sudo for script which use mysql connect with anonymous user

Question

I have following script:

[root@localhost:~]# cat /mnt/start_discovery
#!/bin/sh
InterfaceNumber=$((65471 - $1))
mysql --user=' ' --execute="insert into dc.discovery_commands(device, job_ttd) select $InterfaceNumber, DATE_ADD( UTC_TIMESTAMP(), INTERVAL 12 HOUR);"

and 3 users which allow to execute command: root, ste and www. User ste and www using sudo for execution command, root work without sudo.

[root@localhost:~]# cat /etc/sudoers
root    ALL=(ALL)   ALL
ste     ALL=(ALL)   ALL
www     ALL=/mnt/start_discovery *,\
            sh -xv *

When I run command from user www - all is fine:

[www@localhost:~]$ sudo sh -xv /mnt/start_discovery 0
#!/bin/sh
InterfaceNumber=$((65471 - $1))
+ InterfaceNumber=65471
mysql --user=' ' --execute="insert into dc.discovery_commands(device, job_ttd) select $InterfaceNumber, DATE_ADD( UTC_TIMESTAMP(), INTERVAL 12 HOUR);"
+ mysql --user=  --execute=insert into dc.discovery_commands(device, job_ttd) select 65471, DATE_ADD( UTC_TIMESTAMP(), INTERVAL 12 HOUR);

but for user ste:

[ste@localhost:~]$ sudo sh -xv /mnt/start_discovery 0
#!/bin/sh
InterfaceNumber=$((65471 - $1))
+ InterfaceNumber=65471
mysql --user=' ' --execute="insert into dc.discovery_commands(device, job_ttd) select $InterfaceNumber, DATE_ADD( UTC_TIMESTAMP(), INTERVAL 12 HOUR);"
+ERROR 1045 (28000): Access denied for user ' '@'localhost' (using password: YES)

same and for user root:

[root@localhost:~]# sh -xv /mnt/start_discovery 0
#!/bin/sh
InterfaceNumber=$((65471 - $1))
+ InterfaceNumber=65471
mysql --user=' ' --execute="insert into dc.discovery_commands(device, job_ttd) select $InterfaceNumber, DATE_ADD( UTC_TIMESTAMP(), INTERVAL 12 HOUR);"
+ERROR 1045 (28000): Access denied for user ' '@'localhost' (using password: YES)

For user root and ste I have passwords for mysql in files ~/.my.cnf, for user www - has not any access to mysql. Users for mysql are created:

[root@localhost:~]# mysql -e "select user,host,password from mysql.user;"
+------+-----------+-------------------------------------------+
| user | host      | password                                  |
+------+-----------+-------------------------------------------+
| root | localhost | *48A8ACDAF5434778D6B5D0254833B2AEC555514A |
| ste  | localhost | *425AF4AF33C4FB42AC52A0A6630DEE61AB94A67A |
|      | localhost |                                           |
+------+-----------+-------------------------------------------+

Any ideas why so happening? And how will be better to make what all users have possibility to execute this script (script has permission 750 and sudo is required) ?

Answer 1

Errors showing up on attempts #2 and #3 (running the script as ste or root) mention "(using password: YES)", although there is no password provided on the invocation line in your script.

These two users must have a custom, personnal configuration file (~/.my.cnf) which contains a password clause (in this case, such password is always provided by default).

Try adding the following option in your script: --password=''