Page 1 of 1

running script with sudo permission

Posted: 2019/11/21 13:54:36
by knzzz
Hi All,

I want to run a script with sudo perimission to non admin user can any one assist on this

Regards
Kanna

Re: running script with sudo permission

Posted: 2019/11/21 15:07:20
by Errosion
Just to clarify.

You want a non-admin user to be able to run a script utilizing sudo permissions?

Re: running script with sudo permission

Posted: 2019/11/21 23:53:52
by knzzz
Yes , provided with that sudo permission that non admin should run only that script with elevated access

Re: running script with sudo permission

Posted: 2019/11/22 20:30:09
by jlehtone
A sudo rule says:
* who can
* as which user
* run what command

Members of group wheel can impersonate anyone and run all possible commands.
You have to add a rule, where the only valid command is your script.

Re: running script with sudo permission

Posted: 2019/11/23 15:49:31
by MartinR
Best to have a read of sudoers(5) ┬žSecurity Notes. There are a lot of pitfalls in allowing script to be run at elevated privilege and if you get it wrong then a knowledgeable user can escalate privileges all the way to root.

Re: running script with sudo permission

Posted: 2019/11/25 18:42:29
by aks
Add an sudoers entry in /etc/sudoers.d/ and specify the script ONLY as the thing to allow (i.e.: the command).

Re: running script with sudo permission

Posted: 2020/05/03 08:48:00
by kauer
The biggest pitfall of all is leaving the script so that non-root users can change it.

Make sure it is executable only by root. Make sure it is writeable only by root. Preferably make it READABLE only by root. Specify absolute paths to every executable used within the script. If the script takes parameters, sanitise them thoroughly. Check the enclosing directory's permissions too, to make sure no-one can delete and replace the script. If the script calls other scripts, make sure they are protected at least as well as the main script.

Then when you've done all that - don't let non-root users run the script :-)

Regards, K.