How do I "sudo -i" specific command
I need to run important_script.sh as with sudo -i without password.
If I have in sudoers:
apache ALL = (root) NOPASSWD: /blah/important_script.sh
and run "sudo /blah/important_script.sh" I can run it without password.
However if I run "sudo -i /blah/important_script.sh" I need to enter password for apache.
If I change line in sudoers to:
apache ALL = (root) NOPASSWD:ALL
I can run command "sudo -i /blah/important_script.sh" without password.
But I want to be able to run only /blah/important_script.sh, not ALL commands.
So, how I setup that only /blah/important_script.sh could be ran with sudo -i without password.
Solution 1:
When I try this I get an error message which gives a clue to the problem
Sorry, user bob is not allowed to execute '/bin/bash -c /blah/important_script.sh' as root on host.
Note that we're being denied access to a command /bin/bash -c...
which is different from the one we specified in the sudoers file /blah/important_script...
. When you tell sudo to allow a user to run a specific command, they have to use the exact command line as specified in sudoers so we need to change sudoers appropriately.
bob ALL=(root) NOPASSWD: /bin/bash -c /blah/important_script.sh
This now works for bob
$ sudo -i /bin/bash -c /blah/important_script.sh
So why is it doing this ? Well the man page for sudo has the answer
‑i [command] The ‑i (simulate initial login) option runs the shell specified by the password database entry of the target user as a login shell. This means that login-specific resource files such as .profile or .login will be read by the shell. If a command is specified, it is passed to the shell for execution via the shell's ‑c option. If no command is specified, an interactive shell is executed...