Run command with sudo by default












4















I need a linux user (lets call him "bob") who is allowed to run a list of commands which require root privileges. So let him be required to run /sbin/firstcommand and /sbin/secondcommand (which are part of the infamous bob-daemon¹) as root, as in sudo firstcommand. Without having to input a password.



This is what I've done to /etc/sudoers so far:



Cmnd_Alias BOBCOMMANDS = /sbin/firstcommand, /sbin/secondcommand
bob ALL=(root) NOPASSWD:BOBCOMMANDS


This leads to bob$ sudo firstcommand and bob$ sudo secondcommand successfully be run as root, but leaves no way to run i.e. bob$ sudo mount ... ..., even with providing a password, which feels perfect to me.



Now, I want the aforementioned bob-daemon¹ to run as user bob rather than root, because it only needs those privileges for the BOBCOMMANDS. In fact, whenever the bob$ firstcommand is issued, I want bob$ sudo firstcommand to be executed.



Looked to me like an alias could fix this: bob$ alias firstcommand="sudo firstcommand"; alias secondcommand="sudo secondcommand" actually worked, but I failed to make the aliases persistent without bob having a home directory.



The last thing I should mention is that this should be easily deployable to multiple machines, so I would prefer not to touch linux' existing system files, apart from having to create bob and changing sudoers.



Any solutions?





¹ simplified by me










share|improve this question
















bumped to the homepage by Community 10 mins ago


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.




















    4















    I need a linux user (lets call him "bob") who is allowed to run a list of commands which require root privileges. So let him be required to run /sbin/firstcommand and /sbin/secondcommand (which are part of the infamous bob-daemon¹) as root, as in sudo firstcommand. Without having to input a password.



    This is what I've done to /etc/sudoers so far:



    Cmnd_Alias BOBCOMMANDS = /sbin/firstcommand, /sbin/secondcommand
    bob ALL=(root) NOPASSWD:BOBCOMMANDS


    This leads to bob$ sudo firstcommand and bob$ sudo secondcommand successfully be run as root, but leaves no way to run i.e. bob$ sudo mount ... ..., even with providing a password, which feels perfect to me.



    Now, I want the aforementioned bob-daemon¹ to run as user bob rather than root, because it only needs those privileges for the BOBCOMMANDS. In fact, whenever the bob$ firstcommand is issued, I want bob$ sudo firstcommand to be executed.



    Looked to me like an alias could fix this: bob$ alias firstcommand="sudo firstcommand"; alias secondcommand="sudo secondcommand" actually worked, but I failed to make the aliases persistent without bob having a home directory.



    The last thing I should mention is that this should be easily deployable to multiple machines, so I would prefer not to touch linux' existing system files, apart from having to create bob and changing sudoers.



    Any solutions?





    ¹ simplified by me










    share|improve this question
















    bumped to the homepage by Community 10 mins ago


    This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.


















      4












      4








      4








      I need a linux user (lets call him "bob") who is allowed to run a list of commands which require root privileges. So let him be required to run /sbin/firstcommand and /sbin/secondcommand (which are part of the infamous bob-daemon¹) as root, as in sudo firstcommand. Without having to input a password.



      This is what I've done to /etc/sudoers so far:



      Cmnd_Alias BOBCOMMANDS = /sbin/firstcommand, /sbin/secondcommand
      bob ALL=(root) NOPASSWD:BOBCOMMANDS


      This leads to bob$ sudo firstcommand and bob$ sudo secondcommand successfully be run as root, but leaves no way to run i.e. bob$ sudo mount ... ..., even with providing a password, which feels perfect to me.



      Now, I want the aforementioned bob-daemon¹ to run as user bob rather than root, because it only needs those privileges for the BOBCOMMANDS. In fact, whenever the bob$ firstcommand is issued, I want bob$ sudo firstcommand to be executed.



      Looked to me like an alias could fix this: bob$ alias firstcommand="sudo firstcommand"; alias secondcommand="sudo secondcommand" actually worked, but I failed to make the aliases persistent without bob having a home directory.



      The last thing I should mention is that this should be easily deployable to multiple machines, so I would prefer not to touch linux' existing system files, apart from having to create bob and changing sudoers.



      Any solutions?





      ¹ simplified by me










      share|improve this question
















      I need a linux user (lets call him "bob") who is allowed to run a list of commands which require root privileges. So let him be required to run /sbin/firstcommand and /sbin/secondcommand (which are part of the infamous bob-daemon¹) as root, as in sudo firstcommand. Without having to input a password.



      This is what I've done to /etc/sudoers so far:



      Cmnd_Alias BOBCOMMANDS = /sbin/firstcommand, /sbin/secondcommand
      bob ALL=(root) NOPASSWD:BOBCOMMANDS


      This leads to bob$ sudo firstcommand and bob$ sudo secondcommand successfully be run as root, but leaves no way to run i.e. bob$ sudo mount ... ..., even with providing a password, which feels perfect to me.



      Now, I want the aforementioned bob-daemon¹ to run as user bob rather than root, because it only needs those privileges for the BOBCOMMANDS. In fact, whenever the bob$ firstcommand is issued, I want bob$ sudo firstcommand to be executed.



      Looked to me like an alias could fix this: bob$ alias firstcommand="sudo firstcommand"; alias secondcommand="sudo secondcommand" actually worked, but I failed to make the aliases persistent without bob having a home directory.



      The last thing I should mention is that this should be easily deployable to multiple machines, so I would prefer not to touch linux' existing system files, apart from having to create bob and changing sudoers.



      Any solutions?





      ¹ simplified by me







      sudo root alias privileges






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Jan 1 '17 at 9:29









      SouravGhosh

      457311




      457311










      asked Oct 27 '14 at 23:43









      LDericherLDericher

      563




      563





      bumped to the homepage by Community 10 mins ago


      This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.







      bumped to the homepage by Community 10 mins ago


      This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
























          1 Answer
          1






          active

          oldest

          votes


















          0














          If this is for a daemon, the standard way of doing things is to put something like this in the init script file:



          USER=bob
          ...
          su -c '/command/to/start/actual/daemon' "$USER"


          In the script file that should be run as bob, just put sudo in front of the pertinent commands.



          Also, make sure you read this about enabling alias expansion in non-interactive Bash shells (e.g. the ones started by a script or daemon).






          share|improve this answer


























          • Actually, the daemon handles user switching itself - started up as root, it does some bootstraps before forking and continuing to run as bob. Plus, I did not create the daemon and would like to avoid patching it for the sake of updatability …

            – LDericher
            Oct 28 '14 at 12:07











          Your Answer








          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "106"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: false,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f164528%2frun-command-with-sudo-by-default%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          0














          If this is for a daemon, the standard way of doing things is to put something like this in the init script file:



          USER=bob
          ...
          su -c '/command/to/start/actual/daemon' "$USER"


          In the script file that should be run as bob, just put sudo in front of the pertinent commands.



          Also, make sure you read this about enabling alias expansion in non-interactive Bash shells (e.g. the ones started by a script or daemon).






          share|improve this answer


























          • Actually, the daemon handles user switching itself - started up as root, it does some bootstraps before forking and continuing to run as bob. Plus, I did not create the daemon and would like to avoid patching it for the sake of updatability …

            – LDericher
            Oct 28 '14 at 12:07
















          0














          If this is for a daemon, the standard way of doing things is to put something like this in the init script file:



          USER=bob
          ...
          su -c '/command/to/start/actual/daemon' "$USER"


          In the script file that should be run as bob, just put sudo in front of the pertinent commands.



          Also, make sure you read this about enabling alias expansion in non-interactive Bash shells (e.g. the ones started by a script or daemon).






          share|improve this answer


























          • Actually, the daemon handles user switching itself - started up as root, it does some bootstraps before forking and continuing to run as bob. Plus, I did not create the daemon and would like to avoid patching it for the sake of updatability …

            – LDericher
            Oct 28 '14 at 12:07














          0












          0








          0







          If this is for a daemon, the standard way of doing things is to put something like this in the init script file:



          USER=bob
          ...
          su -c '/command/to/start/actual/daemon' "$USER"


          In the script file that should be run as bob, just put sudo in front of the pertinent commands.



          Also, make sure you read this about enabling alias expansion in non-interactive Bash shells (e.g. the ones started by a script or daemon).






          share|improve this answer















          If this is for a daemon, the standard way of doing things is to put something like this in the init script file:



          USER=bob
          ...
          su -c '/command/to/start/actual/daemon' "$USER"


          In the script file that should be run as bob, just put sudo in front of the pertinent commands.



          Also, make sure you read this about enabling alias expansion in non-interactive Bash shells (e.g. the ones started by a script or daemon).







          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited May 23 '17 at 12:39









          Community

          1




          1










          answered Oct 28 '14 at 0:37









          Joseph R.Joseph R.

          28.5k375116




          28.5k375116













          • Actually, the daemon handles user switching itself - started up as root, it does some bootstraps before forking and continuing to run as bob. Plus, I did not create the daemon and would like to avoid patching it for the sake of updatability …

            – LDericher
            Oct 28 '14 at 12:07



















          • Actually, the daemon handles user switching itself - started up as root, it does some bootstraps before forking and continuing to run as bob. Plus, I did not create the daemon and would like to avoid patching it for the sake of updatability …

            – LDericher
            Oct 28 '14 at 12:07

















          Actually, the daemon handles user switching itself - started up as root, it does some bootstraps before forking and continuing to run as bob. Plus, I did not create the daemon and would like to avoid patching it for the sake of updatability …

          – LDericher
          Oct 28 '14 at 12:07





          Actually, the daemon handles user switching itself - started up as root, it does some bootstraps before forking and continuing to run as bob. Plus, I did not create the daemon and would like to avoid patching it for the sake of updatability …

          – LDericher
          Oct 28 '14 at 12:07


















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Unix & Linux Stack Exchange!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f164528%2frun-command-with-sudo-by-default%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          Loup dans la culture

          How to solve the problem of ntp “Unable to contact time server” from KDE?

          ASUS Zenbook UX433/UX333 — Configure Touchpad-embedded numpad on Linux