Add a sudoer non-interactively from command line
Solution 1
You could use cat
to append text to the end of /etc/sudoers
. First, make a backup copy of your /etc/sudoers
file. Then:
cat >> /etc/sudoers
...type one or more lines here...
[control-D]
Make absolutely sure to use two greater-than characters (>>
) and not just one, or else you will overwrite the entire contents of your file.
Solution 2
I had a similar issue trying to get my docker container to allow jenkins scripts to use sudo commands without prompting for a password.
This was solved via the Dockerfile:
RUN echo "jenkins ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
Solution 3
To be able to do that, you should make sure you have the following line in your sudoers
file:
%sudo ALL=(ALL:ALL) ALL
You can customize the above line to change the permissions just as though %sudo
was a user.
That line will allow any users in the sudo
group to use sudo
.
Now to allow <username>
to use sudo
, you can just do usermod -a -G sudo <username>
as root, which adds <username>
to the sudo
group.
Solution 4
Here's how I setup a non-root user with the base image of ubuntu:18.04
:
RUN \
groupadd -g 999 foo && useradd -u 999 -g foo -G sudo -m -s /bin/bash foo && \
sed -i /etc/sudoers -re 's/^%sudo.*/%sudo ALL=(ALL:ALL) NOPASSWD: ALL/g' && \
sed -i /etc/sudoers -re 's/^root.*/root ALL=(ALL:ALL) NOPASSWD: ALL/g' && \
sed -i /etc/sudoers -re 's/^#includedir.*/## **Removed the include directive** ##"/g' && \
echo "foo ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers && \
echo "Customized the sudoers file for passwordless access to the foo user!" && \
echo "foo user:"; su - foo -c id
What happens with the above code:
- The user and group
foo
is created. - The user
foo
is added to the both thefoo
andsudo
group. - The
uid
andgid
is set to the value of999
. - The home directory is set to
/home/foo
. - The shell is set to
/bin/bash
. - The
sed
command does inline updates to the/etc/sudoers
file to allowfoo
androot
users passwordless access to thesudo
group. - The
sed
command disables the#includedir
directive that would allow any files in subdirectories to override these inline updates.
Solution 5
A common arrangement for appending to files which require privileged access is to use tee
. Its primary purpose, of course, is to write to two places, but you can discard one of them and use the side effect that sudo tee -a
gives you privileged append.
So, something like
printf 'you ALL=(ALL:ALL) ALL\n' | sudo tee -a /etc/sudoers >/dev/null
I will concur with the comments to add the user to the sudoers
group instead to solve this particular problem.
Related videos on Youtube
Roy Truelove
Updated on September 18, 2022Comments
-
Roy Truelove over 1 year
(On Centos through Docker)
I know that I can add a sudoer using
visudo
. Is there a way to add a user to the sudoer list straight from the command line, so I don't have to do it interactively?I'm asking because I'm trying to provision my Docker centos container which doesn't play with interactivity.
-
Alexander Mills over 7 yearshow is this "non-interactively"? and why is this answer accepted?
-
mhucka over 7 yearsThe OP asked for a way to do it from the command line, without using an editor such as
visudo
. I believe they meant "interactive" in the sense of using an editor; thus, this is "non-interactive" because this approach does not require an editor. (Obviously, a person will still have to type the user names somehow, so there is no getting around that part.) As for why it was accepted, well, I guess it must have addressed the OP's question well enough that they were satisfied. -
Alexander Mills over 7 yearsok, to me interactive means anything requiring live user-input. Editor or command line. Semantics I guess. thanks.
-
mhucka over 7 yearsWhat you say makes sense too – the expression is ambiguous enough that people usually need to say something more to clarify their intentions. I took a guess, but could easily have been wrong. In practical terms, what I wrote above could be written into a script file (e.g., an sh script); what TemporalWolf wrote is what goes into a script file. And honestly, considering that the OP's question was specifically about Docker, I think TemporalWolf's answer might actually be a better one.
-
Dessa Simpson about 6 years@AlexanderMills You're right that this is interactive, but it can easily be tweaked to become non-interactive.