Ask Your Question
2

Run sudo dnf -y update without password

asked 2018-10-17 10:26:53 -0600

RobR gravatar image

I'm sure this has been answered but I can not find the response anywhere.

I am trying to edit my sudoers file so that anyone can run sudo dnf -y update without entering the sudo password. I have found examples for many other commands but none for this. The goal is to run this at startup so my system always checks for updates (I hate using dragora).

I put this line in sudoers (edited with text editor as root):

ALL localhost = NOPASSWD: 'sudo dnf -y update' (also tried just sudo dnf -y update without the ')

when I try to run the command i get a parse in sudoers at line 99 (where I put this line) error message and it asks for the password. Can I do what I am trying to do? What would the correct syntax be? Can I just automatically have the system run this command in terminal at startup?

I have been running Fedora for about a year now and this is the first issue I have had no luck solving.

Thanks for any help!

edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted
1

answered 2018-10-17 14:48:30 -0600

sideburns gravatar image

Just to show how versatile bash is, here's a way to do what you want without using sudo: create a file as root, let's say /usr/local/update that looks like this:

#! /bin/bash

dnf -y update

Then, still as root, run chmod /usr/local/update +x, +s /usr/local/update which means that anybody can execute the file as though they were the file's owner, allowing them to update your system without needing to enter a password. (I picked /usr/local because it's on the default path.) Which way you use depends on your own personal taste, of course, but I find the above to be a bit more elegant. YMMV and probably does.

edit flag offensive delete link more

Comments

That is not supposed to work as the suid bit should be ignored for scripts.

villykruse gravatar imagevillykruse ( 2018-10-18 00:13:51 -0600 )edit

Well, I'll admit that I haven't actually tried it.

sideburns gravatar imagesideburns ( 2018-10-18 01:47:05 -0600 )edit

"Beware of bugs in the above code; I have only proved it correct, not tried it." Quoted from Donald Knuth

villykruse gravatar imagevillykruse ( 2018-10-18 04:48:36 -0600 )edit

In my defense, Wikipedia says that "many operating systems" ignore the suid bit on scripts, not that all do. Do you happen to know if Fedora Linux does?

sideburns gravatar imagesideburns ( 2018-10-18 17:58:32 -0600 )edit

From man execve:

Linux ignores the set-user-ID and set-group-ID bits on scripts.

I can imagine that support for set-user-id on scripts was supported on 30 year old BSD systems, but not on anything newer than that. The perl language used to have the suidperl trick to gain root provileges, but that has been discontinued long ago.

villykruse gravatar imagevillykruse ( 2018-10-19 01:11:48 -0600 )edit
1

answered 2018-10-17 12:17:45 -0600

hhlp gravatar image

updated 2018-10-17 12:22:19 -0600

@RobR try this , -> ALL localhost = NOPASSWD: /bin/dnf update or ALL localhost=/bin/dnf updateor even better %user ALL=(ALL) NOPASSWD:/usr/bin/dnf update -> sudoers.man

edit flag offensive delete link more

Comments

THANK YOU! Adding the path worked perfectly!

RobR gravatar imageRobR ( 2018-10-17 13:08:16 -0600 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2018-10-17 10:26:53 -0600

Seen: 108 times

Last updated: Oct 17 '18