# Ubuntu – Make executable bash script run with sudo privileges

bashexecutablescripts

Ubuntu 18.04 Gnome de.

I made a simple bash script file that flags my next reboot to choose the windows grub entry. For quick rebooting into windows straight from Linux DE.

The problem is I have to use dconf to modify executable files to ask, so I can click run in terminal where it automatically asks for password. Otherwise, just executing the file does nothing, bc it's waiting for a password input.

Is there a way to run a bash script file like this with inherent sudo privileges so it doesn't need to ask for a password?

EDIT (even though it's directed at @waltinator, because comment formatting is atrocious):

So would

/bin/kill


be the location and name of my bash script file? for example, my bash script file is named restart2windows and is located on my desktop:

/home/myusername/Desktop/restart2windows


so I would just need to add this line to /etc/sudoers (I'm still unclear on editing that file, using visudo, and whether I should edit sudoers.d as advised):

myusername     mymachinename = NOPASSWD: /home/myusername/Desktop/restart2windows


Would this be correct?

EDIT 2

I tried editing sudoers via visudo:

sudo visudo


and added the line I suggested above, below the commented line:

#includedir /etc/sudoers.d


and then tried to run my bash script file from my desktop, and it did nothing. If I choose to run it in the terminal, the terminal is waiting for a password input.

Here is my bash script file contents, very simple:

#!/bin/bash
sudo grub-reboot 2
sudo reboot now


Found this question here and it appears that I need to add sudo somewhere in there? I'm confused by that answer to that question because his line of code from the OP does not match the OP's.

Edit 3:

I submitted this same post in Ubuntuforums.org as well: https://ubuntuforums.org/showthread.php?t=2434878

Read man sudoers - it will let you grant passwordless access to a single command. Read man visudo, too.

From the man page:

  PASSWD and NOPASSWD

By default, sudo requires that a user authenticate him or herself before running a
command.  This behavior can be modified via the NOPASSWD tag.  Like a Runas_Spec, the
NOPASSWD tag sets a default for the commands that follow it in the Cmnd_Spec_List.
Conversely, the PASSWD tag can be used to reverse things.  For example:

ray     rushmore = NOPASSWD: /bin/kill, /bin/ls, /usr/bin/lprm

would allow the user ray to run /bin/kill, /bin/ls, and /usr/bin/lprm as root on the
machine rushmore without authenticating himself.  If we only want ray to be able to run
/bin/kill without a password the entry would be:

ray     rushmore = NOPASSWD: /bin/kill, PASSWD: /bin/ls, /usr/bin/lprm

Note, however, that the PASSWD tag has no effect on users who are in the group specified
by the exempt_group option.


Also, I'll note that "making an existing bash script run as root" is the beginning of many very sad security tales.

Rather than making the script run as root, allow your user passwordless access to the ( full path of ) the 2 commands in your script.