19

I am writing a Java application where i need to do a command line execution and get a result back, but when i execute the command, it ask for sudo password. So far i tried:

$ sudo -s
$ vim /etc/sudoers
# User privilege specification
root         ALL=(ALL:ALL) NOPASSWD: ALL
javauser     ALL=(ALL:ALL) NOPASSWD: ALL

:wq
$ 4 -r--r-----   1 root root     615 2011-10-26 09:23 sudoers

Once i execute the command it again asks "[javauser] password for javauser:". But i already mentioned noPASSWD.

whoami returns alex and I am adding it as this in the sudoers file

# User privilege specification
root    ALL=(ALL:ALL) ALL
alex ALL=NOPASSWD: ALL


# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

Running keeps asking me for my password, any ideas?

muru
  • 193,181
  • 53
  • 473
  • 722
  • Looks like there's a very similar question already: http://askubuntu.com/questions/39281/how-to-run-an-application-using-sudo-without-a-password - have you tried the answer from there? – Sergey Oct 26 '11 at 08:06
  • Make sure that in your java code you use "sudo /absolute/path/to/command" in your system call. Btw. for security reasons you should use `sudo visudo` instead of `vim` to edit the sudoers file. That way if you make a mistake the program warns you about it. – con-f-use Oct 26 '11 at 08:08
  • Can be found here what exactly i tried: https://gist.github.com/1315951 –  Oct 26 '11 at 10:29

2 Answers2

32

You need to do the following, on the terminal type sudo visudo and add a line like this at the end of the file specifying the commands you want to run without typing the sudo password (I suggest you use each command you want to use in the program and not just allow all programs to be executed by this)

<yourusername> ALL=NOPASSWD: <command1>, <command2>

Now you can run the specified commands without password as long as you type that command with sudo.

ie: lets say you want to run shutdown -r now without having to type sudo password every time and your username is 'joedoe'

  1. type sudo visudo on a terminal

  2. Add joedoe ALL=NOPASSWD: /usr/sbin/shutdown -r now as a new line at the end of the file, use absolute paths to the program you are trying to use.

  3. on your program you can then use sudo shutdown -r now without having to type the sudo password.

You can find the absolute path to a program by using which <program name> on a terminal.

Its a very dirty trick wish leaves your system open for other dangers but I am guessing you know what you are doing and want this.

Edit

You really need to make sure that the permitions you are setting are at the end of the file so that nothing is overwritten by the groups permissions.

Bruno Pereira
  • 72,895
  • 33
  • 199
  • 223
  • Seems like he already did that. – con-f-use Oct 26 '11 at 08:11
  • If he already did that why are you explaining him that he should use `sudo visudo` and not `vim` to edit the sudoers file? If he did this it would work. – Bruno Pereira Oct 26 '11 at 08:15
  • 1
    @goOgle are you typing `sudo` in front of the the command inside your code? you need to do it even if you forced nopasswd in sudoers file. ie: use `sudo ` not only ``. – Bruno Pereira Oct 26 '11 at 08:39
  • @goOgle if that fails specify which user is trying to run the command with `sudo -u `. – Bruno Pereira Oct 26 '11 at 08:41
  • @goOgle can you please write down the line you are adding to the sudoers file? (the complete thing). – Bruno Pereira Oct 26 '11 at 08:42
  • @goOgle and the username of the user is `user`? Whats the username's for the user? – Bruno Pereira Oct 26 '11 at 09:14
  • then the line has to be `alex ALL=NOPASSWD: ALL` – Bruno Pereira Oct 26 '11 at 09:36
  • the first word is that line is your system username, find that by typing `whoami` on a terminal, after that the line has to be "username_as_found_with_`whoami` ALL=NOPASSWD: ALL" – Bruno Pereira Oct 26 '11 at 09:39
  • ie, my full username is "Bruno Pereira", my system username returned by `whoami` is `bruno`, to allow me to have sudo permissions I would add `bruno ALL=NOPASSWD: ALL` to the end of the sudoers file and after that I would be able to use any command with admin privileges using `sudo ` – Bruno Pereira Oct 26 '11 at 09:42
  • @brunopereira81: Yes, you are correct. I did exactly my name is Alex Derdelincks, my system username is "alex". And i have "alex ALL=NOPASSWD: ALL". But still not working. –  Oct 26 '11 at 09:53
  • running the command from a terminal works? `sudo convert /tmp/testing.tiff /tmp/testing.jpg` runs with no faults? – Bruno Pereira Oct 26 '11 at 09:54
  • Can you also give us the part of the code that executes the command inside your java program? I'm trying to reproduce it as good as possible. – Bruno Pereira Oct 26 '11 at 10:05
  • Just tested, your class works great on my system, `sudo reboot` as `cmd` took me straight out. Just a silly thing if you use `whoami` as `cmd`, what is the output? – Bruno Pereira Oct 26 '11 at 10:37
  • 1
    For me cmd="whoami" returns `bruno` and cmd=`"sudo whoami`" returns `root` – Bruno Pereira Oct 26 '11 at 10:42
  • 3
    Found it! Can reproduce this if my line is not on the end to the end of the `sudoers` the file. After the groups assignment, etc. Really the last line! Move the line to be the last one in the file! (hope this was it). – Bruno Pereira Oct 26 '11 at 12:18
  • @brunopereira81 First of all, chill bro an watch your language. Second, I explained it, because he used `vim` instead of `visudo` which as you know works just as well but is riskier. The main purpose of my comment was to check if he used `sudo command` in his java code or nust `command` just to rule out a stupid mistake. – con-f-use Oct 26 '11 at 12:30
  • @con-f-use dont know what you are talking about, was not even rude, was just explaining that the same way you think `vim` editing can create problems instead of using `visudo` I think that if he did not follow the correct steps to make this work it wont work. I gave a good, use full answer and I am trying to help the person that asked it, without this all question and answer thing I could not even reproduce the fault. I think its just sad to flag down answers just because you dont think they will work. It works, I just need more information about whats happening. – Bruno Pereira Oct 26 '11 at 12:35
  • @goOgle let us know when you tested it plz, I have edited the question to include the information supplied here in the comments. – Bruno Pereira Oct 26 '11 at 13:35
  • @brunopereira81: Just to explain: In its first revision your answer was worthless, since it was obvious from the shell-session he posted, that he already did, what you wrote in revision 1 (except for the visudo). Now the answer is usefull because it contains the 'has to be in last line' information that turned out to be goOgle's mistake. Now I upvoted your answer. And your tone was a bit rude, because you complained about me repeating the visudo stuff complete ignoring the real message of my comment, which was: 'Sure you [goOgle] put sudo and the full path to the command in your java-code?' – con-f-use Oct 26 '11 at 14:19
  • @con-f-use my first version of the answer has all the content from this one except the part in bold (`at the end of the file`) and the edit to make sure that the user got that part right, nothing else has changed, its still the same answer, its still the same content. The only thing different is that now we might really know what the user can be doing wrong and show him how to fix it. "it was obvious from the shell-session he posted, that he already did, what you wrote in revision 1" < this is not true, the expression that I think will solve the question was there since rev1. – Bruno Pereira Oct 26 '11 at 14:23
  • @con-f-use If this actually was the issue the user problem following the steps on the answer (yes yes even rev1) could solve his issue. All the edits only show where the problem might be based on the information the user gave, that does not mean that the user followed **exactly** the answer, that does not mean the answer was wrong. I dont see the issue here, really. Sorry – Bruno Pereira Oct 26 '11 at 14:25
  • @con-f-use the reason I think your downvote was sad is that you assumed that the answer would not help the user and that the user was already using the answer steps so the answer was useless, that's not true, you cant assume that based on his info, the answer is correct, lets help the user see what are the steps necessary and sort out what is wrong with it. And then telling me to chill on my language? I didn't say anything wrong to you, and I dont mean to, really. Can we please just agree that there might be something wrong with the user way of setting up things and the answer was good? – Bruno Pereira Oct 26 '11 at 14:33
  • @con-f-use Don't take things so seriously, in the end we are just trying to help. Now, lets grab a beer or something, I'm tired of chatting! <3 – Bruno Pereira Oct 26 '11 at 14:36
  • [solved] Thanks a lot works. see: https://gist.github.com/1316606 –  Oct 26 '11 at 14:58
  • @goOgle glad it helped, sorry for the huge amount of comments up and down but at least its solved. anything else ask! gl, hf – Bruno Pereira Oct 26 '11 at 15:02
  • I added `christoph ALL=NOPASSWD: /bin/mount` to the file and `whoami` definitely returns `christoph` but if I type in `sudo mount` or `sudo /bin/mount` (without any parameters, just to test it) I'm prompted for my password. I tried restarting. I'm using Ubuntu 15.04. – UTF-8 Sep 06 '15 at 01:02
1

I was able to enable poweroff (normally a sudoer command) in an ssh prompt for non-sudoers, by, as a sudoer, adding the +s flag to the command executable. Like so:

sudo chmod a+s /usr/sbin/poweroff

After this, non-sudoers were be able to power off the system, over ssh, or even via a shell script running in their name.

jorisw
  • 111
  • 4