[sudo-users] (Hopefully) quick policy question
Jore
community at thoughtmaybe.com
Wed Sep 27 08:03:00 MDT 2023
On 27/9/23 11:48 pm, Mihai Moldovan wrote:
> You're just missing the sudo call in front to execute the script as the super
> user. A/the normal user naturally wouldn't be able to execute the script in
> /root/.acme.sh, as you've already correctly determined.
>
> Mihai
Hi there,
Thanks for that.
Okay, so here's what I've tried:
root at test:~# cat /home/test/acme-wrapper.sh
#!/bin/bash
domain="${1}"
regex='^[a-z0-9]+([\-\.]{1}[a-z0-9]+)*\.(example)'
if [[ "${domain}" =~ ${regex} ]]; then
sudo /usr/bin/bash /root/acme.sh/acme.sh --force --issue --domain
"${domain}" --webroot /var/lib/ssl/
else
echo "Not a valid or known domain."
exit 1
fi
root at test:~# cat /etc/sudoers.d/test
test ALL = NOPASSWD: /usr/bin/bash /home/test/acme-wrapper.sh *
And now logging in as test user:
test at test:~$ bash /home/test/acme-wrapper.sh foo.example.com
[sudo] password for test:
sudo: a password is required
More information about the sudo-users
mailing list