Now, it can be verified if the user can execute the command with the sudo prefix without using the password: Inside it would be add the command 'apt' in the file as we did with the previous commands:Įntreunosyceros ALL=NOPASSWD:/bin/mkdir,/bin/chmod,/usr/bin/aptĪfter adding the command, save and close the sudoers file. In case we are interested in not having to type the password for sudo when executing the apt command, we will have to edit the sudoers file again: sudo visudo In the terminal (Ctrl + Alt + T) you would have to write:Īs you can see in the screenshot above, the path for the apt command is / usr / bin / apt, therefore this is the path to add in the sudoers file. In case of not being sure of it, we can use the command ' where's'to find out the correct path to apt. In this case we want to add a command with a different path than the one we have used so far, the path to apt for example, we will need to correctly write the path to the executable file. Find the path to the command and add it to the sudoers file Yes indeed, when running all other commands, if you will be prompted to enter the password to use sudo. From now on, the user referred to by the line added to the file sweats you will not need to enter the sudo password while executing any of the added commands. We will be able add as many commands as we want separating them with commas, as it's shown in the following:Įntreunosyceros ALL=NOPASSWD:/bin/mkdir,/bin/chmodĪfter finishing adding the line, log out and log in again or reboot the system. According to this line, this user will be able to execute the command ' mkdir'without typing the sudo password. In this line that is added in the previous capture, entreunosyceros is the username. When the file is opened, at the end of it we will add the following line: In the terminal (Ctrl + Alt + T) we write: sudo visudo To do this, we will have to edit the sudoers. Let's say we want a user named interunosyceros run the mkdir command without having to type the sudo password. If for any reason, whatever it may be, you are interested in allowing a user to execute a particular command without having to type the sudo password, you should add that command to the sudoers file. 3 Ask for the sudo password for a specific command in the sudoers fileĮxecute specific commands without sudo password in Ubuntu.2 Find the path to the command and add it to the sudoers file.1 Execute specific commands without sudo password in Ubuntu.You may replace %wheel with other group names like %sudoers or other user names like deployer. To achieve above in Ansible, refer to the following: - name: sudo without password for wheel groupĬontent: '%wheel ALL=(ALL:ALL) NOPASSWD:ALL' # Allows people in group wheel to run all commandsĪnd instead of fiddling with /etc/sudoers file, we can create a new file in /etc/sudoers.d/ directory since this directory is included by /etc/sudoers by default, which avoids the possibility of breaking existing sudoers file, and also eliminates the dependency on the content inside of /etc/sudoers. And to make it password-less is to additionally specify NOPASSWD in /etc/sudoers.Įxample of /etc/sudoers: # Allow root to run any commands anywhere To create a user with sudo privileges is to put the user into /etc/sudoers, or make the user a member of a group specified in /etc/sudoers. And yes.I was able to ssh into the server as "deployer" and run sudo commands without having to give a password. To /etc/sudoers when the playbook is run a subsequent time. It doesn't add the line %wheel ALL=(ALL) NOPASSWD: ALL name: Set up authorized keys for the deployer userĪuthorized_key: user=deployer key=""Īnd the best part is that the solution is idempotent. name: Add deployer user and add it to sudo I am trying to figure out how to use Ansible (version 2.0.2.0 and python 2.7.3) to create a user called "deployer" and be able to log into the server with that id and then so sudo-ish things like "apt-get install". With this setup, I can log into the server and do stuff like: workstation> ssh sudo apt-get install git It has a user called "deployer" (used with capistrano), and as such, it needs sudo privileges.
0 Comments
Leave a Reply. |