Adding users to sudoers through shell script
You could simply echo
(with elevated privileges, of course) directly to the /etc/sudoers
file:
sudo -i
echo 'nickw444 ALL=(ALL:ALL) ALL' >> /etc/sudoers
# ^^
# tab
(note the tab character between the username and the first ALL
)
Or, for a script:
#!/bin/bash
# Run me with superuser privileges
echo 'nickw444 ALL=(ALL:ALL) ALL' >> /etc/sudoers
Then save to somefile.sh
, chmod a+rx
it, and run sudo ./somefile.sh
from a terminal window.
To add multiple users, change the script to this;
#!/bin/bash
while [[ -n $1 ]]; do
echo "$1 ALL=(ALL:ALL) ALL" >> /etc/sudoers;
shift # shift all parameters;
done
Then, run the script like this (assuming you saved it as addsudousers.sh
):
sudo ./addsudousers.sh bob joe jeff
that is, space-separated.
To read the names from a file:
nickw444@laptop ~ $ sudo ./addsudousers.sh `cat listofusers.txt`
listofusers.txt
should also be space-separated.
Edit: Jappie Kirk rightly points out that you can't directly call sudo echo ... >> /etc/sudoers
because the >>
redirection is handled by the shell, which has by that point dropped the superuser privileges. However, if you run a script that contains echo ... >> /etc/sudoers
and the script itself has superuser privileges, everything should work just fine.
Create sudo users from script?
visudo
honors EDITOR env var which defines the editor program to use.
Thus, you can use sed
as editor, tell sed to read commands from STDIN (-f-
) and pass the changes to the whole visudo/sed pipline via STDIN.
Example:
echo '$ a # comment' | EDITOR="sed -f- -i" visudo
This will add '# comment' line to the end of sudoers file.
($ instructs sed to append the line to the end of file, 'a' is the command to append followed by the line).
In order to add a sudoer, you will need something like
echo '$ a kirk ALL=(spock) NOPASSWD: ALL' | EDITOR="sed -f- -i" visudo
Note that visudo also does syntax check so it will fail if the command produces broken sudoers file:
root@chi:~# echo '$ a broken directive' | EDITOR="sed -f- -i" visudo
>>> /etc/sudoers: syntax error near line 44 <<<
P.S. Tested with GNU sed 4.2.2. There may be problems with e.g. Busybox sed.
How to give Users SUDO Permission from Bash Script
The following extends the original code as follows:
It specifies a(n additional) group to add users to.
That group:
- can be an existing group that is assumed to already be
sudo
-enabled, such as thesudo
group on Ubuntu. - If it doesn't exist, it is created, and
sudo
-enabled via a dedicated file in directory/etc/sudoers.d/
named for the group - see the code andman sudoers
for details.
- can be an existing group that is assumed to already be
In the user-creation loop, each newly created user is added to that group with
usermod
:sudo usermod <user> -G <group>
- Note: You should also be able to do this as part of the
useradd
call.
- Note: You should also be able to do this as part of the
This should sudo
-enable all newly created users.
Note:
- Providing passwords via plain-text files is a security risk.
- For an explanation of the techniques used in the user-creation (
while
) loop, see this answer.
#!/usr/bin/env bash
# The sudo-enabled user group to add users to.
# Either choose a preexisting one, such as 'sudo' on Ubuntu, or
# specify a new group to create and sudo-enable on demand (see below).
sudoEnabledGroup='foosudo'
# Test if the group exists.
[[ -z $(awk -F: -v g=$sudoEnabledGroup '$1==g' /etc/group) ]] && groupExists=0 || groupExists=1
# If the group doesn't exist yet, create it on demand and sudo-enable it.
# Note: Deactive this `if` statement, if the group must already exist.
if (( ! groupExists )); then
printf "Creating group: %s...\n" $sudoEnabledGroup
# Create the group.
sudo groupadd $sudoEnabledGroup || exit
# Sudo-enable it, via a dedicated file in directory /etc/sudoers.d/, named for the group.
# CAUTION: The following enables the MOST PRIVILEGES POSSIBLE for the given
# group. See `man sudoers`, section "SUDOERS FILE FORMAT" for details.
customSudoerFile=/etc/sudoers.d/$sudoEnabledGroup
printf "... and sudo-enabling it via file $customSudoerFile.\n" $sudoEnabledGroup
sudo sh -c "echo '%$sudoEnabledGroup ALL=(ALL:ALL) ALL' >$customSudoerFile"
fi
# Loop over the user names and passwords from the input files.
usersFile="users.txt"
# CAVEAT: Providing passwords via plain-text file is a SECURITY RISK.
passwdFile="passwords.txt"
printf "Creating users from files '%s' and '%s' and assigning them to group '%s'...\n" "$usersFile" "$passwdFile" $sudoEnabledGroup
while read user passwd; do
printf " Creating user: %s...\n" $user
# Create the user.
sudo useradd -m -s /bin/bash $user || exit
# Add it to the the sudo-enabled group designated above.
sudo usermod $user -G $sudoEnabledGroup || exit
# Assign the password to the user.
# Password is passed via stdin, *twice* (for confirmation).
# This will print something like the following:
# "Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully"
# You can suppress with 2>/dev/null, but that would also mask true errors.
sudo passwd $user <<< "$passwd"$'\n'"$passwd" || exit
done < <(paste "$usersFile" "$passwdFile")
printf 'Done.\n'
Adding sudo permissions to sudoers for user via shell script
My solution is to have the script ask the user to enter his password and store the value in a variable to be used along with Expect. The script installs Expect if it's not installed and then the script does:
read -p "Please enter your password: " PASSWD
export PASSWD
username=$USER
export username
if [[ ! `sudo -l -U "$USER" 2>&1 | grep "ALL"` ]]; then
expect -c '
spawn "su -c \"cat <<EOF >> /etc/sudoers.d/$env(username)
$env(username) ALL=(ALL:ALL) ALL
$env(username) ALL=(ALL) NOPASSWD:ALL
EOF
\"
"
expect "Password:\r"
send $env(PASSWD)
interact
'
fi
Related Topics
Calculate Total Used Disk Space by Files Older Than 180 Days Using Find
How to Read a Sector Using a Bio Request in Linux Kernel
How to Debug Mex Code with Eclipse
Cannot Sudo Su Anymore, "No Tty Present and No Askpass Program Specified"
Compile Swift Script with Static Swift Core Library
Is a Core Dump Executable by Itself
How to Print Message to Stderr in Go
Poll(2) Doesn't Empty the Event Queue
Linux X86-64 Assembly and Printf
How to Compile Linux Kernel with Something Other Than Gcc
Linux: Create Random Directory/File Hierarchy
Using Environment Variables in Curl Command - Unix
Switch from 32Bit Mode to 64 Bit (Long Mode) on 64Bit Linux
Rtnetlink Answers :No Such File or Directory Error