Join Log in
Score:1
Socrates avatar Ubuntu

Allow user to run specific commands

cn flag
Socrates

How do I enable a user to run specific sudo commands without the need to type a password?

I already tried the following:

I have a script /usr/local/bin/perform-update with the rights -rwxr-xr-x 1 root root:

#!/bin/bash

sudo apt-get update
sudo apt-get -y dist-upgrade
sudo apt-get -y autoremove
sudo snap refresh

I also have a user john that is part of sudoers. He can execute the command by typing perform-update, but he will need to type a password. To stop his need for typing his password with this command I tried adding a new line using sudo visudo:

john    ALL=(ALL) NOPASSWD: /usr/local/bin/perform-update

But the user still needs to enter a password when calling the command perform-update. So I added all the necessary apt and snap commands using sudo visudo:

john    ALL=(ALL) NOPASSWD: /usr/bin/apt update, /usr/bin/apt -y dist-upgrade, /usr/bin/apt -y autoremove, /usr/bin/snap refresh

But the user still needs to enter a password when calling the command perform-update.

What do I need to do so that he does not have to enter any password when executing perform-update?

Edit 1:

Based on the answers of @waltinator and @terdon I updated the following.

/usr/local/bin/perform-update:

#!/bin/bash

sudo apt update
sudo apt -y dist-upgrade
sudo apt -y autoremove
sudo snap refresh

sudo visudo:

john    ALL=(ALL) NOPASSWD: /usr/local/bin/perform-update
john    ALL=(ALL) NOPASSWD: /usr/bin/apt update, /usr/bin/apt -y dist-upgrade, /usr/bin/apt -y autoremove, /usr/bin/snap refresh

Unfortunately I am still asked for the password when I call perform-update as user john. Where is the error in visudo?

90
0 + 6
waltinator avatar
it flag
waltinator
Either put the `sudo ...` commands in your `perform-update` script; OR add to `~john/.bashrc`: `alias perform-update="sudo $(type -p perform-update)`. You may have to add `perform-update` to your `sudoers` file. Suggestion: Reread `man sudoers`, and combine the allowed commands into a "Command list", makes future `sudoers` management easier.
0
Reply
user535733 avatar
cn flag
user535733
Ubuntu systems are designed to avoid the need for such update scripts. Apt's Unattended Upgrades runs twice daily already, and snapd checks for updates four times daily. All in the background, all as root, regardless of who is logged in.
0
Reply
terdon avatar
cn flag
terdon
@waltinator I think you have misread the question. The OP already has the `sudo` commands in their `perform-update` script, they have already added `perform-update` to `sudoers`, and they are already using a "Command list".
1
Reply
terdon avatar
cn flag
terdon
You are using `apt-get` in the script, but have `apt` in `sudoers`. Does it work as expected if you use the same command in both? Either change the script or the sudoers file but make sure they are referring to the same command and let us know if that works (or just post it as an answer, if it does).
1
Reply
Socrates avatar
cn flag
Socrates
Thanks your your replies. Unfortunately I am still asked to type the password when calling `perform-update` as user john. I just updated the post and added **Edit 1**.
0
Reply
muru avatar
us flag
muru
What is the output of `sudo -l` when running as user `john`? How exactly are you running the `perform-update` script?
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.