sudo is doing precisely what it's designed to do -- preventing users from running something as root unless properly authorized. If you're not permitted to edit sudoers, and you're not authorized, you're not authorized. If there was a way "around" this, it would be a gaping security hole needing to be fixed as soon as possible.
So, you'll need to use means that aren't sudo. Can you su or sudo su ?
If it was a binary program you could set it setuid and it'd always run as root, but this doesn't work for shell scripts.
i do have priviledges
to edit sudoers file
to execute sudo su
and frankly i dont want to exploit any security hole nor interested in finding one.
The thing is this script reportGenerate.sh is going to execute in production env. and due to security policy we are requested not to edit sudoers file.
i cant change ownership of that script.
do u need any more information for finding a appropriate solution.
please do tell..
If you can't use sudo and can't use su and can't use setuid, you're not going to be able to run it as root. They'd likely consider it circumventing their security rules in any case.
Why does the script need root? Maybe the permissions on whatever it needs can be altered so it doesn't.
here is brief intro of situation
the script generateReport.sh is created by me (user xyz) and is kept in another user ( abc ) home directory. ok .
the script want to read some files which abc users have access to.
the current situation is i execute command
sudo su - -s /bin/bash abc
and then access the files
i want to automate this process in script
so when i
sudo ./generateReport.sh $1
it asks my password which i provide then after logging in it produces error as specified in my 1st post. ( user xyz execute script as root on user abc )
i can talk with user abc for some changes if they are minor.
As long as they don't create subdirectories inside it, files in it should always be accessible to anyone in groupname.
This is why they're so heavily discouraging using root: It isn't just dangerous and insecure, it's generally unnecessary. The only thing of all of that which needed elevated access was groupadd, which only needs running once.