ansaurus

Question

Answer 1

+3 A:

Put it in the crontab of root

sudo crontab -e

There you can put

indexer --config /usr/local/etc/sphinx.conf --all --rotate

All commands in this crontab will be executed as root. If you just du crontab -e as your current user, they will be executed under your users permissions.

JochenJung 2010-08-06 07:07:52

this seems to solve the problem. But still i want to know how some commands can be run without the sudo word in them..A case in point might be : sudo apt-get install <app name>How can I then do just apt-get install <app name> ?? Add myself to the sudoers file?Thanks!

r2b2 2010-08-06 08:00:25

@r2b2: You can't, it's a basic security matter. In order to execute commands as `root`, you need to prove that you are authorized to do so. `sudo` will let you execute commands as `root` (usually after prompting you for your password) *because you are in the `sudoers` file*. Another way to execute a command as `root` is with the `su` command, which prompts you for `root`'s password. Commands in `root`'s crontab are executed as `root` since `root` must have written them.

Gilles 2010-08-06 19:24:14

Answer 2

A:

run it as a root ? or sphinx user ? try to find out which user you need it to be run as and add it to that users cron

theHaunted 2010-08-06 07:09:51

Answer 3

A:

Its extremely dangerous to put applications in root's crontab unless the box is secured well from hackers. If by chance someone replaces the binaries (including libraries), you're gone!

A better way would be to chown all the files the binary accesses to an unprivileged user and run the job as the unprivileged user.

Any of the binary files the application uses should not be writeable by anyone except root.

Nilesh 2010-08-06 07:54:41

@Nilesh: huh? any unix system has commands in the system crontab, to be executed by `root`. There is no particular danger in doing so. What would be dangerous would be to execute a program whose binary file (or loaded library) is writable by another user, because that user could then run arbitrary code as `root` by overwriting the file. That's still only vulnerable to local users.

Gilles 2010-08-06 19:26:38

@Gilles: true. I should have said binaries instead of binary :) Edited.

Nilesh 2010-08-07 03:43:14

@Nilesh: I think the issue is clear in both our minds but not in what you wrote, so let me suggest some changes. First, the part about "secured from hackers" is not really relevant: the key point is that root should not run (through cron or otherwise) an application whose executable can be overwritten by another user. Second, in fact it's not just binary files and libraries, it's anything that will be executed (including binary code loaded from libraries, but also all manner of scripts).

Gilles 2010-08-07 10:07:43

@Gilles: Yeah true. Its no point now in editing it :DThe comment is enough :)

Nilesh 2010-08-07 12:46:27

Is it ok to set a SUID bit so that the script can run as root, or is that not a good idea?

cam8001 2010-08-10 11:35:31

@cam8001: Its the same thing, whether you use SUID bit or sudo. Only thing is, sudo may not allow execution of commands except if mentioned in sudoers. But I'm doubtful about it. With sudo the app gets root privs, but how limited is it, I don't know. If there's no limits, it doesn't matter whether you use sudo or suid. Only thing is you can run it as 'app' instead of 'sudo app'.

Nilesh 2010-08-10 13:08:51

Answer 4

A:

You can configure sudo not to ask password. Read man sudoers for how to do that. Search for NOPASSWD string.

Marko Kevac 2010-08-07 08:05:20

Answer 5

A:

Just append your command to the sudoer file list by using cmd visudo(this cmd requires root priviledge) as below:

<YOUR_USER_NAME> ALL = NOPASSWD:<ABSOLUTE-PATH-TO-CMD>

Take care of the ABSOLUTE-PATH-TO-CMD,It may become a security hole.

schemacs 2010-08-10 11:31:48

ansaurus

tags:

views:

answers:

How to run a command without sudo?

related questions