sorry, you must have a tty to run sudo

linux java sudo sudoers

18,319

Solution 1

I don't know how to run shell commands in Java but have a look at -t option for ssh command

-t force pseudo-tty allocation.

That is what I do when I need to run command as root over ssh(direct root login disable and tty required by sudo)

Solution 2

My Question is, is it possible to execute my above command in java without making any changes anywhere i.e. by having default settings?

sudo -u -S pwd

The short answer is no, you will need to change settings to get sudo to do things differently than it currently does.

sudo may be the wrong tool for this. Sudo's rules are there to help system administrators configure a way to gain elevate privileges that is difficult to abuse to get additional/unintended privileges.

If you consider what sudo does for you:

prompts for password to verify identity
elevate privileges
then optionally get privileges as another user
logs sudo use to gain access or run commands

If you want your java to run arbitrary commands as arbitrary users without providing password for either those users or your own you are essentially replacing sudo. In that case you should create your own rules for how to prevent abuse.

There are basically two ways to do this:

run your java with elevated privileges and carefully take and give back privileges you need (see setuid() seteuid() C function calls).
run an external program to grab elevated privileges when you want them

In the case of #1 your java program is performing itself what sudo does, and you should implement your own set of rules to protect from abuse.

There are programs other than sudo to do #2. One example can be found in https://code.google.com/archive/p/exec-wrapper/downloads

This handy shell script creates a C program to run another command (usually a script). Then you compile the C program to a binary and mark that setuid root or really it could be setuid to any user. (mode :4555 and owner: root)

As long as you are on a filesystem that allows it, running the binary program will run the configured command as the userid that owns the binary program itself.

18,319

AlwaysALearner

Updated on September 18, 2022

Comments

AlwaysALearner over 1 year
I had already asked this question in Stack Overflow, but I've been asked to post it here. So doing the same.

I ran this command using my java program-
```
sudo -u <username> -S pwd
```
I got this output-
```
command=sudo -u <username> -S pwd
exitCode=1
sudo: sorry, you must have a tty to run sudo
```
I tried editing /etc/sudoers but it already contains
```
<username>       ALL=(ALL)       NOPASSWD: ALL
```
Then, I learned that this can be done by commenting out the following code in /etc/sudoers
```
# Defaults requiretty
```
Also, by default, when attempting to execute a command as another user using sudo, we have to provide our own password. But this can be changed by making the following change in /etc/sudoers-
```
Defaults targetpw
```
My Question is, is it possible to execute my above command in java without making any changes anywhere i.e. by having default settings?
- slhck over 10 years
  
  Is this why you were asking the rather contrived Alternative for sudo?
- mpy over 10 years
  
  Seems distro specific if requiretty is enabled by default. According to sudo's own documentation it is "off by default."