when sudo is ran, it appends the extra files onto the main suderos file, then reads in the permissions. Similar to most linux system apps, and why you see a lot of dropin files will have a number prefix in their file name, to ensure the files are read in the correct order.
0
Reply
Luke Attard avatar
in flag
Luke Attard
if you run "sudo bash" does it ask for a password? if it does not, one way and normally I would not recommend this, is add a line at the top of your script, 'sudo bash < " ' (note the " after <. then close the string at the end with a ", then it will start a shell as root at the start of your script pass the rest of the script as a string to the shell created, therefore all the commands will be ran as root. But this is a hack at best, and is not recommended as a perm solution .
0
Reply
Mitu Gabriel avatar
mx flag
Mitu Gabriel
Unfortunately ```sudo bash``` ask me for password, in rest it is a good idea to start script into shell as root, but I don't know how, I have even tried what you said, but unfortunately without success, maybe because ```sudo bash``` asked for password. I don't know.
0
Reply
Luke Attard avatar
in flag
Luke Attard
is sudo bash asks for a Password it wont work unless you pass the password to the script.
0
Reply
Luke Attard avatar
in flag
Luke Attard
"in rest it is a good idea to start script into shell as root, but I don't know how, " To start a root shell, run "sudo bash" enter the password, and you will be in a root shell. "su" is another way to enter a root shell.
0
Reply
Luke Attard avatar
in flag
Luke Attard
I just had another look at your script, can you try in the sudoer file you created '/etc/sudors.myfile' change the line for your permissions to: ghegheg ALL= NOPASSWD: /home/ghegheg/Install/amdgpu-pro-fans/amdgpu-pro-fans.sh /usr/bin/bash /usr/bin/env The reason for the change is, the first line in your script instructs the shell to run your script with the /usr/bin/env it also has bash as an argument, therefore I am assuming it uses the bash shell, you need to have NOPASSWD permissions for both these programs/scripts, for it to run without prompting you for a password.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.