What is the syntax for using NOPASSWD and sudoedit at the same time in /etc/sudoers? I tried this:
john ALL=(ALL) NOPASSWD: sudoedit /path/to/file
but I still get prompted for a password.
Asked
Active
Viewed 1.2k times
3
-
If you have both NOPASSWD and non-NOPASSWD rules that apply, make sure they're in the right order. See How to run a specific program as root without a password prompt? – Gilles 'SO- stop being evil' Oct 25 '13 at 15:54
1 Answers
4
sudoers file
You should be able to do any of these.
Such as this:
john ALL=(ALL) NOPASSWD: sudoeditor this:
john ALL=(ALL) NOPASSWD: sudoedit /path/to/fileLastly you could do it like this too:
Cmnd_Alias SOMECMD = sudoedit /path/to/file john ALL=(ALL) NOPASSWD: SOMECMD
Once you have one of these definitions in place you invoke it like so:
sudoedit /path/to/file
Details
You don't need to invoke it with a sudo command prefix like this:
sudo sudoedit /pat/to/file
It takes care of the sudo automatically. It's equivalent to sudo -e /pat/to/file which will invoke an editor with elevated privileges.
excerpt from the sudo/sudoedit man page
-e The -e (edit) option indicates that, instead of running a command,
the user wishes to edit one or more files. In lieu of a command, the
string "sudoedit" is used when consulting the sudoers file. If the
user is authorized by sudoers the following steps are taken:
1. Temporary copies are made of the files to be edited with the
owner set to the invoking user.
2. The editor specified by the SUDO_EDITOR, VISUAL or EDITOR
environment variables is run to edit the temporary files.
If none of SUDO_EDITOR, VISUAL or EDITOR are set, the first
program listed in the editor sudoers variable is used.
3. If they have been modified, the temporary files are copied
back to their original location and the temporary versions
are removed.
You can override the editor by setting one of the environment variables mentioned above with the name of an editor to use such as vim or gedit, for example.
slm
- 369,824
-
1From the manpage: The built-in command “sudoedit” is used to permit a user to run sudo with the -e option (or as sudoedit). It may take com‐ mand line arguments just as a normal command does. Note that “sudoedit” is a command built into sudo itself and must be specified in sudoers without a leading path. ... so I'd guess not, but I haven't tried it. – derobert Oct 25 '13 at 15:30
-
@derobert - thanks, I hadn't tried it either, so it was a suggested course to try, no guarantees. – slm Oct 25 '13 at 15:36
-
@slm: First suggestion doesn't work, and the second gives syntax error. :( – Pavel Tankov Oct 25 '13 at 15:53
-
-
Actually, I was wrong. Appears I didn't know things work in general. So, first, the following works:
`john ALL=(ALL) NOPASSWD: sudoedit /path/to/file`so you can change it back in your response. Sorry about that. What I thought was that sudoedit lets you use any editor of your preference, hence I made my tests with vi and it didn't work. What I tried was:
`vi /path/to/file`and also:
`echo foobar >> /path/to/file`and they didn't work, whereas I should have tried:
`sudoedit /path/to/file`which works.
– Pavel Tankov Oct 25 '13 at 20:54