I would like to set a specific command to not require sudo privileges, is there a way to accomplish this? I know you can add commands to the sudoer file to allow certain commands to be used by non root accounts, so maybe there is something similar for adding commands to allow regular users to use?

  • Ferk@programming.dev
    link
    fedilink
    arrow-up
    7
    ·
    edit-2
    6 months ago

    What do you mean by “not require sudo privileges”?

    Do you mean not require root permissions? that depends on what are you trying to do. You’ll need to make changes in your system to allow normal users to have permissions for it, and in many cases that’s not possible (or very safe).

    If what you mean is that you don’t want to need to type"sudo" every time, but still be able to have the commands run with root permissions, then there’s multiple ways to do this:

    • Add an alias such as alias command='sudo command'. If you don’t want to type the password, you can change the sudores file so that your user doesn’t need to enter a password when running sudo for that command (someone else in the comments already explained how to do that, using an entry with NOPASSWD: /usr/bin/command in the sudoers config).

    • alternatively: set the SUID bit of the executable you want to run, so that every time the file is executed (by anyone) it will always execute as the user who owns the file (so if the owner is root, the file will always be executed as root)… this is not something I’d recommend though, since it can lead to security vulnerabilities.

    • tal
      link
      fedilink
      English
      arrow-up
      4
      ·
      6 months ago

      since it can lead to security vulnerabilities.

      Most software isn’t written to be hardened for that kind of invocation.

      Also, IIRC you can also do the same thing with the sgid bit.

      goes to check

      Yeah.

      $ mkdir test
      $ cd test
      $ cp /bin/id ./
      $ ls -ln id
      -rwxr-xr-x 1 1000 1000 48144 Jun  6 10:56 id
      $ ./id -g
      1000
      $ sudo chgrp 1001 id 
      $ sudo chmod g+s id 
      $ ./id -g
      1001
      $ ./id -gr
      1000
      $ 
      
      • Ferk@programming.dev
        link
        fedilink
        arrow-up
        2
        ·
        edit-2
        6 months ago

        True, SGID would affect the group it runs as, while SUID affects the user.

        You could set up things so that a group has permissions to do what you want, instead of the root user. But then this also depends on the usecase, I’m not sure if having root group permissions would be enough in all cases.