sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper

command-line scripts sudo

21,073

As @danzel mentions in a comment to this answer, make sure the script is not writable by www-data or else a bug allowing users to modify somehow means you are giving full access on the OS to anyone who has access to the webpage.

When you open a PHP page in your browser, that script will not run with your user. But instead, it's using the www-data user.

You need to add the www-data to the sudoers files to make the sudo command work without a password, not your user.

However, this is very dangerous as you are giving sudo access to your web server, and especially if this is an environment that can be accessed by anyone. If there's another way to execute the script without sudo, that should be your solution.

If not, give access only to that specific script, and not ALL commands!

www-data ALL=NOPASSWD: /path/to/your/script

The following is probably even worse practice than the previous to set up for a web server user, but I will leave it for your judgement as it's part of the question. When you run sudo -S ..., the command will be expecting the input from stdin without the need for a prompt in the terminal. So the command would need to look like one of:

echo $PASSOWRD | sudo -S /path/to/command
sudo -S /path/to/command < password.secret

21,073

Author by

mfx28

Gimme answers ^^ yikes

Updated on September 18, 2022

Comments

mfx28 over 1 year
I'm currently getting this error in browser. I wan't to execute a script through php, but somehow I'm getting this by printing with echo shell_exec (...) 2>&1:
```
sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper
```
I already added -S and got this one:
```
[sudo] password for www-data: sudo: no password was provided
```
I've already added myself into sudoers and still got no solution.
- Dan almost 4 years
  
  You're missing some information, but I assume you are using the browser to open a PHP page (with apache?) that runs a shell command, and that shell command requires sudo?
- mfx28 almost 4 years
  
  @Dan yes, I'm using a PHP page with apache, and yup, it requires sudo otherwise It get the "permission denied" error
- danzel almost 4 years
  
  Please edit your question and explain what you actually want to achieve. What you describe sounds like a terrible idea...
danzel almost 4 years

It would be worth mentioning that the script that will be executed as root must not be writable by www-data because that would result in www-data being able to do everything as root. Apart from that, I suggest adding a huge warning at the top of the answer.
mfx28 almost 4 years

It actually worked for what I'm trying to do. Thanks a lot
Levente about 3 years

Apache seems to have a module called suexec, how is that related to all this? packages.ubuntu.com/…
Dan about 3 years

@Levente I don't have experience with that module, to be honest. You can check its documentation here: httpd.apache.org/docs/2.4/suexec.html. However, it seems to be a "risky" module to have enabled if you aren't sure how to use it and/or configure it (Not that this answer's method lacks any of the risks by itself).