Reputation: 966
Adding users to sudoers through shell script
Is it possible to add users to the sudoers file through a shell script? I've been looking around, still can't find anything.
Upvotes: 33
Views: 85697
Answers (11)
Reputation: 163
Without changing the /etc/sudoers file, you can also grant the sudoer privileges by adding the user to the wheel group (on Fedora, Centos ..) and the sudo group (on Ubuntu ecc..). Here an example with Centos for the user jdoe:
$sudo usermod jdoe -G wheel
Upvotes: 0
Reputation: 1048
In Debian and Ubuntu you can add users to the /etc/sudoers.d directory. The directory has a README file. Create a file called 99_sudo_include_file and drop it in the /etc/sudoers.d/ directory. It's easy to remove users or add users, just create a new file and overwrite the old file. You can simply echo your new file and overwrite the old file each time you want to change it.
echo '#== Visudo Users - All Permissions
#== ==============================
usersam ALL=(ALL) ALL
userlam ALL=(ALL) ALL
userfam ALL=(ALL) ALL
#== Visudo Users - Certain Scripts
#== ==============================
userkam ALL=NOPASSWD: /path/to/script.sh, /path/to/script2.sh
useroam ALL=NOPASSWD: /path/to/script.sh, /path/to/script2.sh
userpam ALL=NOPASSWD: /path/to/script.sh, /path/to/script2.sh
#== Visudo Users - Certain Commands
#== ===============================
userpam ALL=NOPASSWD: /sbin/reboot, /usr/bin/apt-get
userwam ALL=NOPASSWD: /sbin/reboot, /usr/bin/apt-get' > /etc/sudoers.d/99_sudo_include_file
This way you don't touch your original /etc/sudoers file
Upvotes: 0
Reputation: 1
I want continue about add user to sudoers. I already create, but the problem is when I run twice the shell script it will add again.
Please see below my script
for i in $(cat users); do
useradd $i
chsh $i /usr/bin/ksh93
echo "user $i added successfully!"
echo $i 'ALL=(ALL) NOPASSWD: ALL' >> /HAapps/sudoers
echo $i:$i"123" | chpasswd
echo "Password for user $i changed successfully"
done
=============
this is the result
ario1 ALL=(ALL) NOPASSWD: ALL
ario2 ALL=(ALL) NOPASSWD: ALL
How to check or verify if the user already exist, so don't need add again ? Thank you All Master Need your advice
Upvotes: -1
Reputation: 14477
In order to grant to user sudo permission in shell script (Unix/Linux) use the usermod function:
sudo usermod -aG sudo <userName>
example:
sudo usermod -aG sudo johnDoe
For Verification: use the groups function ( which show the group membership ) and verify the sudo group us under the right user.
groups <userName>
example:
groups johnDoe
#!johnDoe: johnDoe sudo
Explanation from linux documentation:
The usermod command modifies the system account files to reflect the changes that are specified on the command line.
-a, --append
Add the user to the supplementary group(s). Use only with the -G option.
-G, --groups GROUP1[,GROUP2,...[,GROUPN]]]
A list of supplementary groups which the user is also a member of. Each group is ?> separated from the next by a comma, with no intervening whitespace. The groups are subject to the same restrictions as the group given with the -g option. If the user is currently a member of a group which is not listed, the user will be removed from the group. This behaviour can be changed via the -a option, which appends the user to the current supplementary group list.
Upvotes: 1
Reputation: 1
There is also the sudo group, and you could add users to it (for common configurations of /etc/sudoers)
adduser [username] sudo
Upvotes: 6
Reputation: 361
Single line to create user with password and in sudo group.
useradd -p $(openssl passwd -1 PASSWORD) USERNAME -s /bin/bash -G sudo
Upvotes: 0
Reputation: 3676
Other answers such as spawning a subshell will work, but may not work if you want to use environmental vars. One alternative I found played really nicely for me:
echo "%<user> ALL=(ALL) ALL" | sudo tee -a /etc/sudoers > /dev/null
This being said, hindsight is 20/20... If modifying sudoers via a script and not via visudo I would seriously recommend creating a backup with the right file permissions and contents first since you can lose access to any sudo rights without pkexec, physical access or a reboot etc.
sudo cp /etc/sudoers /etc/sudoers.bak
Upvotes: 0
Reputation: 16037
You could simply echo (with elevated privileges, of course) directly to the /etc/sudoers file:
sudo -i
echo 'nickw444 ALL=(ALL:ALL) ALL' >> /etc/sudoers
# ^^
# tab
(note the tab character between the username and the first ALL)
Or, for a script:
#!/bin/bash
# Run me with superuser privileges
echo 'nickw444 ALL=(ALL:ALL) ALL' >> /etc/sudoers
Then save to somefile.sh, chmod a+rx it, and run sudo ./somefile.sh from a terminal window.
To add multiple users, change the script to this;
#!/bin/bash
while [[ -n $1 ]]; do
echo "$1 ALL=(ALL:ALL) ALL" >> /etc/sudoers;
shift # shift all parameters;
done
Then, run the script like this (assuming you saved it as addsudousers.sh):
sudo ./addsudousers.sh bob joe jeff
that is, space-separated.
To read the names from a file:
nickw444@laptop ~ $ sudo ./addsudousers.sh `cat listofusers.txt`
listofusers.txt should also be space-separated.
Edit: Jappie Kirk rightly points out that you can't directly call sudo echo ... >> /etc/sudoers because the >> redirection is handled by the shell, which has by that point dropped the superuser privileges. However, if you run a script that contains echo ... >> /etc/sudoers and the script itself has superuser privileges, everything should work just fine.
Upvotes: 56
Reputation: 1369
on RedHat Based Distributions use:
su - root
and enter your password, then :
echo 'YOURUSERNAME ALL=(ALL:ALL) ALL' >> /etc/sudoers
to add the user in sudoers file.
Upvotes: 2
Reputation: 99
Login as root to your machine. The root user are the only one who has privilege to add new user.
Once you logged-in, you may now try the following commands below:
Create a new user.
adduser [username]
Add password to user
passwd [username]
Grant root privileges to user Edit the visudo file by simply typing
enter code here
Find the following line of code: root ALL=(ALL) ALL
Then add this code below:
[username] ALL=(ALL) ALL
The original post will find on this link Centos 6 – Creating sudoers user
Upvotes: -1
Reputation: 1986
No, a straight echo won't work, you have to run it in a subshell. Try this instead:
sudo sh -c "echo \"group ALL=(user) NOPASSWD: ALL\" >> /etc/sudoers"
Upvotes: 11
Related Questions
- How do I edit /etc/sudoers from a script?
- how to add multiple users and afterwards add them to groups in linux using bash script
- shell script to give users sudo access
- BASH script with sudo
- Add users in shell script with txt file
- Adding sudo permissions to sudoers for user via shell script
- Allowing users to run script via /etc/sudoers and permissions
- Adding or Modifying User in Bash Shell Script
- change user in sudo bash script
- What's the easiest way or method to automate the adding of a user to a fresh sudoers file?