0

I am working on a python project which involves running some of the sudo commands. In the project, I have to run, systemctl commands to get the status of running services. For this I have below code:

cmd = "sudo service mongodb status > " + status_logs
subprocess.call(cmd, shell=True)
cmd = "grep \'" + search_tag + "\' " + status_logs
status_string = str(subprocess.check_output(cmd, shell=True))

start = status_string.index(":") + len(":")
end = status_string.index(')', start)
status = status_string[start:end]
status = status + ")"
status = status.replace(" ", "")

If I run above code as sudo python3 app.py then I am getting proper response as active(running) or inactive(dead). But I need to run the code without sudo i.e. python3 app.py.

In this case, it keeps on asking the password of the current user in terminal. How can I remove this and proceed further. Please help. Thanks.

Contents of /etc/sudoers

#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults        env_reset
Defaults        mail_badpass
Defaults        secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin: /usr/bin:/sbin:/bin:/snap/bin"

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root    ALL=(ALL:ALL) ALL

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

# See sudoers(5) for more information on "#include" directives:

#includedir /etc/sudoers.d
Improve this question
2
  • 1
    Use the NOPASSWD option in /etc/sudoers. Type man sudoers for details, and remember to use visudo to edit the sudoers file. Commented Sep 29, 2020 at 8:04
  • @alani Where exactly in the file, I have to mention NOPASSWD. Is there any way to do it directly from the python Commented Sep 29, 2020 at 8:17

1 Answer 1

Reset to default
1

@alani comment on OP is good, specifically I would try to clamp down as much as possible so that issues with your program do not have disasterous consequences. For example, if you program will be running under the group mongo_checkers, something like this would enable it do check the status only:

%mongo_checkers ALL= NOPASSWD: /usr/sbin/service mongodb status

This should be relatively harmless.

[edit: as per @alani comment on this answer, have specified full path to service. ty!]

Improve this answer
Sign up to request clarification or add additional context in comments.

6 Comments

I have updated the content of file /etc/sudoers. Can you please tell me where I should mention NOPASSWD.?
As per the answer, should work (not tested)
@SAndrew This answer tells you exactly where you should mention it. And is the sort of thing I had in mind -- I wasn't suggesting using NOPASSWD for everything. I would go a step further and put the whole path to service here, i.e. /usr/sbin/service.
Apologies but still I am unable to understand. What I have done is that in /etc/sudoers file I have done %sudo ALL=(ALL) NOPASSWD: ALL which I think has removed the password option, so my issue is kind of resolved. But I am still confused about where I should run the command mentioned in answer. Should I replace it with sudo systemctl command I have in python code. What does %mongo_checkers means and what should I use in place of it.?
@SAndrew I would suggest to read the man page, its never a good idea to blindly configure sudo access or passwordless commands if you dont fully understand whats happening.
|

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.