How do I "sudo -i" specific command

I need to run important_script.sh as with sudo -i without password.

If I have in sudoers:

apache ALL = (root) NOPASSWD:    /blah/important_script.sh

and run "sudo /blah/important_script.sh" I can run it without password.

However if I run "sudo -i /blah/important_script.sh" I need to enter password for apache.

If I change line in sudoers to:

apache ALL = (root) NOPASSWD:ALL

I can run command "sudo -i /blah/important_script.sh" without password.

But I want to be able to run only /blah/important_script.sh, not ALL commands.

So, how I setup that only /blah/important_script.sh could be ran with sudo -i without password.


Solution 1:

When I try this I get an error message which gives a clue to the problem

 Sorry, user bob is not allowed to execute '/bin/bash -c /blah/important_script.sh' as root on host.

Note that we're being denied access to a command /bin/bash -c... which is different from the one we specified in the sudoers file /blah/important_script.... When you tell sudo to allow a user to run a specific command, they have to use the exact command line as specified in sudoers so we need to change sudoers appropriately.

bob   ALL=(root) NOPASSWD: /bin/bash -c /blah/important_script.sh

This now works for bob

$ sudo -i /bin/bash -c /blah/important_script.sh

So why is it doing this ? Well the man page for sudo has the answer

‑i [command] The ‑i (simulate initial login) option runs the shell specified by the password database entry of the target user as a login shell. This means that login-specific resource files such as .profile or .login will be read by the shell. If a command is specified, it is passed to the shell for execution via the shell's ‑c option. If no command is specified, an interactive shell is executed...