# A user without sudo $ SUDO_ASKPASS=/bin/false sudo -A whoamiīib is not in the sudoers file. By setting it to /bin/false, we can get two standard responses based on whether the user can run sudo commands as root or not: # A user with sudo $ SUDO_ASKPASS=/bin/false sudo -A whoami 2>&1 The trick here is to take advantage of the askpass option of sudo which tries to use another program to validate the password. This should work, at least on Linux systems (haven't checked other sudo implementations): sudo_response=$(SUDO_ASKPASS=/bin/false sudo -A whoami 2>&1 | wc -l)Įcho "Unexpected sudo response: $sudo_response" >&2
RUN SUDO WITHOUT PASSWORD PASSWORD
I admit that I don't quite understand why you would want this and why you don't just run sudo whoami or something at the beginning of the script to immediately ask users for a password and exit if they cannot continue, but no matter. Whoami can be replaced by other command, that identifies who is running the script Therefore internally in the script I need the command to identify that type of non-root user - so the non-root users that can't not use sudo must be notified and stop the script execution.įor example: # an if statement about 'id -u' not equals a 0Ĭan_use_sudo=$( whoami) # so the non-root user Goal: only the non-root users - that can use sudo - can be able to execute some bash scripts. Or if exists other parameter such as sudo -k that does not ask for the password (of course it does other thing) or other command to accomplish my goal. Problem I want avoid the password prompt part. So until here there is a clear difference and the solution but because I am working with Bash Shell and I need use Command Substitution is_user_sudo=$(sudo -v) # if is empty sudo can be used otherwise not
If either it is valid or sudo's timeout is still valid it returns empty. If the user can use sudo then the sudo -v asks for the password. With sudo -v so far almost the solution happens the following:įor an user that does not have a configuration about sudoers the command returns Sorry, user may not run sudo on. Problem: so with this approach is not possible really know through a command know if the user can use sudo - the solution is only viable to know if the sudo's timeout is still valid or not. And if the user can use sudo and if the sudo's timeout is still valid - it returns 1, otherwise it returns 0 And if the user can use sudo -whether sudo was not executed in the session or the sudo's timeout expired - it prints again the sudo: a password is required message.Īdditionally, with the correct solution (but for the other scenario) $(sudo -n uptime 2>&1 | grep "load" | wc -l)įor an user without sudo permission always returns 0. Sudo - is there a command to check if I have sudo and/or how much time is left?įor a user that does not have a configuration through in sudoers - therefore impossible to use sudo - the execution of sudo -n always prints in the terminal the sudo: a password is required message.Choose any approach and I can explain it in more detail.I want to check if a user is able to use sudo - but without the need to write the password - for bash shell scripts purposes. See this answer for more details on /etc/sudoers.Īll the above allow passwordless root privilege, none require you to hardcode your password. As suggested, you can restrict such usage to specific commands, thus avoiding unlimited passwordless root priviledges in your account. policy file for your script with yes and drop at /usr/share/polkit-1/actionsĮdit /etc/sudoers to allow your user to use sudo without typing your password. Use Polkit for passwordless actions: Configure a. Use options user and noauto to let regular users mount that volume. If what you really want is a password-less mount for that volume, maybe sudo isn't needed at all! So may I suggest other approaches? If you really want to "practice to learn", why not practice using good solutions? Hardcoding your password is learning the wrong approach!
RUN SUDO WITHOUT PASSWORD HOW TO
Many answers focus on how to make your solution work, while very few suggest that your solution is a very bad approach.
0 kommentar(er)
