0

I’m using Amazon Linux. If I login as my “otheruser” user, and create a script, test.sh, with this text

sleep 5 ; sudo reboot now

I can login and run the script like so …

[davea@mydevbox ~]$ sudo su - otheruser
[sudo] password for davea: 
Last login: Wed Apr 20 21:18:48 UTC 2016 on pts/0
[otheruser@mydevbox ~]$ sh test.sh 
[otheruser@mydevbox ~]$ 
Broadcast message from davea@mydevbox.springboardonline.org
    (/dev/pts/0) at 21:19 ...

The system is going down for reboot NOW!

However if I change the contents of the script to be

sudo service jboss restart

and then I run the script, I’m prompted for a password …

[davea@mydevbox ~]$ sudo su - otheruser
[sudo] password for davea: 
Last login: Wed Apr 20 21:09:03 UTC 2016 on pts/0
[otheruser@mydevbox ~]$ sh test.sh 
[sudo] password for otheruser:

I would like the second sequence to be like the first in that I’m not prompted for a password the second time. How can I do this?

Jeff Schaller
  • 67,283
  • 35
  • 116
  • 255
Dave
  • 2,548
  • 2
    do you control the sudoers file? It sounds like you have a rule that says "don't prompt for a passwd (NOPASSWD) for 'reboot now'", and the fix would be to do the same for 'service jboss restart' – Jeff Schaller Apr 21 '16 at 13:17
  • Ah indeed that was hte very issue. Great work spotting that with the little information I gave. – Dave Apr 21 '16 at 13:39
  • Glad it was an easy fix, and welcome to the U&L site! I'll be voting to close this Q as it's very similar to others we have on the site. – Jeff Schaller Apr 21 '16 at 13:42

1 Answers1

0

Another approach is to configure PolicyKit to allow members of a particular group to reboot; that is, being authorised directly thus avoiding the whole question of satisying authentication to gain the superuser's authorisation.

Create a file /etc/polkit-1/localauthority/50-local.d/50-local.pkla and add a clause like:

[Allow reboot by booters group]
Identity=unix-group:booters
Action=Action=org.freedesktop.consolekit.system.restart-multiple-users
ResultAny=yes

Then run the job from a user with membership of that group.

vk5tu
  • 1,447
  • 15
  • 12