I need to run something as sudo without a password, so I used visudo and added this to my sudoers file:
MYUSERNAME ALL = NOPASSWD: /path/to/my/program
Then I tried it out:
$ sudo /path/to/my/program
[sudo] password for MYUSERNAME:
asked Aug 16, 2011 at 10:29
97 gold badges249 silver badges348 bronze badges
If there are multiple matching entries in /etc/sudoers, sudo uses the last one. Therefore, if you can execute any command with a password prompt, and you want to be able to execute a particular command without a password prompt, you need the exception last.
myusername ALL = (ALL) ALL
myusername ALL = (root) NOPASSWD: /path/to/my/program
answered May 12, 2011 at 11:36
Having done that, sudo will prompt for a password normally for all commands except /path/to/my/program, which it will always let you run without asking for your password.
answered Aug 16, 2011 at 11:32
Warren Young
16 gold badges177 silver badges168 bronze badges
How do I run a .sh script with root privileges from Ubuntu’s cmd? Some scripts require to enter the password. I watn to avoid this.
11 silver badges19 bronze badges
asked Aug 3, 2009 at 13:22
If security is a concern, I wouldn’t do this as has been mentioned.
Better would be to use visudo to edit the sudoers file, and edit all the commands that the script uses that need to be root. So, the whole script doesn’t need to be root, but maybe shutdown does (contrived example), so:
And then, in the scipt:
sudo /sbin/shutdown
answered Aug 3, 2009 at 13:47
Kyle Brandt
74 gold badges305 silver badges446 bronze badges
Do you mean a command inside the script is asking for a password, or that you just want to run it once with a password at launch, or that you have a script that’s automated to run and is pausing for a password?
I normally launch with sudo from the command prompt and it uses root privileges, but otherwise you may have to muck with the sudoer’s file in /etc to apply «nopasswd» to the command or script you’re using.
answered Aug 3, 2009 at 13:46
Bart Silverstrim
9 gold badges66 silver badges87 bronze badges
%cdrom ALL = NOPASSWD: /usr/bin/k3b
This is not a good practice for shell scripts unless you are running an application like tripwire that will detect changes to the script.
answered Aug 3, 2009 at 13:27
4 gold badges31 silver badges39 bronze badges
As other’s have advised: be carefull
user@prompt>sudo su -
password: xXxXxXx
root@prompt>
answered Aug 3, 2009 at 16:44
11 silver badges19 bronze badges
See the manpage.
answered Aug 3, 2009 at 13:27
1 gold badge22 silver badges16 bronze badges
This is my simple bash:
cat test.sh
#!/bin/bash
echo "hello"
su - root -c /path/to/script.sh <<EOF
password
EOF
whoami
echo "good bye"
But I get this error:
./test.sh
hello
su: must be run from a terminal
<current-user>
good bye
cat test2.sh
#!/bin/bash
echo "hello"
sudo su <<EOF
password
EOF
whoami
echo "good bye"
Again another error
cat test3.sh
#!/bin/bash
echo "hello"
su root <<EOF
password
EOF
whoami
echo "good bye"
when I try:
#!/bin/bash
echo "hello"
sudo -s <<EOF
<password>
echo Now I am root
id
echo "yes!"
EOF
whoami
echo "good bye"
Then the output is:
./script.sh
hello
[sudo] password for <user>:
I also changed my script to:
#!/usr/bin/expect -f
spawn sudo -s <<EOF
expect "assword for user:"
send -- "password\r"
expect eof
and output is:
spawn sudo -s <<EOF
[sudo] password for user:
/bin/bash: <<EOF: command not found
Also which sh output is /bin/sh
How can I resolve the error in these three scripts?
asked Feb 18, 2014 at 17:45
7 gold badges21 silver badges28 bronze badges
You can pipe the password and send it in the command inside the script.
echo "password" | sudo -S
But it is not a good idea to send the password in the command line. If you need more information on how to login as root from the script, you can look at the answer provided here.
However, if it is for experimental purposes, we can use the expect to enter the password from command line. The script needs be modified like below.
#!/usr/bin/expect -f
spawn sudo -s <<EOF
expect "assword for username:"
send -- "user-password\r"
expect eof
The last line is needed since we need to press the Enter after inputting the password. As Tian suggested, it is not a good idea to send the root password in the shell script.
answered Feb 18, 2014 at 17:48
43 gold badges140 silver badges215 bronze badges
Embedding the root password in the script isn’t a good idea, from a security point of view, this is probably why su attempts to get it initially from a terminal.
answered Feb 18, 2014 at 17:58
X Tian
2 gold badges33 silver badges48 bronze badges
I GOT ANSWER FROM here
However, now that you are aware of the risks, it is possible to use sudo -kS to have sudo read the password from stdin:
sudo -kSs << EOF
password
whoami
echo "Not a good idea to have a password encoded in plain text"
EOF
answered Feb 18, 2014 at 19:35
7 gold badges21 silver badges28 bronze badges
Have You tried /etc/sudoers?
your_user ALL=(ALL) NOPASSWD: /path/to/script.sh
(edit with: sudoedit /etc/sudoers)
then, You will be able to run:
sudo /path/to/script without password
answered Nov 3, 2014 at 2:00
This article explains how to run a command or script at startup / boot as root on Linux, in two ways: using systemd or a cron job.
To use systemd to run a command or script as root when your computer boots, create a file (as root) called (replace with whatever you want to call it) in .
We can use Nano command line text editor to open / create this file:
sudo nano /etc/systemd/system/mycommand.service[Unit][Service][Install]
WantedBy=multi-user.targetHere, change the value to describe what this does, and the value to the command or path of the script you want to run as root on startup. Don’t add at the beginning of the command or script, because it runs as root anyway.
Now save the file and exit Nano. In case you’re not familiar with Nano text editor, you can save the file by pressing Ctrl + o, then . Exit by pressing Ctrl + x.
sudo systemctl enable mycommand.serviceRemember to replace with the actual filename you’ve used for this systemd service file. There’s no need to run the systemd service right now, since this is about running it on boot.
If you use this to run a script, make sure to make the script executable (chmod +x /path/to/script) or else it won’t run.
You might also like: How To Launch Startup Applications With A Delay
How to use a cron job to run a command or script as root on startup / boot
sudo crontab -e@reboot /path/to/command/or/scriptNow save the crontab and exit. If you’ve used Nano command line editor to edit it (should be default in most cases), you can save the file by pressing Ctrl + o, then . Exit Nano by pressing Ctrl + x. Don’t add before command or script, because it runs as root anyway, since it’s added to the root crontab.
In case you want to use a particular editor to edit the root crontab, run it like this: sudo EDITOR=editor crontab -e, e.g. for Vim: sudo EDITOR=vim crontab -e, or for Nano: sudo EDITOR=nano crontab -e.
A few notes about this:
- If you use this to run a script, make sure to make the script executable (
chmod +x /path/to/script) or else it won’t run - Use the full path to the command or script, or else it may fail to run (this depends on the Linux distribution you’re using, e.g. you don’t need to use the full path on Ubuntu 20.04 for example)
- If the script ran by cron also includes commands without the full path, you can avoid having to rewrite the script by adding this at the top of the crontab file:
- If you need to delay the start of the command / script, you can make use of the command, e.g.: to run the command or script 60 seconds after the system boots
You might also like: How To Run A Command After The Previous One Has Finished On Linux
Which to choose between systemd or a cron job to run a command or script as root on startup / boot, if you have a choice? When in doubt, pick systemd (if it’s available on your system) because it should be more reliable and easier to use.
Also, on Fedora, cron is not installed by default (install it using sudo dnf install cronie). On Manjaro, cron is installed by default, but not enabled by default (enable it using sudo systemctl enable --now cronie).
You might like: How To Find All Files Containing Specific Text On Linux From The Command Line
This answer has been deemed insecure. See comments below
-
Create a new script file (replace
create_dir.shwith your desired script name):vim ~/create_dir.sh -
mkdir /abcNote: Don’t add
sudoto these commands. Save and exit (using:wq!) -
Assign execute permissions to it using:
sudo chmod u+x create_dir.sh -
Make changes so that this script doesn’t require a password.
-
Open the
sudoersfile:sudo visudo -f /etc/sudoers -
ahmad ALL=(root) NOPASSWD: /home/ahmad/create_dir.sh
-
-
Now when running the command add
sudobefore it like:sudo ./create_dir.shThis will run the commands inside the script file without asking for a password.
answered Sep 14, 2013 at 5:18
myusername ALL=(ALL) NOPASSWD: /path/to/executable
answered May 12, 2011 at 8:30
3 silver badges14 bronze badges
If you want to avoid having to use sudo nor have to change the sudoers config file, you can use:
sudo chown root:root path/to/command/COMMAND_NAME
sudo chmod 4775 path/to/command/COMMAND_NAME
This will make the command run as root without the need of sudo.
8 gold badges26 silver badges32 bronze badges
answered Mar 25, 2017 at 9:10
3 silver badges6 bronze badges
If you have an distro like Manjaro, you must deal first with a file that overrides the definition of /etc/sudoers; you may delete it or work directly with that file to add your new configurations.
This file is:
sudo cat /etc/sudoers.d/10-installer
The ONLY way to see it is under root privileges; you cannot list this directory without it. This file is Manjaro specific: you may find this configuration with a different name, but in same directory.
Ignore authentication for a group:
%group ALL=(ALL) NOPASSWD: ALL
youruser ALL=(ALL) NOPASSWD: ALL
youruser ALL=(ALL) NOPASSWD: /path/to/executable
QUICK NOTE: You are opening a door to use sudo without authentication, which means you can run everything modifying everything on your system; use it with responsibility.
2 gold badges25 silver badges48 bronze badges
answered Jun 17, 2015 at 20:48
1 silver badge6 bronze badges
Verify that sudo is not aliased. Run like this
/usr/bin/sudo /path/to/my/program
For example a shell alias like this one:
alias sudo="sudo env PATH=$PATH"
may cause this behaviour.
2 gold badges69 silver badges75 bronze badges
answered Jul 18, 2014 at 23:54
3 gold badges20 silver badges29 bronze badges
In the script sudoers which is inside /etc/ uncomment the line given below:
#!/bin/bash
ALL ALL = NOPASSWD: /path/of/the/script/which/you/want/to/run/as/root
This is the safest way to run the script with root permission.
answered Sep 22, 2020 at 15:25
When you execute your script you need to run it as sudo /path/to/my/script.
Edit: Based on your comment to another answer, you want to run this from an icon. You will need to create a .desktop file that executes your program with sudo, just like on the terminal.
You could also consider using gtk-sudo for a visual password prompt.
You should probably consider the idea that you shouldn’t be running things as root and that changing the system farther down the road so that you don’t need root permissions at all would be a better way to go.
answered May 12, 2011 at 8:31
18 gold badges196 silver badges226 bronze badges
This solved the issue for me (also tried some of the other answers, that might have helped):
The script I was calling was in /usr/bin, a directory that I don’t have write permissions to (though I can usually read any files there). The script was chmodded +x (executable permisison), but it still didn’t work. Moving this file to a path in my home directory, instead of /usr/bin, I was finally able to call it with sudo without entering a password.
Also something I doubted about (clarifying for future readers): You need to run your script as sudo. Type sudo when calling the script. Don’t use sudo for the command inside your script that actually needs root (changing keyboard backlight in my case). Perhaps that also works, but you don’t need to, and it seems like a better solution not to.
2 gold badges69 silver badges75 bronze badges
answered Jul 18, 2013 at 17:44
3 gold badges24 silver badges37 bronze badges
%sudo ALL=(root) NOPASSWD: /path/to/your/program
Note that %sudo make it.
answered Mar 2, 2019 at 17:11
Alternately you can use python pudo package.
user$ sudo -H pip3 install pudo # you can install using pip2 also
Below is the code snippet for using in python automation for running commands under root privilege:
user$ python3 # or python2
>>> import pudo
>>> (ret, out) = pudo.run(('ls', '/root')) # or pudo.run('ls /root')
>>> print(ret)
>>> 0
>>> print(out)
>>> b'Desktop\nDownloads\nPictures\nMusic\n'
Below is the cmd example for running commands under root privilege:
user$ pudo ls /root
Desktop Downloads Pictures Music
6 gold badges26 silver badges37 bronze badges
answered Feb 14, 2020 at 15:13
Another possibility might be to install, configure, then use the super command to run your script as
super /path/to/your/script
If you want to run some binary executable (e.g. that you have compiled into ELF binary from some C source code) -which is not a script- as root, you might consider making it setuid (and actually /bin/login, /usr/bin/sudo and /bin/su and super are all using that technique). However, be very careful, you could open a huge security hole.
You’ll use chmod u+s (read chmod(1)) when installing such a binary.
But be very careful.
Read many things about setuid, including Advanced Linux Programming, before coding such a thing.
Notice that a script, or any shebang-ed thing, cannot be setuid. But you could code (in C) a small setuid-binary wrapping it.
Be aware that on Linux, application code interact with the Linux kernel using syscalls(2). Most of them could fail, see errno(3). A lot of Linux applications (e.g. GNU bash, GNU make, GNU gdb, GNOME) are open source : you are allowed to download then study and contribute to their source code.
answered Jul 24, 2017 at 11:00
Ideally if you are customizing what commands can be run via sudo you should be making these changes in a separate file under /etc/sudoers.d/ instead of editing the sudoers file directly. You should also always use visudo to edit the file(s). You should NEVER grant NOPASSWD on ALL commands.
Example:
sudo visudo -f /etc/sudoers.d/mynotriskycommand
Then save and exit and visudo will warn you if you have any syntax errors.
You can control the file name ordering by using a prefix of 00-99 or aa/bb/cc, though also keep in mind that if you have ANY files that don’t have numeric prefix, they will load after the numbered files, overriding the settings. This is because depending on your language settings the «lexical sorting» the shell uses sorts numbers first and then may interleave upper and lowercase when sorting in «ascending» order.
answered May 22, 2017 at 21:26
6 silver badges14 bronze badges
but if the structure is command option1 value1, where value1 can vary, you would need to have explicit sudoers lines for each possible value of value1. Shell script provides a way around it.
This answer was inspired by M. Ahmad Zafar’s answer and fixes the security issue there.
- Create a shell script where you call the command without
sudo. - Save the script in a root-privileged folder (e.g.
/usr/local/bin/), make the file root-owned (e.g.chown root:wheel /usr/local/bin/script_name) with no write access for others (e.g.chmod 755 /usr/local/bin/script_name). -
Add the exception to sudoers using visudo:
-
Run your script
sudo script_name.
For example, I want to change display sleep timeout on macOS. This is done using:
sudo pmset displaysleep time_in_minutes
I consider changing the sleep timeout an innocent action that doesn’t justify the hassle of password typing, but pmset can do many things and I’d like to keep these other things behind the sudo password.
#!/bin/bash
if [ $# -eq 0 ]; then
echo 'To set displaysleep time, run "sudo ds [sleep_time_in_minutes]"'
else
if [[ $1 =~ ^([0-9]|[1-9][0-9]|1[0-7][0-9]|180)$ ]]; then
pmset displaysleep $1
else
echo 'Time must be 0..180, where 0 = never, 1..180 = number of minutes'
fi
fi
sudo ds 3
#!/bin/bash
pmset displaysleep $1
answered Mar 30, 2019 at 20:17
