running script with sudo permission

[knzzz]

Hi All,

I want to run a script with sudo perimission to non admin user can any one assist on this

Regards
Kanna

[Errosion]

Just to clarify.

You want a non-admin user to be able to run a script utilizing sudo permissions?

[knzzz]

Yes , provided with that sudo permission that non admin should run only that script with elevated access

[jlehtone]

A sudo rule says:
* who can
* as which user
* run what command

Members of group wheel can impersonate anyone and run all possible commands.
You have to add a rule, where the only valid command is your script.

[MartinR]

Best to have a read of sudoers(5) §Security Notes. There are a lot of pitfalls in allowing script to be run at elevated privilege and if you get it wrong then a knowledgeable user can escalate privileges all the way to root.

[aks]

Add an sudoers entry in /etc/sudoers.d/ and specify the script ONLY as the thing to allow (i.e.: the command).

[kauer]

The biggest pitfall of all is leaving the script so that non-root users can change it.

Make sure it is executable only by root. Make sure it is writeable only by root. Preferably make it READABLE only by root. Specify absolute paths to every executable used within the script. If the script takes parameters, sanitise them thoroughly. Check the enclosing directory's permissions too, to make sure no-one can delete and replace the script. If the script calls other scripts, make sure they are protected at least as well as the main script.

Then when you've done all that - don't let non-root users run the script

Regards, K.