How can I execute any command as a normal user without sudo?

Question

Is it possible to assign the setuid bit to sudo in order to execute any command as a normal user?

Let's suppose that we have the user test and then:

test@test$ apt-get update

But I don't want to use sudo nor modify the sudoers file, is this possible using only the setuid bit?

Possible duplicate of https://unix.stackexchange.com/questions/18830/how-to-run-a-specific-program-as-root-without-a-password-prompt — Michael Freidgeim, Dec 20 '22 at 19:22

score 18 · Answer 1 · edited Jun 24 '23 at 03:58

18

If your account has sudo rights, then there's no need to mess with the suid bit. The following assumes Bash as your interactive shell, so you may have to modify steps 2&3 depending on what you use.

Add these to the end of /etc/sudoers

USERNAME HOST_NAME = (root) NOPASSWD: /usr/bin/apt-get
USERNAME HOST_NAME = (root) NOPASSWD: /usr/bin/shutdown

Add these to your ~/.bashrc

alias shutdown='sudo shutdown'
alias apt-get='sudo apt-get'

Reload the startup config for the current session.
```
$ source ~/.bashrc
```
Now you can run the commands as a normal user without being prompted for a root/sudo password (and therefore, eliminate the need to know the password altogether).
```
$ apt-get update
$ apt-get upgrade
$ shutdown -h now
```

edited Jun 24 '23 at 03:58

Pablo A

2,712

answered May 04 '20 at 19:44

1

IMHO this should be the accepted answer... – ScumCoder Jul 03 '21 at 15:13
1

@roaima Thanks for the correction. Edited my answer to reflect that. – May 19 '22 at 13:08
1

Instead of changing /etc/sudoers, I would put the additional lines in /etc/sudoers.d/local. Keeps the original file clean and doesn't break on updates. – doneal24 May 19 '22 at 14:28

Archemar · Answer 2 · 2021-02-18T14:17:20.860

16

Short answer: You can't execute arbitrary admin commands without either

a sudo, or
being root.

Long answer: You must either have NOPASSWD in /etc/sudoers, or log as root. See https://askubuntu.com/questions/147241/execute-sudo-without-password.

visudo

then add a line

username ALL=(ALL) NOPASSWD: ALL

As requested, if you want to run, as root, a specific binary file, you might use

chown root:wheel /usr/binary
chmod u+s /usr/binary

however, if program you want to run as root without sudo is a shell (or a python, awk, perl), you can't.

beware of pitfall, on my main ubuntu /usr/bin/shutdown is a link to /sbin/systemctl.

I would need to copy the later to the former before applying chmod/chown above.

edited Feb 18 '21 at 14:17

answered Apr 14 '16 at 14:37

Archemar

31,554

For security, you can also set the NOPASSWD argument for specific commands as user ALL=NOPASSWD: /sbin/poweroff, /sbin/reboot – Peschke Apr 15 '16 at 00:39
2

@Peschke but you still need to use sudo poweroff, sudo reboot. The OP wanted to get rid of the sudo part. – telcoM Sep 23 '19 at 21:58
@telcoM yep, the answer above covered that. My comment was just expanding the answer. – Peschke Sep 23 '19 at 22:10
@Peschke I see, my mistake, sorry about the noise then. – telcoM Sep 24 '19 at 07:05
Does this remove the need for sudo for any command? Otherwise, how to achieve the same, but for one specific command (or an arbitrary set of them)? – sancho.s ReinstateMonicaCellio Feb 18 '21 at 11:14
I don´t understand, from your answer (and even your last comment), how would you remove the need for sudo just for one command, say, pm-hibernate. Would you mind adding a specific example? Note: In my previous comment, "Otherwise, ..." should actually read "If so, ..." – sancho.s ReinstateMonicaCellio Feb 18 '21 at 13:43

How can I execute any command as a normal user without sudo?

2 Answers2

Linked