How to disable requiretty for a single command in sudoers?

  • I want to disable requiretty so that I can sudo within scripts, but I'd rather only disable it for a single command rather than everything. Is that possible within the sudoers config?

  • You can override the default setting for options such as requiretty for a specific user or for a specific command (or for a specific run-as-user or host), but not for a specific command when executed as a specific user.

    For example, assuming that requiretty is set in the compile-default options, the following sudoers file allows both artbristol and bob to execute /path/to/program as root from a script. artbristol needs no password whereas bob must have to enter a password (presumably tty_tickets is off and bob entered his password on some terminal recently).

    artbristol ALL = (root) NOPASSWD: /path/to/program
    bob ALL = (root) /path/to/program
    Defaults!/path/to/program !requiretty
    

    If you want to change the setting for a command with specific arguments, you need to use a command alias (this is a syntax limitation). For example, the following fragment allows artbristol to run /path/to/program --option in a script, but not /path/to/program with other arguments.

    Cmnd_Alias MYPROGRAM = /path/to/program --option  
    artbristol ALL = (root) /path/to/program
    artbristol ALL = (root) NOPASSWD: MYPROGRAM
    Defaults!MYPROGRAM !requiretty
    

License under CC-BY-SA with attribution


Content dated before 6/26/2020 9:53 AM