1

I need a guru hint.
Here is my sudoers file:

myuser ALL=(root) NOPASSWD: /usr/bin/systemctl start my-service

My problem is that when I run

myuser@machine:~$ /usr/bin/sudo -u root /usr/bin/systemctl start my-service

as CLI logged in user, it works without asking for a password as intended.

But if I run this command from a compiled app written in Go, it will ask me for a password.

here below is my golang code.

func Systemctl(option string, service string) error {
switch option {
case "start":
case "restart":
case "stop":
default:
    return errors.New("invalid option")
}
cmd := exec.Command("/usr/bin/sudo", "-u", "root", "/usr/bin/systemctl", option, service)
out, err := cmd.CombinedOutput()
log.Println(string(out))
cmd.Wait()
if err != nil {
    return err
}
return nil

}

I suspect it's related to running sudo from another shell or something like that. But I don't have any idea how to configure my sudoers file to allow running sudo from my Go code.

Abdulkarim Mousa
  • 21

1 Answers1

1

for this piece of code this workaround did work with me .

No need to do anything in the sudoers file . I've found a work around, and that is to run my command from a bash command .

joins := []string{"/usr/bin/sudo", "-u", "root", " /usr/bin/systemctl", option, service}
objective := strings.Join(joins, " ")
cmd := exec.Command("/bin/bash", "-c", objective)

perfectly worked - after hours of no sleep - as bash command .

but for security reasons I don't want to run string options after a bash shell. It's dangerous to do so if my variables are variables . it might lead to an injection.

I will really appreciate having an answer involving configuring the sudoers file in a secure way without running my commands from a bash shell ?

Abdulkarim Mousa
  • 21