How do I sudo a command in a script without being asked for a password?

Solution 1:

Please note: Any method which involves putting your login password in plain text, in a command or in a file, is insecure and should NOT be used!

The correct way to do it to setup sudo such that only the one specific command you need, i.e. echo date... > rtc..., is allowed to run WITHOUT needing the password.

Step 1. Create a shell script with just that command

  • Open up gedit (or your favorite editor), and create the script e.g. pydatertc.sh
  • Insert only this line, and save it to, e.g. your home directory:
    echo date \'+%s\' -d \'+ 24 hours\' > /sys/class/rtc/rtc0/wakealarm
  • Quit the editor, and from the terminal, make the script executable and change its ownership to root, otherwise another user with access to your system could possibly edit it and execute whatever commands they want as root without needing your password:
    sudo chown root:root /home/username/pydatertc.sh
    sudo chmod 700 /home/username/pydatertc.sh
    

Step 2. Set up sudo to allow pydatertc.sh to execute without requiring a password

  • Type sudo visudo at the terminal to open the sudo permissions (sudoers) file
  • Around line 25, you'll see this line: %sudo ALL=(ALL:ALL) ALL
  • Below that line, insert the following line, where username is your username:
    username  ALL=(ALL) NOPASSWD: /home/username/pydatertc.sh
  • Exit the editor (Ctrl+X if nano)

Step 3. Modify your python script to call pydatertc.sh

  • Change the line to:
    os.system('sudo /home/username/pydatertc.sh')

Now your script should run without requiring a password AND without compromising the security of your account, your data or your system!


Alternative only for wakealarm (not for general use!):

In this specific case only, since the /sys/class/rtc/rtc0/wakealarm file only controls the wake-up alarm for the system and is otherwise harmless, another alternative to avoid the password is either to take ownership of that file with chown (if you are the only user setting the alarm), or make it world-writeable with chmod +666; in that case, simply remove the sudo from your Python call, leaving sh -c "...." intact.

Solution 2:

Warning!

Putting your login password in plain text, in a command or file, is extremely insecure and can compromise your private data and your system. It is highly recommended never to do this even if you think your system is "personal" or in a "safe location"!

If the script is only for personal use and you have placed it in a safe place and you are not afraid of your account being stolen and such, then here's a simple solution:

echo LOGINPASSWD | sudo -S COMMAND HERE

where LOGINPASSWD is your login password (example: iloveponies) and COMMAND HERE is your command that comes after sudo, like sh -c "echo da.. etc

Solution 3:

If you don't mind the script running at a specific time on the hour (or during the day), put it inside root's home directory (/root), and run the script from the system crontab (/etc/crontab) as root. Then you won't have to compromise your security.

See https://help.ubuntu.com/community/CronHowto for how to add the script to the crontab.

Solution 4:

Another related nice feature of sudo which hasn't been mentioned in the excellent answers above is the 'timestamp_timeout' variable. It is a sudo variable which you may increase to save on interactive password typing.

Example, in /etc/sudoers (or one of the files included from it) you may modify the default:

# only require a password once every 60 minutes
Defaults timestamp_timeout=60

Full description from 'man sudoers':

timestamp_timeout

        Number of minutes that can elapse before sudo will ask for
        a passwd again.  The default is 5, set this to 0 to always
        prompt for a password.

Of course, this cannot help in the specific case of running the command from cron. But it is a good thing to be aware of.

Solution 5:

export MY_SUDO_PASS="user_password_here"

To test if it's working type:

echo $MY_SUDO_PASS
> user_password_here

To run "sudo apt-get update", and accept password from environment variables what we created before:

echo $MY_SUDO_PASS | sudo -S apt-get update

Run from python (example changing directory ownership recursively to username_here):

python
>> import subprocess
>> subprocess.call('echo $MY_SUDO_PASS | sudo -S chown -R username_here /home/username_here/folder_to_change_ownership_recursivley', shell=True)

echo $MY_SUDO_PASS get's password -S switch catching it and passing the password to sudo