this post was submitted on 06 Jun 2024
4 points (66.7% liked)

linux4noobs

1331 readers
1 users here now

linux4noobs

Noob Friendly, Expert Enabling

Whether you're a seasoned pro or the noobiest of noobs, you've found the right place for Linux support and information. With a dedication to supporting free and open source software, this community aims to ensure Linux fits your needs and works for you. From troubleshooting to tutorials, practical tips, news and more, all aspects of Linux are warmly welcomed. Join a community of like-minded enthusiasts and professionals driving Linux's ongoing evolution.

Seeking Support?

Community Rules

founded 1 year ago
MODERATORS
PlutoParty@programming.dev
4
Make sudo command not need sudo? (sh.itjust.works)
submitted 4 months ago by Ponziani@sh.itjust.works to c/linux4noobs@programming.dev
12 comments fedilink hide all child comments
 

I would like to set a specific command to not require sudo privileges, is there a way to accomplish this? I know you can add commands to the sudoer file to allow certain commands to be used by non root accounts, so maybe there is something similar for adding commands to allow regular users to use?

you are viewing a single comment's thread
view the rest of the comments
[–] tal@lemmy.today 2 points 4 months ago* (last edited 4 months ago) (1 children)

So, you mean that you want specific users who don't have "sudo" in their list of supplemental groups in /etc/group to also be able to invoke specific commands with sudo, but not arbitrary ones? Sure, you can do that.

The line in /etc/sudoers in Debian that lets members of group "sudo" run arbitrary commands with "sudo" is this:

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

But you can have individual users in there too. Here's an example of setting a specific user to being able to run the whoami command and apt command as root, without requiring a password to do so:

https://www.baeldung.com/linux/sudo-privileges-user

baeldung ALL=(ALL) NOPASSWD: /usr/bin/apt, /usr/bin/whoami

If you're gonna modify /etc/sudoers, though, use visudo to do so:

$ sudo visudo
[–] Ponziani@sh.itjust.works 1 points 4 months ago (1 children)

Well my other comement saying this is exactly what i need did not get posted as a reply to your comment, my mistake. I followed rhe example for "/usr/bin/wg/" intending to be able to use

wg show

but it still requires sudo. I tried rebooting and nothing changed, any ideas? I did

type -a wg

to get the command location for the sudoer file.

[–] tal@lemmy.today 2 points 4 months ago (1 children)

Well my other comement saying this is exactly what i need did not get posted as a reply to your comment, my mistake.

What the line I listed will do will let a specific user have permission to use sudo without a password to run wg as root without a password. So they (and not other users) can type:

$ sudo wg

And the command will run as the root user, without them being prompted to enter a password.

It doesn't mean that when that user runs:

$ wg

In their shell, what will actually run is:

$ sudo wg

If you also want to avoid typing the extra characters, you can set up an alias in your shell.

I don't know what shell you're using, but most Linux systems use bash as a default:

 $ ps
    PID TTY          TIME CMD
1413558 pts/3    00:00:00 bash
1413640 pts/3    00:00:00 ps
$

If you're using bash, you can tell your current bash shell invocation to do that with the alias command:

$ wg
Unable to access interface wg0: Operation not permitted
$ alias wg='sudo wg'
$ wg
interface: wg0...

If you want that command run in every bash shell you invoke, you can do so by editing ~/.bashrc and adding the line:

alias wg='sudo wg'
[–] Ponziani@sh.itjust.works 2 points 4 months ago

Awesome now I understand what you and the other commenter were talking about with aliasing. Well this works perfect without the alias, many thanks