Add a sudoer non-interactively from command line

linux centos docker sudo sudoers
17,171

Solution 1

You could use cat to append text to the end of /etc/sudoers. First, make a backup copy of your /etc/sudoers file. Then:

cat >> /etc/sudoers
...type one or more lines here...
[control-D]

Make absolutely sure to use two greater-than characters (>>) and not just one, or else you will overwrite the entire contents of your file.

Solution 2

I had a similar issue trying to get my docker container to allow jenkins scripts to use sudo commands without prompting for a password.

This was solved via the Dockerfile:

RUN echo "jenkins ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers

Solution 3

To be able to do that, you should make sure you have the following line in your sudoers file:

%sudo   ALL=(ALL:ALL) ALL

You can customize the above line to change the permissions just as though %sudo was a user. That line will allow any users in the sudo group to use sudo.

Now to allow <username> to use sudo, you can just do usermod -a -G sudo <username> as root, which adds <username> to the sudo group.

Solution 4

Here's how I setup a non-root user with the base image of ubuntu:18.04:

RUN \
    groupadd -g 999 foo && useradd -u 999 -g foo -G sudo -m -s /bin/bash foo && \
    sed -i /etc/sudoers -re 's/^%sudo.*/%sudo ALL=(ALL:ALL) NOPASSWD: ALL/g' && \
    sed -i /etc/sudoers -re 's/^root.*/root ALL=(ALL:ALL) NOPASSWD: ALL/g' && \
    sed -i /etc/sudoers -re 's/^#includedir.*/## **Removed the include directive** ##"/g' && \
    echo "foo ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers && \
    echo "Customized the sudoers file for passwordless access to the foo user!" && \
    echo "foo user:";  su - foo -c id

What happens with the above code:

  • The user and group foo is created.
  • The user foo is added to the both the foo and sudo group.
  • The uid and gid is set to the value of 999.
  • The home directory is set to /home/foo.
  • The shell is set to /bin/bash.
  • The sed command does inline updates to the /etc/sudoers file to allow foo and root users passwordless access to the sudo group.
  • The sed command disables the #includedir directive that would allow any files in subdirectories to override these inline updates.

Solution 5

A common arrangement for appending to files which require privileged access is to use tee. Its primary purpose, of course, is to write to two places, but you can discard one of them and use the side effect that sudo tee -a gives you privileged append.

So, something like

printf 'you ALL=(ALL:ALL) ALL\n' | sudo tee -a /etc/sudoers >/dev/null

I will concur with the comments to add the user to the sudoers group instead to solve this particular problem.

Share:
17,171

Related videos on Youtube

Roy Truelove
Author by

Roy Truelove

Updated on September 18, 2022

Comments

  • Roy Truelove
    Roy Truelove over 1 year

    (On Centos through Docker)

    I know that I can add a sudoer using visudo. Is there a way to add a user to the sudoer list straight from the command line, so I don't have to do it interactively?

    I'm asking because I'm trying to provision my Docker centos container which doesn't play with interactivity.

  • Alexander Mills
    Alexander Mills over 7 years
    how is this "non-interactively"? and why is this answer accepted?
  • mhucka
    mhucka over 7 years
    The OP asked for a way to do it from the command line, without using an editor such as visudo. I believe they meant "interactive" in the sense of using an editor; thus, this is "non-interactive" because this approach does not require an editor. (Obviously, a person will still have to type the user names somehow, so there is no getting around that part.) As for why it was accepted, well, I guess it must have addressed the OP's question well enough that they were satisfied.
  • Alexander Mills
    Alexander Mills over 7 years
    ok, to me interactive means anything requiring live user-input. Editor or command line. Semantics I guess. thanks.
  • mhucka
    mhucka over 7 years
    What you say makes sense too – the expression is ambiguous enough that people usually need to say something more to clarify their intentions. I took a guess, but could easily have been wrong. In practical terms, what I wrote above could be written into a script file (e.g., an sh script); what TemporalWolf wrote is what goes into a script file. And honestly, considering that the OP's question was specifically about Docker, I think TemporalWolf's answer might actually be a better one.
  • Dessa Simpson
    Dessa Simpson about 6 years
    @AlexanderMills You're right that this is interactive, but it can easily be tweaked to become non-interactive.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Regex in Sudoers File?
how to make non root user as sudo user in docker alpine image?
How to install docker 1.9+ in CentOS 6.5?
How to avoid "root is not allowed to run sudo"?
"Wrapper" ssh script freezes when executing remote command
Whitelisting commands a user can use with sudo
Can someone explain what is `<user> ALL=(ALL) NOPASSWD:ALL` does in sudoers file?
`sudo adduser username admin` leads to `adduser: The group `admin' does not exist.`
symlink and sudo executable
'user is not in the sudoers file' but actually is