Ask Your Question

Run sudo dnf -y update without password

asked 2018-10-17 10:26:53 -0500

RobR gravatar image

I'm sure this has been answered but I can not find the response anywhere.

I am trying to edit my sudoers file so that anyone can run sudo dnf -y update without entering the sudo password. I have found examples for many other commands but none for this. The goal is to run this at startup so my system always checks for updates (I hate using dragora).

I put this line in sudoers (edited with text editor as root):

ALL localhost = NOPASSWD: 'sudo dnf -y update' (also tried just sudo dnf -y update without the ')

when I try to run the command i get a parse in sudoers at line 99 (where I put this line) error message and it asks for the password. Can I do what I am trying to do? What would the correct syntax be? Can I just automatically have the system run this command in terminal at startup?

I have been running Fedora for about a year now and this is the first issue I have had no luck solving.

Thanks for any help!

edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted

answered 2018-10-17 14:48:30 -0500

sideburns gravatar image

Just to show how versatile bash is, here's a way to do what you want without using sudo: create a file as root, let's say /usr/local/update that looks like this:

#! /bin/bash

dnf -y update

Then, still as root, run chmod /usr/local/update +x, +s /usr/local/update which means that anybody can execute the file as though they were the file's owner, allowing them to update your system without needing to enter a password. (I picked /usr/local because it's on the default path.) Which way you use depends on your own personal taste, of course, but I find the above to be a bit more elegant. YMMV and probably does.

edit flag offensive delete link more


That is not supposed to work as the suid bit should be ignored for scripts.

villykruse gravatar imagevillykruse ( 2018-10-18 00:13:51 -0500 )edit

Well, I'll admit that I haven't actually tried it.

sideburns gravatar imagesideburns ( 2018-10-18 01:47:05 -0500 )edit

"Beware of bugs in the above code; I have only proved it correct, not tried it." Quoted from Donald Knuth

villykruse gravatar imagevillykruse ( 2018-10-18 04:48:36 -0500 )edit

In my defense, Wikipedia says that "many operating systems" ignore the suid bit on scripts, not that all do. Do you happen to know if Fedora Linux does?

sideburns gravatar imagesideburns ( 2018-10-18 17:58:32 -0500 )edit

From man execve:

Linux ignores the set-user-ID and set-group-ID bits on scripts.

I can imagine that support for set-user-id on scripts was supported on 30 year old BSD systems, but not on anything newer than that. The perl language used to have the suidperl trick to gain root provileges, but that has been discontinued long ago.

villykruse gravatar imagevillykruse ( 2018-10-19 01:11:48 -0500 )edit

answered 2018-10-17 12:17:45 -0500

hhlp gravatar image

updated 2018-10-17 12:22:19 -0500

@RobR try this , -> ALL localhost = NOPASSWD: /bin/dnf update or ALL localhost=/bin/dnf updateor even better %user ALL=(ALL) NOPASSWD:/usr/bin/dnf update ->

edit flag offensive delete link more


THANK YOU! Adding the path worked perfectly!

RobR gravatar imageRobR ( 2018-10-17 13:08:16 -0500 )edit

Question Tools

1 follower


Asked: 2018-10-17 10:26:53 -0500

Seen: 557 times

Last updated: Oct 17 '18