Sudo in a cron job question

[Tim Wunder]

On 2/19/2003 2:45 PM, someone claiming to be Tim Wunder wrote:
> On 2/19/2003 1:56 PM, someone claiming to be Kurt Wall wrote:
> 
>> Feigning erudition, Tim Wunder wrote:
>>
>> [...]
>>
>> % Um, no. I *am* trying to run the working script via a cron job, as 
>> my % normal user. But it don't work. I've configured sudo so that it 
>> doesn't % ask for a password when my user tries to run 'sudo 
>> checkinstall'. When I % put that in my script and execute it from the 
>> command line, checkinstall % runs and I don't need to enter my 
>> password. When the script is executed % as a cron job, sudo asks for a 
>> password, which never comes, so the % script fails.
>>
>> So, you're using "authenticate NOPASSWD" flag or some such?
>>
> 
> Something like that.. the relevant portion of my /etc/sudoers file
> 
> User_Alias      ADMINS = <myuser>
> Cmnd_Alias      INSTALL = /usr/local/bin/checkinstall -*[A-z]*
> ADMINS  ALL=(ALL)       NOPASSWD: INSTALL
> 
>  > Can you run invoked sudo with the -l option? See the discussion of
>  > "listpw" in the sudoers(5) man page. See also the -v option.
>  >
> 
> I'll look at '-l' and '-v', thanks. I'm a sudo neophyte, so pointers are 
> most welcome.
> 
> <time passes as tim putzes with this and that...>
> 
> Kurt, you're a wonderful person!
> For kicks, I added '/usr/bin/sudo -l >sudo.lst' to my script, which told 
> me that my user could execute the following commands on this host:
>     (ALL) NOPASSWD: /usr/local/bin/checkinstall -*[A-z]*
> 
> which got me thinking... damn, that *is* the command I'm trying to 
> run... then it hit me: I've got the command specified in my script as 
> only 'checkinstall', not '/usr/local/bin/checkinstall'. One quick 
> modification to my script, and there's now joy in Mudville.
> 
> I guess that just goes to show you that explicit should be used in 
> scripts...

er, "explicit paths" even...