4

Is it a bad practice to run a command which requires sudo in ~/.profile?

If really want to do that, how can I make the command run at rebooting Ubuntu?

  • make the command running with sudo and under my user account not require password, by editing /etc/sudoers?

  • provide my password in the command with sudo in ~/.profile, by echo <passwd> | sudo -S <mycommand>?

I haven't verified if the first way works, because I am still learning how to do it.

The second way seems to raise serious security concern, and probably the least way I want to go.

Thanks.

Tim
  • 101,790

1 Answers1

5

If you put the command in your ~/.profile, it will run every time you launch a login shell. Some terminal emulators allow you to use a login shell for each terminal window. Do you want your command running that often?

If you want to be allowed to use sudo for that command without entering a password, use the visudo command with sudo visudo (or, to use your favourite editor, use sudo -E visudo).
DO NOT EDIT /etc/sudoers DIRECTLY.

Add a line like this:

tim  ALL=(ALL) NOPASSWD: /path/to/my/command

The order is important in the sudoers file, so add it below this line: root ALL=(ALL:ALL) ALL

However, if you only want it to run when your system starts up, add it to /etc/rc.local and you don't have to worry about sudo.

glenn jackman
  • 85,964
  • Thanks! Curious why "DO NOT EDIT /etc/sudoers DIRECTLY"? How differently does visudo work from editing the file directly? – Tim Apr 01 '18 at 14:36
  • 1
    @Tim From man visudo: "visudo locks the sudoers file against multiple simultaneous edits, provides basic sanity checks, and checks for parse errors.". You definitively do not want /etc/sudoers get corrupted, recovering from such a situation is a hassle. – nohillside Apr 01 '18 at 14:38
  • @patrix Thanks. I am probably not going to try the dangerous sudoers way. May I still ask about it? If the command I want to run in ~/.profile is a bash script which contains a command which needs root privillege, do I need to add both the script and the command in it to /etc/sudoers, or just the script? – Tim Apr 01 '18 at 15:03
  • Just the script. Once you launch the script with elevated privs, commands called from it have the same privs. – glenn jackman Apr 01 '18 at 15:25
  • But, how often do you need to run this command? Once at startup or every login shell? – glenn jackman Apr 01 '18 at 15:25
  • I would like to run a script (which scales down cpu frequencey) once at start up, but adding it to /etc/rc.local doesn't work (the script doesn't do its job or its work is undone, when booting Ubuntu,). Moreoever, the work done by the script running in an interactive nonlogin shell is undone whenever I suspend and wake up Ubuntu. Specifically, the script contains echo 1600000 > /sys/devices/system/cpu/cpu0/cpufreq/scaling_setspeed. See https://unix.stackexchange.com/questions/419910/ and https://unix.stackexchange.com/q/434740/674 – Tim Apr 01 '18 at 15:43
  • That is a very specific question, unlike the general one which you replied here. It is always nice to know the general case. – Tim Apr 01 '18 at 15:44
  • rc.local is obsolete since 1983 according to documentation. I just found this funny – br4nnigan Aug 22 '23 at 14:07