I have a resque worker which will run some shell command.
for example
ruby
`sudo echo "XXX" >> xx.log`
but when worker run, will raise below error
sudo: no tty present and no askpass program specified
I have add 'whoami' debug code to find which user run this sudo command,
and also set this user's group "test" when execute command will don't need password.
I'm also run same command in shell console, it works right, don't need input password.
sudo visudo
%test ALL=NOPASSWD:ALL
but when the worker run sudo, will says above error, require input password.
Who can tell me why?
Thanks.
I am really hesitant to offer this as a "fix" because #AJcodez asks correctly, "why do you need sudo?" However, you can probably get around the tty requirement by adding the following:
Defaults requiretty
Defaults: %test !requiretty
to the /etc/sudoers file, but please use the visudo command. Also, is test here a user or a group? I also suspect that your sudoers line is malformed. The syntax is:
jane ALL=(LIST_OF_COMMANDS) NOPASSWD: ALL
Where you seem to have it set to run the NOPASSWD setting for all zero commands the %test group can run. Or I could be misunderstanding your paste here.
Related
The field Exec command of execute shell over ssh, I only put command sudo su in there.
But when I build the project, it always stop at the command sudo su till timeout.
The image show what I get in console output.
Welcome to StackOverflow.
sudo
sudo is used for custom installations, system files modification, etc
Interactive shells (human in front of monitor)
When you exec some command preceded by sudo, this shell will ask you for the password of some privileged user. This ask event waits for user response:
Background executions
Some process, crons, scripts or applications like jenkins needs to execute sudo commands. But in this mode , there is no way to enter the password. This is the reason of your timeout
Solutions
disable requiretty
https://gist.github.com/jrichardsz/1adaaa07885b45d497b519431701a943
Security risk of this approach:
https://unix.stackexchange.com/a/65789/188975
use a pseudo TTY in Jenkins
https://unix.stackexchange.com/a/373843/188975
You can try using the expect directive.
I want to run a Ruby on Rails application. When I tried to run it, it shows me this,
The program 'rails' is currently not installed. You can install it by typing:
sudo apt install ruby-railties
So, I figured out the problem and I found that the problem is due to not login into bash shell. My terminal could not execute 'ruby' or 'ruby on rails' scripts. I checked .bashrc and .bash_profile files if PATH variable is set to point to rvm file.
When I did,
/bash/bin -l
it shows me ruby or rails are installed on system and I could start Rails server successfully. But if I opened another Terminal window, same problem occurs. Basically, I want to log into bash shell by default. Please correct and help me to sort out this. Thanks!
If you are sure the location of your bash shell is /bin/bash you could use this command (replacing "username" with your username):
chsh -s /bin/bash username
That will change your default shell in most unix like operating systems.
Afterwards you can verify it checking /etc/passwd where you will see the default shell at the end of the line of your username.
Warning: Try it first with a new user, in order to avoid losing your shell access if the path to bash is different :-)
I need to get access to pg_hba.conf to try and fix my broken postgres development db that gives the error on RAILS_ENV=development rails s of
PG::ConnectionBad
fe_sendauth: no password supplied
This post at least seems to suggest that such access may help: PG::ConnectionBad: fe_sendauth: no password supplied
The problem is, even though I know the path
/Library/PostgreSQL/9.3/data/pg_hba.conf
When I actually try to cd into it:
cd /Library/PostgreSQL/9.3/data/
I get: cd:cd:13: permission denied: /Library/PostgreSQL/9.3/data/
The seemingly obvious fix would be to sudo, so I try that:
sudo cd /Library/PostgreSQL/9.3/data/
And nothing happens. Literally the next line shows that I'm still exactly where I was. How can sudo be denied? And how can I either access this file or fix my issue?
Thanks!
This:
sudo cd /Library/PostgreSQL/9.3/data/
runs the cd command under sudo. sudo actually runs a new instance of the shell (/bin/sh or whatever) then runs the command in the shell.
The current directory is a property of the current process. It is inherited by new child processes, but it changes do not get propagated up to parent processes.
What you've done is the equivalent of:
sh -c 'cd /tmp'
It makes a new shell, cds to a location, then exits. The effect of the cd only affects that shell, So it effectively did nothing.
What you should do instead is use sudo to open the file in your text editor by absolute path, e.g.:
sudo nano /Library/PostgreSQL/9.3/data/pg_hba.conf
(nano is a simple and user-friendly command line text editor; I'm assuming you don't know how to use vi given this question.)
when I try to use fabric to deploy Apache server remotely using Fabric, I encountered a problem. I tried to add a new path to the PATH variable first using sudo(), then I tried to echo $PATH using sudo() too. However, I found that it looks like the new path wasn't added to PATH at all. As a result, I cannot execute the bins in that path via sudo().
[name#IP:port] Executing task 'reboot'
[name#IP:port] sudo: export PATH=$PATH:/new/path/to/add/install/bin
[name#IP:port] out: sudo password:
[name#IP:port] sudo: echo $PATH
[name#IP:port] out: sudo password:
[name#IP:port] out: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
Could anyone tell me how to add a path variable to sudo command in Fabric? Thanks in advance.
It should be habit to always give a full path to the executable when running as root, to avoid having trojan horses being pushed into your PATH.
Setting an environment variable via export works only for the current shell session - which is the one invoked by sudo. Once your command (export, in this case) is executed, the shell exits, and takes your environment variable with it. The next time you execute sudo, a new shell (with default environment) is set up, which does know nothing about your previous export.
The configuration file /etc/sudoers usually contains an entry like Defaults env_reset, the effect of which is that environment variables set in the calling environment are not copied to the environment invoked by sudo, so calling export in your current environment and then executing sudo does not work either. This is done for security reasons (ref. 1) above).
It is possible to set up /etc/sudoers to make exceptions to 3), via env_keep. Refer to man sudoers for details. However, see 1) - it is not a good idea.
There is the -E option to sudo, which allows to keep the caller's environment (including e.g. an extended PATH), but this requires SETENV being set in /etc/sudoers. Again, refer to man sudoers for details, and be mindful of 1).
use
sudo('PATH=$PATH:/new/path/to/add/install/bin commad')
I am trying to execute a command like this from a Ruby on Rails app:
sudo service squid3 restart
If i try it with this code:
output = ´sudo service squid3 retsart´
It don't work, in the console i see that linux asks the password.
How can i pass a password with this command? Or other suggestions...
You can add the following line to your sudoers file (/etc/sudoers)
rails_user ALL=(root) NOPASSWD:/usr/sbin/service
This will basically let the rails_user user execute the service command as sudo, and the system won't ask you for a password.
rails_user should be replaced with whatever user that you are running your rails process under. And you should also make sure that
Defaults requiretty
is not present in your /etc/sudoers. If not you won't be able use sudo from a script.
You can try the sudo -S flag if available on you system (check man):
echo secretPasswd | sudo -S service squid3 restart
This means that the password will be in clear so you can add the user which needs to perform the task to the sudoers (which creates another security issue by the way).
Does your sudo have a -A switch?
-A
Normally, if sudo requires a password, it will read it from the current terminal. If the -A (askpass) option is specified, a helper program is executed to read the user's password and output the password to the standard output. If the SUDO_ASKPASS environment variable is set, it specifies the path to the helper program. Otherwise, the value specified by the askpass option in sudoers(5) is used.
I wouldn't recommend having the password available in any way to your web server processes though so you'd want to use the sudoers file.
You can use the expect method to catch the password prompt and send the password. However, it might be a better idea to allow your Rails user access to the service command without a password using the NOPASSWD option in /etc/sudoers.