I am looking for an alternative for sudo in linux, where i need not type the password.
OR is there any other version of 'growisofs', which can be executed under sudo??? As currently 'growisofs' refuses to start under sudo...
Thanks in advance
Check the man page for sudoers for the NOPASSWD modifier, which allows you to run certain commands without a password. Example:
youruser ALL = (root) NOPASSWD: /usr/bin/growisofs
You can try to use ssh with a public key like:
ssh root@localhost growisofs
To do this, you must create a public/private key pair for the user who should be allowed to ssh into the root account and then put the public key into root's authorized_keys file. You may restrict this key to execute only growisofs by writing
command="growisofs" ...
in front of the public key in root's authorized_keys file. You also have to allow root login in the sshd_config file
PermitRootLogin yes
ssh root@localhost growisofs
Above command asked for the password and password is not set on my machine. Without entering password, i presses enter but "Permission denied" message is shown. So how can i handle this?
Looking forward for reply,
Thanks in advance
Does it ask for the root password or is your RSA key protected by a passphrase.
If the following command asks for a password, then your private key is protected with a passphrase.
ssh-keygen -y -f /path/to/your/private-key
In this case you need to create another key without passphrase and use this to login into the root account or remove the passphrase from the existing key.
If this is not the problem, then please check, that your public key in root's authorized_keys file is entered in a single line. This is a common problem with copy-and-pasting a key resulting in two or more lines in the authorized_keys file.
Just a question: why use SSH and public key authentication to create a password-less connection to the local host in order to run a program as root, losing all environment variables and other settings, if sudo lets you retain all that in a much simpler way? Or is there a certain reason you didn't pick up on my explanation above?
ssh root@localhost growisofs
Do i need to first generate private key before giving above command? If yes, then how can we generate private key? If not then how can we determine the path to private-key?
how can we create another key without passphrase? and where root's authorized_keys file and sshd_config file is located?
looking forward for reply,
Thanks in advance
---------- Post updated at 07:39 AM ---------- Previous update was at 07:36 AM ----------
pludi,
I followed the steps u told, but it is not working....
can u tell me alternate way or any additional thing to do?
@Pludi: growisofs does not run under sudo by design for security reasons, because it can be abused to execute arbitrary programs with elevated privileges, as stated in the man page.
Define "it's not working". What error message are you getting (if any)?
Example sudoers entry:
pludi ALL = (root) NOPASSWD: /usr/bin/id
Usage:
$ sudo -l
User pludi may run the following commands on this host:
(ALL) ALL
(root) ALL
(root) NOPASSWD: /usr/bin/id
$ id
uid=1002(pludi) gid=100(users) groups=10(wheel),16(dialout),33(video),100(users)
$ sudo id
uid=0(root) gid=0(root) groups=0(root)
$ sudo /bin/echo Test
pludi's password:
Test
---------- Post updated at 15:00 ---------- Previous update was at 14:57 ----------
True, didn't see that, thanks for pointing it out. But in the same section it presents a wrapper script that can be used in place of the real executable, as well as the recommendation to change it to SUID, as it will drop the privileges itself. That way, neither sudo nor ssh are needed.
I'm not sure if the suid bit is the best way to go, because the next update-rpm might change the access rights back to the Redhat default which seems to be not suid.
pludi,
it is not giving any error message, but not giving required out put. and still 'growisofs' need to switch user by su.
can u tell me any other way or any additional thing in this method to solve this problem?
A different way to solve the problem would be to set the setuid mode bit on the executable:
sudo chmod u+s /usr/bin/growisofs
That gives the executable the ability to set it's UID to root regardless of which user is executing it. After that, you don't even need sudo.
Some frown on this as a security hole. I guess a criminal could figure out how to execute that program to get elevated privileges and then do something bad. But it's an option.
growisofs will work under sudo if you unset the SUDO_COMMAND variable.