How to Edit /Etc/Sudoers from a Script

Create sudo users from script?

visudo honors EDITOR env var which defines the editor program to use.

Thus, you can use sed as editor, tell sed to read commands from STDIN (-f-) and pass the changes to the whole visudo/sed pipline via STDIN.
Example:

echo '$ a # comment' | EDITOR="sed -f- -i" visudo

This will add '# comment' line to the end of sudoers file.
($ instructs sed to append the line to the end of file, 'a' is the command to append followed by the line).

In order to add a sudoer, you will need something like

echo '$ a kirk ALL=(spock) NOPASSWD: ALL' | EDITOR="sed -f- -i" visudo

Note that visudo also does syntax check so it will fail if the command produces broken sudoers file:

root@chi:~# echo '$ a broken directive' | EDITOR="sed -f- -i" visudo
>>> /etc/sudoers: syntax error near line 44 <<<

P.S. Tested with GNU sed 4.2.2. There may be problems with e.g. Busybox sed.

Adding users to sudoers through shell script

You could simply echo (with elevated privileges, of course) directly to the /etc/sudoers file:

sudo -i
echo 'nickw444  ALL=(ALL:ALL) ALL' >> /etc/sudoers
#             ^^
#             tab

(note the tab character between the username and the first ALL)

Or, for a script:

#!/bin/bash
# Run me with superuser privileges
echo 'nickw444  ALL=(ALL:ALL) ALL' >> /etc/sudoers

Then save to somefile.sh, chmod a+rx it, and run sudo ./somefile.sh from a terminal window.

To add multiple users, change the script to this;

#!/bin/bash

while [[ -n $1 ]]; do
    echo "$1    ALL=(ALL:ALL) ALL" >> /etc/sudoers;
    shift # shift all parameters;
done

Then, run the script like this (assuming you saved it as addsudousers.sh):

sudo ./addsudousers.sh bob joe jeff

that is, space-separated.

To read the names from a file:

nickw444@laptop ~ $ sudo ./addsudousers.sh `cat listofusers.txt`

listofusers.txt should also be space-separated.

Edit: Jappie Kirk rightly points out that you can't directly call sudo echo ... >> /etc/sudoers because the >> redirection is handled by the shell, which has by that point dropped the superuser privileges. However, if you run a script that contains echo ... >> /etc/sudoers and the script itself has superuser privileges, everything should work just fine.

Regex pattern to edit /etc/sudoers file

You shouldn't edit the /etc/sudoers file with any sort of script. There's a reason for the visudo command. Edits to the sudoers file should be rare and well-controlled.

That being said, if your editor for the visudo command is vi, you can run something like :%s/^# %wheel/%wheel/ to uncomment all of the lines what start with %wheel.

Or, if you reeeeeeally think it's necessary:

sudo sed --in-place 's/^#\s*\(%wheel\s\+ALL=(ALL)\s\+NOPASSWD:\s\+ALL\)/\1/' /etc/sudoers

Run it without the --in-place first to check the output. Use it at your own risk.

Modify /etc/sudoers with sed

try this;

sed '/Defaults.\s\s.requiretty/a Defaults:user !requiretty' /etc/sudoers

How to append a line at the end of /etc/sudoers file using shell script (without using pssh tool)

cat >> /etc/sudoers << EOF
nagios ALL = NOPASSWD: /bin/su - root -c /etc/init.d/crond status
nagios ALL = NOPASSWD: /bin/su - hadoop -c hadoop dfsadmin -safemode get
nagios ALL = NOPASSWD: /bin/su - hadoop -c klist
EOF

Adding sudo permissions to sudoers for user via shell script

My solution is to have the script ask the user to enter his password and store the value in a variable to be used along with Expect. The script installs Expect if it's not installed and then the script does:

read -p "Please enter your password: " PASSWD
export PASSWD
username=$USER
export username

if [[ ! `sudo -l -U "$USER" 2>&1 | grep "ALL"` ]]; then
  expect -c '
      spawn "su -c \"cat <<EOF >> /etc/sudoers.d/$env(username)
          $env(username) ALL=(ALL:ALL) ALL
          $env(username) ALL=(ALL) NOPASSWD:ALL
EOF
\"
      "
      expect "Password:\r"
      send $env(PASSWD)
      interact
  '
fi

---

Related Topics