Use sudo without password INSIDE a script

linux bash shell sudo
Nilexys picture Nilexys · Aug 9, 2014 · Viewed 94k times · Source

For some reason I need, as user, to run without sudo a script script.sh which needs root privileges to work.
I saw as the only solution to put sudo INSIDE script.sh. Let's take an example :

script.sh :

#!/bin/sh
sudo apt-get update

Of course, if I execute this script, I get a prompt asking me for a password. Then I added to my sudoers file (at the end to override everything else) :

user ALL=(ALL:ALL) NOPASSWD:/path/to/script.sh

By the way, I also tried the line :

user ALL=(ALL) NOPASSWD:/path/to/script.sh

(I think I didn't fully understand the difference)

But this doesn't solve my problem if I don't use sudo to execute this script :

# ./script.sh
[sudo] password for user: 
# sudo ./script.sh
Starts updating...

Well, so I say to myself "Ok, that means that if I have a file refered in sudoers as I did, it will work without prompt only if I call him with sudo, what is not what I want".
So, ok, I create another script script2.sh as following :

script2.sh

#!/bin/sh
sudo /path/to/script.sh

In fact it works. But I am not truly satisfied of this solution, particularly by the fact that I have to use 2 scripts for every command.

This post is then for helping people having this problem and searching for the same solution (I didn't find a good post on it), and perhaps have better solutions coming from you guys.

Feel free to share your ideas !

EDIT 1 :

I want to insist on the fact that this "apt-get update" was just an example FAR from whhat my script actually is. My script has a lot of commands (with some cd to root-access-only config files), and the solution can't be "Well, just do it directly with apt-get".

The principle of an example is to help the understanding, not to be excuse to simplify the answer of the general problem.

Answer

John1024 picture John1024 · Aug 9, 2014

If you want to run sudo /usr/bin/apt-get update without a password, you need to have the sudoers entry:

user ALL=(ALL:ALL) NOPASSWD:/usr/bin/apt-get update

For the larger issue of the script as a whole, there are two possible approaches:

Approach 1

For each command in the script that needs sudo, create a line in sudoers specifically for that command. In this case, the script can be called normally:

./script1.sh

Approach 2

Place a line in sudoers for the script as a whole. When this is done, the individual commands do not need sudo. However, sudo must be used to start the script as in:

sudo ./script.sh

Related questions

Permission denied when trying to append a file to a root owned file with sudo

This is the shell command that results in "Permission denied" when I'm trying to append the data in a file to another file with sudo: sudo cat add_file >> /etc/file The file at /etc/file is owned …

Read More
How do I prompt for Yes/No/Cancel input in a Linux shell script?

I want to pause input in a shell script, and prompt the user for choices. The standard Yes, No, or Cancel type question. How do I accomplish this in a typical bash prompt?

Read More
How to run a shell script on a Unix console or Mac terminal?

I know it, forget it and relearn it again. Time to write it down.

Read More