Use sudo Command in Non-Interactive Mode

In Linux, the sudo (Super User DO) command is frequently used as a prefix to a command that only superusers are permitted to execute. Any command that has the "sudo" prefix will run with elevated privileges, or in other words, allow a user with the necessary permissions to execute a command in the role of another user, such as the superuser. This is comparable to Windows' "run as administrator" option.

Note Linux commands are case-sensitive.

Default sudo Behavior

To use the sudo command on the majority of contemporary Linux distributions, a user must be a member of the wheel, sudo, or sudoers groups. A single-user system gives its user sudo capabilities by default. Several user accounts on a system or server may prevent some users from having sudo access.

Let's first go over the sudo command's default behavior

$ sudo cp /root/temp1 lecture_class
[sudo] password for tutorials: 

$ ls -l lecture_class
-rw------- 1 root root 12863 Jan 15 13:48 lecture_class

In the above example, we ran the sudo command as tutorials, a regular user. The lecture_class file for root should be copied to the current directory.

Using the -S Option for Non-Interactive Mode

If we need to include the sudo command in a script or want to run it in a non-interactive mode, we can pass the password as a parameter using the -S option.

The -S option makes sudo read the password from standard input instead of the terminal device. Let's examine this option by executing the same command

tutorials$ echo "My Pass" | sudo -S cp /root/temp1 lecture_class
[sudo] password for tutorials: 

tutorials$ ls -l lecture_class
-rw------- 1 root root 12863 Jan 15 13:48 lecture_class

As we can see, the password was piped to stdin. Although the prompt was still there, the sudo command executed the cp command without waiting for our input this time.

Suppressing the Password Prompt

When using the -S option, sudo will write the prompt to standard error (stderr) rather than standard output (stdout). With the aid of redirection, we can quickly disable the password prompt

tutorials$ echo "My password" | sudo -S cp /root/temp1 lecture_class 2>/dev/null

tutorials$ ls -l lecture_class
-rw------- 1 root root 12863 Jan 15 13:48 lecture_class

We use 2>/dev/null to redirect standard error and suppress the password prompt display.

Configuring Passwordless sudo

For certain users or specific commands, you can configure sudo to not ask for a password. This is useful for scripting or automation but should be used carefully due to security implications.

First, switch to the root user

$ su -
# or use the sudo command 
$ sudo -i

Make a backup of your /etc/sudoers file and edit it using visudo

$ cp /etc/sudoers /root/sudoers.bak
# visudo

Add the following line to allow the user "tutorials" to execute specific commands without entering a password

tutorials ALL = NOPASSWD: /bin/systemctl restart httpd.service, /bin/kill

Save and exit the file, then test it by running

$ sudo /bin/kill {pid}

Security Considerations

Conclusion

Using sudo in non-interactive mode can be achieved through the -S option for password input via stdin or by configuring passwordless access for specific commands in the sudoers file. While these methods enable automation and scripting, they should be implemented carefully considering the security implications of each approach.