Help with Shell Script on sudo

I want to execute a script(generateReport.sh) which resides on root home directory from shell script(localtrigger.sh) as root by using sudo.

The thing is
i cant edit /etc/sudoers (i can but m not allowed to do it , ethically)
i cant change ownership of generateReport.sh script

When i try to run command using

sudo ./generateReport.sh $1 $2 $3 $4 $5 $6

in the localtrigger.sh script

i get this error

Sorry, user xyz is not allowed to execute './generateReport.sh' as root on usrdts.

i have no problem even if sudo asks for a password when i run localtrigger.sh

Please help me out.

Thanks in advance.

You will need to edit /etc/sudoers to include the user information.

#/etc/sudoers - use visudo to edit the file
#without passwd
xyz  ALL= NOPASSWD:/full/path/to/generateReport.sh

#with passwd
xyz  ALL= PASSWD:/full/path/to/generateReport.sh

--ahamed

thanx for reply

yes i know,
i have tried it earlier and it works but
this is not the solution which i can implement due to some policies.

Do u know any other solution????

sudo is doing precisely what it's designed to do -- preventing users from running something as root unless properly authorized. If you're not permitted to edit sudoers, and you're not authorized, you're not authorized. If there was a way "around" this, it would be a gaping security hole needing to be fixed as soon as possible.

So, you'll need to use means that aren't sudo. Can you su or sudo su ?

If it was a binary program you could set it setuid and it'd always run as root, but this doesn't work for shell scripts.

i do have priviledges
to edit sudoers file
to execute sudo su

and frankly i dont want to exploit any security hole nor interested in finding one.

The thing is this script reportGenerate.sh is going to execute in production env. and due to security policy we are requested not to edit sudoers file.
i cant change ownership of that script.

do u need any more information for finding a appropriate solution.
please do tell..

and thnx for reply

If you can't use sudo and can't use su and can't use setuid, you're not going to be able to run it as root. They'd likely consider it circumventing their security rules in any case.

Why does the script need root? Maybe the permissions on whatever it needs can be altered so it doesn't.

again i really appreciate ur help.

i can use sudo but cannot edit sudoers file.

here is brief intro of situation
the script generateReport.sh is created by me (user xyz) and is kept in another user ( abc ) home directory. ok .
the script want to read some files which abc users have access to.

the current situation is i execute command

 sudo su - -s /bin/bash abc 

and then access the files

i want to automate this process in script
so when i

 sudo ./generateReport.sh $1 

it asks my password which i provide then after logging in it produces error as specified in my 1st post. ( user xyz execute script as root on user abc )

i can talk with user abc for some changes if they are minor.

Normal file permissions are enough to do what you want.

Add both users to a group of your choosing. Make a new group if you want using groupadd.

User one does this:

chown :groupname file1 file2 file3
chmod g+r file1 file2 file3

The 'chmod' is probably optional, group-read may be set by default anyway.

User two will be able to read file1, file2, file3 without being root.

It's also possible to make a directory whose files will belong to a particular group by default:

$ mkdir directory
$ chown :groupname directory
$ chmod g+s directory
$ touch directory/asdf
$ ls -l directory
-rw-r--r-- 1 username groupname 0 Sep 13 18:03 123

As long as they don't create subdirectories inside it, files in it should always be accessible to anyone in groupname.

This is why they're so heavily discouraging using root: It isn't just dangerous and insecure, it's generally unnecessary. The only thing of all of that which needed elevated access was groupadd, which only needs running once.