execute shell script without entering password

I want to execute a script that requires root privileges without entering a password. There are similar questions/answers but non seems to work for me.

I placed my script in /home/kf/bin (I added the bin dir myself) and included this directory in my path so I can run it from everywhere.

The script: trim.sh:

#! /bin/sh
sudo fstrim -v /

I changed the ownership of the script to root:

 sudo chown root:root /home/kf/bin/trim.sh

and made it executable

sudo chmod 700 /home/kf/bin/trim.sh

next I added a line to my sudoers file with visudo:

kf   ALL=(ALL) NOPASSWD: /home/kf/bin/trim.sh

When I login again and execute the script with trim I still need to enter my password. I know I can make a cron for this but I also want to be able to execute the script manually without entering my password. Any help appreciated.

edit:

My sudoers file looks like this:

Defaults        env_reset
Defaults        mail_badpass
Defaults        secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin: /usr/bin:/sbin:/bin"

root    ALL=(ALL:ALL) ALL
kf   ALL=(ALL) NOPASSWD: /home/kf/bin/trim.sh

%admin ALL=(ALL) ALL
%sudo   ALL=(ALL:ALL) ALL

well, that is not true because the file is owned by root so you can't edit it unless you know the password... that's why I changed the ownership to root.

@kasperTaeymans That won't help. anyone can simply remove the script and replace with another one.

@kasperTaeymans True, didn't see that in the question. But, anyway: only use root privileges when they are needed. They are only needed for the fstrim command.

I quite agree with the fact that the script should be in a "save" location, but then the /etc/crontab is also ok. Edit: Ah, I see your point now :)

@kasperTaeymans What Jacob Vlijm said is extremely correct: every file (even if owned by root) can be removed from the owner of the folder which contains it. You should move your script elsewhere

yes, it can be removed but it can't be edited or replaced with the same privileges so it's save right? the reason why I want the script in my home folder (=different HDD) is because I want to keep it when I need to reinstall my root partition (is on different SDD).

please see the first answer of the following question: askubuntu.com/questions/155791/…

@kasperTaeymans I understand the discussion, but what is the problem when you are the owner of the script and you use the sudoers line as in my answer? You have no problems with permissions, separate patitions and changes in the script.

@kasperTaeymans of course it is up to you, but the permissions do not matter so much: if you run it with sudo, a replacement script from the user can still do anything. It is not safe.

Ok, I accepted the answer. This works for binaries in the root partition. So there is no save way to have binaries/scripts with root privileges which resides in /home?

@kasperTaeymans Consider the following: You have an entry in the sudoers file pointing to a script/binary a home dir. The person who the home belongs to then could replace the script/binary with a shell (lets say a bash binary). According to the sudoers file he could then execute the bash binary with root privileges, and therefore can do everything on the system. Since the owner of the folder can change permissions on files inside that directory he can also replace that by a bash binary.

@chaos: yes I understand that. I was trying this because I want my custom scripts/binaries stored in my home folder (mounted from an other drive) in case I need to reinstall the root partition. This way I don't loose all my scripts when something goes wrong with root. I guess I better mount /usr/bin from a separate drive and store my scripts with root privileges there.