Create sudo users from script?
visudo
honors EDITOR env var which defines the editor program to use.
Thus, you can use sed
as editor, tell sed to read commands from STDIN (-f-
) and pass the changes to the whole visudo/sed pipline via STDIN.
Example:
echo '$ a # comment' | EDITOR="sed -f- -i" visudo
This will add '# comment' line to the end of sudoers file.
($ instructs sed to append the line to the end of file, 'a' is the command to append followed by the line).
In order to add a sudoer, you will need something like
echo '$ a kirk ALL=(spock) NOPASSWD: ALL' | EDITOR="sed -f- -i" visudo
Note that visudo also does syntax check so it will fail if the command produces broken sudoers file:
root@chi:~# echo '$ a broken directive' | EDITOR="sed -f- -i" visudo
>>> /etc/sudoers: syntax error near line 44 <<<
P.S. Tested with GNU sed 4.2.2. There may be problems with e.g. Busybox sed.
Adding users to sudoers through shell script
You could simply echo
(with elevated privileges, of course) directly to the /etc/sudoers
file:
sudo -i
echo 'nickw444 ALL=(ALL:ALL) ALL' >> /etc/sudoers
# ^^
# tab
(note the tab character between the username and the first ALL
)
Or, for a script:
#!/bin/bash
# Run me with superuser privileges
echo 'nickw444 ALL=(ALL:ALL) ALL' >> /etc/sudoers
Then save to somefile.sh
, chmod a+rx
it, and run sudo ./somefile.sh
from a terminal window.
To add multiple users, change the script to this;
#!/bin/bash
while [[ -n $1 ]]; do
echo "$1 ALL=(ALL:ALL) ALL" >> /etc/sudoers;
shift # shift all parameters;
done
Then, run the script like this (assuming you saved it as addsudousers.sh
):
sudo ./addsudousers.sh bob joe jeff
that is, space-separated.
To read the names from a file:
nickw444@laptop ~ $ sudo ./addsudousers.sh `cat listofusers.txt`
listofusers.txt
should also be space-separated.
Edit: Jappie Kirk rightly points out that you can't directly call sudo echo ... >> /etc/sudoers
because the >>
redirection is handled by the shell, which has by that point dropped the superuser privileges. However, if you run a script that contains echo ... >> /etc/sudoers
and the script itself has superuser privileges, everything should work just fine.
Regex pattern to edit /etc/sudoers file
You shouldn't edit the /etc/sudoers
file with any sort of script. There's a reason for the visudo
command. Edits to the sudoers
file should be rare and well-controlled.
That being said, if your editor for the visudo
command is vi, you can run something like :%s/^# %wheel/%wheel/
to uncomment all of the lines what start with %wheel
.
Or, if you reeeeeeally think it's necessary:
sudo sed --in-place 's/^#\s*\(%wheel\s\+ALL=(ALL)\s\+NOPASSWD:\s\+ALL\)/\1/' /etc/sudoers
Run it without the --in-place
first to check the output. Use it at your own risk.
Modify /etc/sudoers with sed
try this;
sed '/Defaults.\s\s.requiretty/a Defaults:user !requiretty' /etc/sudoers
How to append a line at the end of /etc/sudoers file using shell script (without using pssh tool)
cat >> /etc/sudoers << EOF
nagios ALL = NOPASSWD: /bin/su - root -c /etc/init.d/crond status
nagios ALL = NOPASSWD: /bin/su - hadoop -c hadoop dfsadmin -safemode get
nagios ALL = NOPASSWD: /bin/su - hadoop -c klist
EOF
Adding sudo permissions to sudoers for user via shell script
My solution is to have the script ask the user to enter his password and store the value in a variable to be used along with Expect. The script installs Expect if it's not installed and then the script does:
read -p "Please enter your password: " PASSWD
export PASSWD
username=$USER
export username
if [[ ! `sudo -l -U "$USER" 2>&1 | grep "ALL"` ]]; then
expect -c '
spawn "su -c \"cat <<EOF >> /etc/sudoers.d/$env(username)
$env(username) ALL=(ALL:ALL) ALL
$env(username) ALL=(ALL) NOPASSWD:ALL
EOF
\"
"
expect "Password:\r"
send $env(PASSWD)
interact
'
fi
Related Topics
How to Copy the Output of a Command Directly into My Clipboard
How to Get Child Process from Parent Process
How to Determine If a Detached Pthread Is Alive
Linux Removing Folders Older Than 1 Year and More Than 3 Files
Multiple Websites on Nginx & Sites-Available
How to Change the Filename of a Shared Library After Building a Program That Depends on It
Using Ls to List Directories and Their Total Sizes
Sending a Mail from a Linux Shell Script
How to Sort a File, Based on Its Numerical Values for a Field
How Does Pthread Implemented in Linux Kernel 3.2
Need a Good Hex Editor for Linux
How to Monitor a Complete Directory Tree for Changes in Linux
Grep Inside All Files Created Within Date Range
Bash Command Substitution on Remote Host
Linux Shell Script to Add Leading Zeros to File Names
What Are the Rules for Valid Identifiers (E.G. Functions, Vars, etc) in Bash