Runing .sh files as root

I need to run something as sudo without a password, so I used visudo and added this to my sudoers file:

MYUSERNAME ALL = NOPASSWD: /path/to/my/program

Then I tried it out:

$ sudo /path/to/my/program
[sudo] password for MYUSERNAME: 

Gilles 'SO- stop being evil''s user avatar

asked Aug 16, 2011 at 10:29

LanceBaynes's user avatar

97 gold badges249 silver badges348 bronze badges

If there are multiple matching entries in /etc/sudoers, sudo uses the last one. Therefore, if you can execute any command with a password prompt, and you want to be able to execute a particular command without a password prompt, you need the exception last.

myusername ALL = (ALL) ALL
myusername ALL = (root) NOPASSWD: /path/to/my/program

Community's user avatar

answered May 12, 2011 at 11:36

Gilles 'SO- stop being evil''s user avatar

Having done that, sudo will prompt for a password normally for all commands except /path/to/my/program, which it will always let you run without asking for your password.

Thomas's user avatar

answered Aug 16, 2011 at 11:32

Warren Young's user avatar

Warren Young

16 gold badges177 silver badges168 bronze badges

How do I run a .sh script with root privileges from Ubuntu’s cmd? Some scripts require to enter the password. I watn to avoid this.

lexu's user avatar

11 silver badges19 bronze badges

asked Aug 3, 2009 at 13:22

lak-b's user avatar

If security is a concern, I wouldn’t do this as has been mentioned.

Better would be to use visudo to edit the sudoers file, and edit all the commands that the script uses that need to be root. So, the whole script doesn’t need to be root, but maybe shutdown does (contrived example), so:

And then, in the scipt:

sudo /sbin/shutdown

answered Aug 3, 2009 at 13:47

Kyle Brandt's user avatar

Kyle Brandt

74 gold badges305 silver badges446 bronze badges

Do you mean a command inside the script is asking for a password, or that you just want to run it once with a password at launch, or that you have a script that’s automated to run and is pausing for a password?

I normally launch with sudo from the command prompt and it uses root privileges, but otherwise you may have to muck with the sudoer’s file in /etc to apply «nopasswd» to the command or script you’re using.

answered Aug 3, 2009 at 13:46

Bart Silverstrim's user avatar

Bart Silverstrim

9 gold badges66 silver badges87 bronze badges

%cdrom    ALL = NOPASSWD: /usr/bin/k3b

This is not a good practice for shell scripts unless you are running an application like tripwire that will detect changes to the script.

answered Aug 3, 2009 at 13:27

duffbeer703's user avatar

4 gold badges31 silver badges39 bronze badges

As other’s have advised: be carefull

user@prompt>sudo su -
password: xXxXxXx

answered Aug 3, 2009 at 16:44

lexu's user avatar

11 silver badges19 bronze badges

See the manpage.

answered Aug 3, 2009 at 13:27

brian-brazil's user avatar

1 gold badge22 silver badges16 bronze badges

This is my simple bash:


echo "hello"
su - root -c /path/to/ <<EOF
echo "good bye"

But I get this error:

su: must be run from a terminal
good bye
echo "hello"
sudo su <<EOF
echo "good bye"

Again another error

echo "hello"
su root <<EOF
echo "good bye"

when I try:

echo "hello"
sudo -s <<EOF
echo Now I am root
echo "yes!"
echo "good bye"

Then the output is:

[sudo] password for <user>:

I also changed my script to:

#!/usr/bin/expect -f
spawn sudo -s <<EOF
expect "assword for user:"
send -- "password\r"
expect eof

and output is:

spawn sudo -s <<EOF
[sudo] password for user:
/bin/bash: <<EOF: command not found

Also which sh output is /bin/sh

How can I resolve the error in these three scripts?

asked Feb 18, 2014 at 17:45

MLSC's user avatar

7 gold badges21 silver badges28 bronze badges

You can pipe the password and send it in the command inside the script.

echo "password" | sudo -S 

But it is not a good idea to send the password in the command line. If you need more information on how to login as root from the script, you can look at the answer provided here.

However, if it is for experimental purposes, we can use the expect to enter the password from command line. The script needs be modified like below.

#!/usr/bin/expect -f 
spawn sudo -s <<EOF 
expect "assword for username:" 
send -- "user-password\r" 
expect eof

The last line is needed since we need to press the Enter after inputting the password. As Tian suggested, it is not a good idea to send the root password in the shell script.

Дополнительно:  Download how to root apk

Community's user avatar

answered Feb 18, 2014 at 17:48

Ramesh's user avatar

43 gold badges140 silver badges215 bronze badges

Embedding the root password in the script isn’t a good idea, from a security point of view, this is probably why su attempts to get it initially from a terminal.

answered Feb 18, 2014 at 17:58

X Tian's user avatar

X Tian

2 gold badges33 silver badges48 bronze badges


However, now that you are aware of the risks, it is possible to use sudo -kS to have sudo read the password from stdin:

sudo -kSs << EOF
echo "Not a good idea to have a password encoded in plain text"

Community's user avatar

answered Feb 18, 2014 at 19:35

MLSC's user avatar

7 gold badges21 silver badges28 bronze badges

Have You tried /etc/sudoers?

your_user ALL=(ALL) NOPASSWD: /path/to/

(edit with: sudoedit /etc/sudoers)
then, You will be able to run:

sudo /path/to/script without password

answered Nov 3, 2014 at 2:00

Marcin Fabrykowski's user avatar

Linux run command or script as root (sudo) on startup / boot

This article explains how to run a command or script at startup / boot as root on Linux, in two ways: using systemd or a cron job.

To use systemd to run a command or script as root when your computer boots, create a file (as root) called (replace with whatever you want to call it) in .

We can use Nano command line text editor to open / create this file:

sudo nano /etc/systemd/system/mycommand.service

Here, change the value to describe what this does, and the value to the command or path of the script you want to run as root on startup. Don’t add at the beginning of the command or script, because it runs as root anyway.

Now save the file and exit Nano. In case you’re not familiar with Nano text editor, you can save the file by pressing Ctrl + o, then . Exit by pressing Ctrl + x.

sudo systemctl enable mycommand.service

Remember to replace with the actual filename you’ve used for this systemd service file. There’s no need to run the systemd service right now, since this is about running it on boot.

If you use this to run a script, make sure to make the script executable (chmod +x /path/to/script) or else it won’t run.

You might also like: How To Launch Startup Applications With A Delay

How to use a cron job to run a command or script as root on startup / boot

sudo crontab -e
@reboot /path/to/command/or/script

Now save the crontab and exit. If you’ve used Nano command line editor to edit it (should be default in most cases), you can save the file by pressing Ctrl + o, then . Exit Nano by pressing Ctrl + x. Don’t add before command or script, because it runs as root anyway, since it’s added to the root crontab.

In case you want to use a particular editor to edit the root crontab, run it like this: sudo EDITOR=editor crontab -e, e.g. for Vim: sudo EDITOR=vim crontab -e, or for Nano: sudo EDITOR=nano crontab -e.

A few notes about this:

  • If you use this to run a script, make sure to make the script executable (chmod +x /path/to/script) or else it won’t run
  • Use the full path to the command or script, or else it may fail to run (this depends on the Linux distribution you’re using, e.g. you don’t need to use the full path on Ubuntu 20.04 for example)
  • If the script ran by cron also includes commands without the full path, you can avoid having to rewrite the script by adding this at the top of the crontab file:
  • If you need to delay the start of the command / script, you can make use of the command, e.g.: to run the command or script 60 seconds after the system boots

You might also like: How To Run A Command After The Previous One Has Finished On Linux

Which to choose between systemd or a cron job to run a command or script as root on startup / boot, if you have a choice? When in doubt, pick systemd (if it’s available on your system) because it should be more reliable and easier to use.

Also, on Fedora, cron is not installed by default (install it using sudo dnf install cronie). On Manjaro, cron is installed by default, but not enabled by default (enable it using sudo systemctl enable --now cronie).

Дополнительно:  LED Samsung UE40D6510WS дрожит изображение

You might like: How To Find All Files Containing Specific Text On Linux From The Command Line

This answer has been deemed insecure. See comments below

  1. Create a new script file (replace with your desired script name):

    vim ~/
  2. mkdir /abc

    Note: Don’t add sudo to these commands. Save and exit (using :wq!)

  3. Assign execute permissions to it using:

    sudo chmod u+x
  4. Make changes so that this script doesn’t require a password.

    1. Open the sudoers file:

      sudo visudo -f /etc/sudoers
    2. ahmad ALL=(root) NOPASSWD: /home/ahmad/
  5. Now when running the command add sudo before it like:

    sudo ./

    This will run the commands inside the script file without asking for a password.

Eldamir's user avatar

answered Sep 14, 2013 at 5:18

M. Ahmad Zafar's user avatar

myusername ALL=(ALL) NOPASSWD: /path/to/executable

answered May 12, 2011 at 8:30

musiKk's user avatar

3 silver badges14 bronze badges

If you want to avoid having to use sudo nor have to change the sudoers config file, you can use:

sudo chown root:root path/to/command/COMMAND_NAME
sudo chmod 4775 path/to/command/COMMAND_NAME

This will make the command run as root without the need of sudo.

Thomas's user avatar

8 gold badges26 silver badges32 bronze badges

answered Mar 25, 2017 at 9:10

linuxgnuru's user avatar

3 silver badges6 bronze badges

If you have an distro like Manjaro, you must deal first with a file that overrides the definition of /etc/sudoers; you may delete it or work directly with that file to add your new configurations.

This file is:

sudo cat /etc/sudoers.d/10-installer

The ONLY way to see it is under root privileges; you cannot list this directory without it. This file is Manjaro specific: you may find this configuration with a different name, but in same directory.

Ignore authentication for a group:

youruser ALL=(ALL) NOPASSWD: /path/to/executable

QUICK NOTE: You are opening a door to use sudo without authentication, which means you can run everything modifying everything on your system; use it with responsibility.

Toby Speight's user avatar

2 gold badges25 silver badges48 bronze badges

answered Jun 17, 2015 at 20:48

Lyoneel's user avatar

1 silver badge6 bronze badges

Verify that sudo is not aliased. Run like this

/usr/bin/sudo /path/to/my/program

For example a shell alias like this one:

alias sudo="sudo env PATH=$PATH"

may cause this behaviour.

peterph's user avatar

2 gold badges69 silver badges75 bronze badges

answered Jul 18, 2014 at 23:54

Sepero's user avatar

3 gold badges20 silver badges29 bronze badges

In the script sudoers which is inside /etc/ uncomment the line given below:

ALL    ALL = NOPASSWD: /path/of/the/script/which/you/want/to/run/as/root

This is the safest way to run the script with root permission.

answered Sep 22, 2020 at 15:25

Cherry's user avatar

When you execute your script you need to run it as sudo /path/to/my/script.

Edit: Based on your comment to another answer, you want to run this from an icon. You will need to create a .desktop file that executes your program with sudo, just like on the terminal.

You could also consider using gtk-sudo for a visual password prompt.

You should probably consider the idea that you shouldn’t be running things as root and that changing the system farther down the road so that you don’t need root permissions at all would be a better way to go.

Michael Mrozek's user avatar

answered May 12, 2011 at 8:31

Caleb's user avatar

18 gold badges196 silver badges226 bronze badges

This solved the issue for me (also tried some of the other answers, that might have helped):

The script I was calling was in /usr/bin, a directory that I don’t have write permissions to (though I can usually read any files there). The script was chmodded +x (executable permisison), but it still didn’t work. Moving this file to a path in my home directory, instead of /usr/bin, I was finally able to call it with sudo without entering a password.

Also something I doubted about (clarifying for future readers): You need to run your script as sudo. Type sudo when calling the script. Don’t use sudo for the command inside your script that actually needs root (changing keyboard backlight in my case). Perhaps that also works, but you don’t need to, and it seems like a better solution not to.

Дополнительно:  Код ошибки 0xc0000225 в Windows 7/10

peterph's user avatar

2 gold badges69 silver badges75 bronze badges

answered Jul 18, 2013 at 17:44

Luc's user avatar

3 gold badges24 silver badges37 bronze badges

%sudo ALL=(root) NOPASSWD: /path/to/your/program

Note that %sudo make it.

answered Mar 2, 2019 at 17:11

Lakindu Akash's user avatar

Alternately you can use python pudo package.

user$ sudo -H pip3 install pudo # you can install using pip2 also

Below is the code snippet for using in python automation for running commands under root privilege:

user$ python3 # or python2
>>> import pudo
>>> (ret, out) ='ls', '/root')) # or'ls /root')
>>> print(ret)
>>> 0
>>> print(out)
>>> b'Desktop\nDownloads\nPictures\nMusic\n'

Below is the cmd example for running commands under root privilege:

user$ pudo ls /root
Desktop  Downloads  Pictures  Music

Paulo Tomé's user avatar

6 gold badges26 silver badges37 bronze badges

answered Feb 14, 2020 at 15:13

Madhusudhan Kasula's user avatar

Another possibility might be to install, configure, then use the super command to run your script as

super /path/to/your/script

If you want to run some binary executable (e.g. that you have compiled into ELF binary from some C source code) -which is not a script- as root, you might consider making it setuid (and actually /bin/login, /usr/bin/sudo and /bin/su and super are all using that technique). However, be very careful, you could open a huge security hole.

You’ll use chmod u+s (read chmod(1)) when installing such a binary.

But be very careful.

Read many things about setuid, including Advanced Linux Programming, before coding such a thing.

Notice that a script, or any shebang-ed thing, cannot be setuid. But you could code (in C) a small setuid-binary wrapping it.

Be aware that on Linux, application code interact with the Linux kernel using syscalls(2). Most of them could fail, see errno(3). A lot of Linux applications (e.g. GNU bash, GNU make, GNU gdb, GNOME) are open source : you are allowed to download then study and contribute to their source code.

answered Jul 24, 2017 at 11:00

Basile Starynkevitch's user avatar

Ideally if you are customizing what commands can be run via sudo you should be making these changes in a separate file under /etc/sudoers.d/ instead of editing the sudoers file directly. You should also always use visudo to edit the file(s). You should NEVER grant NOPASSWD on ALL commands.

sudo visudo -f /etc/sudoers.d/mynotriskycommand

Then save and exit and visudo will warn you if you have any syntax errors.

You can control the file name ordering by using a prefix of 00-99 or aa/bb/cc, though also keep in mind that if you have ANY files that don’t have numeric prefix, they will load after the numbered files, overriding the settings. This is because depending on your language settings the «lexical sorting» the shell uses sorts numbers first and then may interleave upper and lowercase when sorting in «ascending» order.

answered May 22, 2017 at 21:26

dragon788's user avatar

6 silver badges14 bronze badges

but if the structure is command option1 value1, where value1 can vary, you would need to have explicit sudoers lines for each possible value of value1. Shell script provides a way around it.

This answer was inspired by M. Ahmad Zafar’s answer and fixes the security issue there.

  1. Create a shell script where you call the command without sudo.
  2. Save the script in a root-privileged folder (e.g. /usr/local/bin/), make the file root-owned (e.g. chown root:wheel /usr/local/bin/script_name) with no write access for others (e.g. chmod 755 /usr/local/bin/script_name).
  3. Add the exception to sudoers using visudo:

  4. Run your script sudo script_name.

For example, I want to change display sleep timeout on macOS. This is done using:

sudo pmset displaysleep time_in_minutes

I consider changing the sleep timeout an innocent action that doesn’t justify the hassle of password typing, but pmset can do many things and I’d like to keep these other things behind the sudo password.

if [ $# -eq 0 ]; then
        echo 'To set displaysleep time, run "sudo ds [sleep_time_in_minutes]"'
        if [[ $1 =~ ^([0-9]|[1-9][0-9]|1[0-7][0-9]|180)$ ]]; then
                pmset displaysleep $1 
                echo 'Time must be 0..180, where 0 = never, 1..180 = number of minutes'

sudo ds 3

pmset displaysleep $1 

answered Mar 30, 2019 at 20:17

Koit Saarevet's user avatar

Оцените статью
Master Hi-technology
Добавить комментарий