I am trying to add a NOPASSWD
entry for sudotest.sh
(or any script/binary that requires sudo) in my /etc/sudoers
file (on Ubuntu 12.04 LTS server), but in order to make it work, I must specify the full path. The following entry works just fine:
%jenkins ALL=(ALL)NOPASSWD:/home/vts_share/test/sudotest.sh
The problem is that the script might move to a different directory. This seems like a great chance to use the *
wildcard in the path (i.e. /*/sudotest.sh
) so that my script could be in any directory but the manual states that wildcards will not match the /
character when used in a path. I've confirmed that it doesn't work.
I know that I can use the word ALL
in place of my script, but this means there is no password prompt for any commands which seems unsafe.
How do I solve this?
Placing ALL instead of your script won't allow it to be run unless it can be found in a suitably configured PATH.
To run your command without supplying a full path it needs to be in a directory specified by the PATH variable.
For sudo it depends on how the environment is configured as to which PATH is used.
If the
secure_path
variable is set in sudoers then commands must be located in directories within it.You can add users to the
exempt_group
, then they can use their own PATH.