1

I'm in the process of fixing a script which fails because it invokes sudo in an environment without a pty which has a sudoers file defining Default requiretty.

The script is executed by root and uses sudo to call binaries which depend on being executed by specific users, so my solution was to replace those sudo by su.

Now I want to test my modifications, but I have a hard time reproducing the environment where sudo failed :

  • I can access the machine through another user, then log as root with sudo su -. I don't know root's password.

  • I know how to access the machine without a pty with ssh -T, but then I can't log as root anymore because sudo fails.

How could I get a root shell without pty ?

Aaron
  • 281
  • Just for testing, can you edit your sudoers file so that one of your users can run sudo su without entering a password, using the NOPASSWD directive? If you do this and then ssh -T, you may be able to use sudo su to become root without getting a PTY. – Jeremy Dover Jun 15 '17 at 11:59
  • 1
    It is possible to make exceptions from default requiretty, if you are allowed to do so. https://unix.stackexchange.com/questions/79960/how-to-disable-requiretty-for-a-single-command-in-sudoers – VPfB Jun 15 '17 at 12:09
  • I would have preferred avoiding to edit any configuration on the machine but I guess removing the requiretty constraint on sudo su - or making it NOPASSWD should do the trick. I will try this out. – Aaron Jun 15 '17 at 12:12
  • 1
    Are you on a Redhat system? They used to ship sudoers with default requiretty, but recently changed that: https://bugzilla.redhat.com/show_bug.cgi?id=1196451. Maybe that helps you in deciding. – VPfB Jun 15 '17 at 12:24
  • Yes, that's a RHEL 6.6. The problem is that the script is executed on a wide array of machines including a good amount of such installs, and I can't expect every machine to change its sudoers conf. Thanks for the bug report anyway, in particular because it points out that NOPASSWD won't work – Aaron Jun 15 '17 at 12:27
  • 1
    Related: Why do I need a tty to run sudo if I can sudo without a password? – Stéphane Chazelas Jun 15 '17 at 14:30

1 Answers1

2

First thing I'd try is to execute your script with at or cron.

Example:

at now <<< "sudo echo 'This will fail if sudoers requiretty' 2>/tmp/stderr >/tmp/stdout"
dirkt
  • 32,309