0
sudo -u user1 command ...

How can I make sudo ask the password of user1 instead of the password of the current user?


Background: I want to use this in a Git Hook that is executed by the user git, something like

echo "PasswordOfWww" | sudo -Su www bash -c "cd site; git pull; ./deploy.sh"

I've tried using su www -c "command ..." but it tells me

remote: su: must be run from a terminal

when I push to the repository.

Niklas R
  • 103
  • 1
    Possible duplicate of https://unix.stackexchange.com/questions/7747/is-it-possible-to-su-without-being-prompted-for-a-password "Is it possible to su without being prompted for a password?", where a solution using expect is offered. – steve Apr 24 '17 at 20:42
  • If you want the password of the user being switched to rather than the one being switched from, use su. – DopeGhoti Apr 24 '17 at 21:17

1 Answers1

2

You don't really want to store any user's password unencrypted in the filesystem if you can avoid it. It depends a little how much you're relying on the portability of the code you have in git vs. what you can store on the local filesystem. I'd recommend using sudo with NOPASSWD with as restricted of a command as you can. You'd make a /etc/sudoers entry something like:

git ALL=(www) NOPASSWD: /usr/local/sbin/deploySite

Where deploySite has various checks in it to make sure the user is going into the correct directory and the deploy.sh script doesn't have anything sketchy in it.

If you trust user git to use user www's account responsibly, you can use NOPASSWD:ALL. But you're basically allowing whomever has access to upload to git access to run any command they want as user www.

But to answer the original question

You can have sudo ask for the target user's password rather than the calling user. You'd put a sudoers entry like:

Defaults:git targetpw

Then user git will have to type the password of user www when he runs sudo -u www ....

  • My Git server is not currently used by multiple users, but if it were, I would not want anyone else but myself be able to execute the command from the repository and Git Hook that I specify. Thus, the only way I can think of is putting the password plain text into the Git hook. I see that both, your answer and my approach with going for a password in plain text, have their advantages and disadvantages. – Niklas R Apr 24 '17 at 21:02
  • Ok, technically, the Git hook could start an arbitrary program and upload all other, even private repositories, to another server, so, I guess it's not a very protective environment anyway. – Niklas R Apr 24 '17 at 21:03
  • One of the things I'm saying is I think it's always better to use NOPASSWD than to store the password. If you use NOPASSWD, then the sudo -u www command won't ask for a password if it's an allowed command. If you try to pass the password to sudo (which you generally can't), then you have the password file lying around your filesystem, any backups, the process table when the command runs, and anyone who got it could use it to log into the machine remotely. To set NOPASSWD just means anyone already logged in as git could run one or a list of commands as www. – Eric Hattemer Apr 25 '17 at 23:39