I want to run this script (it is post-receive hook of git repository):
#!/bin/sh
echo "Executing post-receive hook as user `id` using `which sudo`"
sudo -l
sudo -n bash /var/project/autotest/autotest.sh
It should run without asking for password, but I got following output:
Executing post-receive hook as user uid=1005(martinjonas) gid=1001(martinjonas)
groups=1001(martinjonas),1009(lifeweb),1017(project) using /usr/bin/sudo
Matching Defaults entries for martinjonas on this host:
env_reset
User martinjonas may run the following commands on this host:
(root) NOPASSWD: /var/project/autotest/autotest.sh
sudo: sorry, a password is required to run sudo
As you can see acording to outputo of sudo -l I am supposed to be able run /var/project/autotest/autotest.sh without password, but sudo still asks for password.
This is my sudoers file (it is whole file no additional entries there):
# /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the man page for details on how to write a sudoers file.
Defaults env_reset
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL) ALL
# Allow members of group sudo to execute any command
# (Note that later entries override this, so you might need to move
# it further down)
%sudo ALL=(ALL) ALL
#
#includedir /etc/sudoers.d
www-data ALL=(root) NOPASSWD: /usr/bin/svn up
%project ALL=(root) NOPASSWD: /var/project/autotest/autotest.sh
I try to search for answer but only possible problems I found are wrong sudo used or wrong order of entires in sudoers, which I both disproved.
We use Debian 6.0 2. on this server.
Best Answer
you have
NOPASSWD
entry for/var/project/autotest/autotest.sh
, but your command runningbash /var/project/autotest/autotest.sh
- it's different command and that's why it forbiddenremove
bash
and all should work fine.