Run octopi comands like sudo without pasword

sz3bbylA · June 22, 2018, 8:01pm

I just install octopi in ubuntu and problem i got after is my user not run sudo without password like in raspbian
I just try to configure sudo to run octopi without password but without success
sudo visudo
user ALL = NOPASSWD: /home/user/OctoPrint/venv/bin/octoprint

not working!
thank you

Spyder · June 22, 2018, 9:28pm

I think you've got too many things typed in there...

nosudo

OutsourcedGuru · June 22, 2018, 9:52pm

Guy does the following for the OctoPi image on Raspbian. Search that for "sudoers".

sz3bbylA · June 23, 2018, 11:34am

Thank you
Is working
only one problem i have with this but I'm not sure is possible
1 user can reboot system without password
2. user can start and stop any service without password
I'm not sure if visudo or sudoers.d can implement something like this but only for specific program like octoprint and for specific user, any others to not be allowed

I will try to dig a little bit more on this

I appreciate if somebody can tell me how is command shell executed by octoprint on reboot or daemon restart for example to be more clear in mind what i want to do

sz3bbylA · June 23, 2018, 12:09pm

I write again very fast for who is interesting in.

For octoprint daemon is more good:

user ALL=NOPASSWD: /usr/sbin/service octoprint *

this is happen only for octoprint service, not for all services in sistem

For reboot shutdown I think system cannot know from where command is, he know only to execute so

user ALL=NOPASSWD: /sbin/shutdown

thank you again for advice's, example taken from OutsourcedGuru post

I duplicate yesterday by mistake this post with another like
octoprint with user under linux

maybe somebody can delete it

airscapes · June 22, 2018, 11:58pm

Not sure what it will look like on Ubuntu, but on the octopi install the user pi is in the group sudo
root@octopi:~# grep sudo /etc/group
sudo:x:27:pi

Then the group sudo is in the /etc/suders file with allow all

Allow members of group sudo to execute any command

%sudo ALL=(ALL:ALL) ALL

Should be able to duplicate that in ubuntu I would think

qqgg231 · July 5, 2019, 10:43pm

I removed /root/bin: from /etc/sudoers

But I am still asked for password:

sudo nano /boot/octopi.txt
[sudo] password for pi:

How to solve this?

PrintedWeezl · July 6, 2019, 12:04am

just leave your sudoers file as it is and add

pi ALL=(ALL:ALL) NOPASSWD:ALL

at the end.

OutsourcedGuru · July 7, 2019, 11:13pm

That strikes me as a little dangerous. What if some rogue plugin author (like me perhaps...?) knew that you had this going.

It's better to specifically add a line for what you expect the pi user to need to run as root.

For example:

pi ALL=(ALL) NOPASSWD: /home/pi/oprint/lib/python2.7/site-packages/usbcontrol/bin/uhubctl

qqgg231 · July 9, 2019, 8:22am

@OutsourcedGuru
Somehow on Raspbian no password is required at all out of the box even without pi ALL=(ALL:ALL) NOPASSWD:ALL

What change is made to OctoPi image, so it behaves in this way?

foosel · July 9, 2019, 10:00am

github.com

guysoft/CustomPiOS/blob/a2bff88148c548ed7876d3dc48448fcf48ad5e45/src/modules/password-for-sudo/start_chroot_script

#!/usr/bin/env bash
# password-for-sudo
#
# Reverts Raspbian's default of allowing sudo to be always invoked without having to
# reenter the user's password.
#
# Written by Gina Häußge <gina@octoprint.org>
# GPL V3
########

set -ex

source /common.sh
install_cleanup_trap

# do NOT allow passwordless sudo for all commands for the user pi (taken from raspberrypi-sys-mods postinst script)
[ -f /etc/sudoers.d/010_pi-nopasswd ] && sed -e '/^pi/ s/^#*/#/' -i /etc/sudoers.d/010_pi-nopasswd