Custom Sudo Command

Question

So this is an idea I just had for efficiency is scripting. I'm wondering if it is possible to make a custom command (i.e. jello) that has sudo privileges, but doesn't prompt a password. I write a lot of scripts that require sudo permissions and don't like to type them in every time. I've been editing the sudoers file and making exceptions for these files. But I would really love if this were possible, so I could just type this command in my scripts and it would run like it should without asking for a password.

Answer 1

One option is to use wildcards in your sudoers file (sudoers manpage).

Note: You'll need to take suitable precautions with any strategy like this because you necessarily won't know all of the commands that you are granting access ahead of time - some exploits and risks.

If the risks are acceptable to you, then putting something like this into your /etc/sudoers file will allow you to add new commands of the same form and enable running of those commands without typing your password every time:

me         ALL= NOPASSWD: /home/me/privil_scripts/priviledged_*.sh

Make sure it isn't easy for other users to drop in extra scripts in this directory! Comments on keeping this secure most welcome.

As a quick test:

# create a directory with some files inside
cd ~; mkdir nolook; touch nolook/f1; touch nolook/f2
>>> f1  f2
# make it so regular user can't see inside
sudo chmod -R 700 nolook; sudo chown -R root:root nolook
# test
ls nolook
>>> ls: cannot open directory nolook/: Permission denied

Now write privileged & unprivileged scripts:

echo "
#!/bin/sh
sudo ls nolook
" > privil_scripts/priviledged_ls.sh
chmod +x !$

echo "
#!/bin/sh
sudo ls nolook
" > privil_scripts/plain_ls.sh
chmod +x !$

and try them:

privil_scripts/priviledged_ls.sh
>>> f1  f2

privil_scripts/plain_ls.sh
>>> [sudo] password for me: