0

we create the following script on rhel 7.6

/home/run_tasks

and in visudo we configured

%sudo   ALL=(ALL:ALL) ALL
root    ALL=(ALL)       ALL
hdfs ALL = (ALL) ALL
hdfs ALL= (root) NOPASSWD: /home/run_tasks

and

ls -ltr /home/run_tasks

-rwxrwxrwx  1 hdfs hdfs 6377 Sep 11  2019  /home/run_tasks

so when we run the script as

su hdfs -c "sudo /home/run_tasks"

we get

sudo: sorry, you must have a tty to run sudo

and after we marked the following lines ( from visudo )

#Defaults    requiretty
#Defaults   !visiblepw

we get

su hdfs -c "sudo /home/run_tasks"
ls: Permission denied: user=root, access=EXECUTE, inode="/../../..":hdfs:hdfs:drwxr-x---
ls: Permission denied: user=root, access=EXECUTE, inode="/../../..":hdfs:hdfs:drwxr-x---
yael
  • 12,598
  • 51
  • 169
  • 303
  • 1
    You probably want `sudo -u hdfs ...` – steeldriver Sep 13 '20 at 15:46
  • when I run sudo -u hdfs /home/run_tasks , still password is required , ( so what is missing here ? ) – yael Sep 13 '20 at 16:24
  • just want to mentioned that inside the script we have many hdfs cli's as - su -l hdfs -c " hdfs dfs -ls $folder " – yael Sep 13 '20 at 16:34
  • You have a script that can be edited by anyone on the system, and can run as root? This is extremely dangerous, it means anyone could change it or replace it with /bin/bash and have a root shell. – jsbillings Sep 13 '20 at 16:40
  • ok I will take care but how to solve the problem that still we have the password prompt ? – yael Sep 13 '20 at 16:54

0 Answers0