![]() I know I can make a cron for this but I also want to be able to execute the script manually without entering my password. When I login again and execute the script with trim I still need to enter my password. Next I added a line to my sudoers file with visudo: kf ALL=(ALL) NOPASSWD: /home/kf/bin/trim.sh I changed the ownership of the script to root: sudo chown root:root /home/kf/bin/trim.shĪnd made it executable sudo chmod 700 /home/kf/bin/trim.sh I placed my script in /home/kf/bin (I added the bin dir myself) and included this directory in my path so I can run it from everywhere. There are similar questions/answers but non seems to work for me. I want to execute a script that requires root privileges without entering a password. Please, also note that, the user named “root” and, the group named “root” are required –.In the first case, at least one “normal” user has to be assigned a UID in the range 1 … 99 – the statically allocated system User IDs –.Meaning that, the user “root” (User ID value = 0) can either be locked – logins disabled – even from the console terminal – or, logins to the user “root” are allowed. Moreover, in the mostly installation, you can choose whether to create a root user or whether the first user created during the installation will be an administrator. Everybody can change to her/his liking (or addiction to habit). So the distributed sudo configuration is made to follow the policy. OpenSUSE has the policy to always ask for the root password for YaST, … and sudo. And in the sudo tool these checks are configurable. Only the checks on “is this allowed or not” depend on the tool used (there may even be no checks at all). That functions the same on every system regardless of the usage of sudo or something else, and when using sudo it is independent of the way sudo is configured. The kernel will not except certain calls to it (amongst them those that are contrary to file access permissions) when not done by a root owned process.Īre you aware of the underlying mechanism to start a root owned process as child of a user owned process (because that is what we are talking about)? ![]() There is always the root user, which is defined as the user with UID=0.Īnd processes that have to run owned by the root user are still processes that have to be owned by the root user to allow them to do the tasks to be done. No, It is impossible to remember “the controversy in the Debian community about the introduction of sudo years ago” simply because one can not remember things one never knew about.Īnd talking about wether to “create a root user” or not is nonsense IMHO. How could we explain to our customers that we introduced software from “somewhere else” on the systems they used? When something went wrong, who to sue? I remember that sudo emerged as a product of some university and was rejected by us because it wasn’t covered by the support and responsibility (it is much about security) of HP, SUN, IBM, etc. When I talk about “old Unix school”, I mean things like HP-UX, SUN-OS/Solaris, AIX, … Nevertheless, I found the openSUSE approach strange to require a root password after issuing the sudo command, because I’m so used to it that sudo, like Windows, requires the user’s password in most distributions. I myself prefer the root role if I need explicit privileges to perform a system-wide operation. If you are a member of the old Unix school, you will probably remember the controversy in the Debian community about the introduction of sudo years ago, how much resentment it caused at the time. I assume the approach you have seen in other distributions, is more to the taste of former MS Windows users, where there is no real division (until some years ago even no one at all) between administrator and user and above that, there is in fact only one user where Unix/Linux accommodates a multi-user environment. Different roles even if the same person is executing both functions. I am from old school Unix and I am very much aware of the builtin division between root and users and the inherent security it offers.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |