Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Allow Vagrant sudo-access without password for NFS-setup
#!/bin/bash
# Script for placing sudoers.d files with syntax-checking
if [ -z "$1" ]; then
# Making a temporary file to contain the sudoers-changes to be pre-checked
TMP=$(mktemp)
cat > $TMP <<EOF
Cmnd_Alias VAGRANT_EXPORTS_ADD = /bin/su root -c echo '*' >> /etc/exports
Cmnd_Alias VAGRANT_NFSD = /etc/init.d/nfs-kernel-server restart
Cmnd_Alias VAGRANT_EXPORTS_REMOVE = /bin/sed -e /*/ d -ibak /etc/exports
%admin ALL=(root) NOPASSWD: VAGRANT_EXPORTS_ADD, VAGRANT_NFSD, VAGRANT_EXPORTS_REMOVE
EOF
# Check if the changes we want are OK
visudo -c -f $TMP
if [ $? -eq 0 ]; then
# This computes! Starting up visudo with this script as first parameter
export EDITOR=$0 && export FILE_OK=$TMP && sudo -E visudo -f /etc/sudoers.d/vagrant_sudoers
fi
else
# Copying changes to the visudo-managed tmp-file
cat $FILE_OK | tee -a $1
rm -f $FILE_OK
fi
# Exiting, visudo will check syntax again (which we already know is OK)
@benbor

This comment has been minimized.

Copy link

benbor commented Oct 9, 2014

@beddari, hi
Unfortunately, it doesn't work for MacOS Maveriks:(

./install_vagrant_sudoers.sh: line 7: $TMP: ambiguous redirect
visudo: option requires an argument -- f
usage: visudo [-chqsV] [-f sudoers]
@chadhs

This comment has been minimized.

Copy link

chadhs commented Mar 11, 2015

give adding this a shot when you edit with visudo:

%admin ALL=(root) NOPASSWD: /etc/init.d/nfs-kernel-server restart
@cornelisonc

This comment has been minimized.

Copy link

cornelisonc commented May 21, 2015

@benbor you can fix that by replacing line 6 with this:

TMP=$(mktemp $TMPDIR/$(uuidgen))

@fastzombies

This comment has been minimized.

Copy link

fastzombies commented Oct 26, 2016

How is this supposed to work? EDITOR=$0 causes:
visudo: specified editor (install_vagrant_sudoers.sh) doesn't exist

I can replace $0 with vim but I then get an empty vim shell. I'm trying to use on CentOS7.

@fastzombies

This comment has been minimized.

Copy link

fastzombies commented Oct 26, 2016

So I replace $0 with /usr/bin/vim. Then in vim I :r /tmp/tmp.84SDwQ834 or whatever $TMP is and :wq and now I get /etc/sudoer.d/vagrant_sudoers. However, I still get prompted for sudo with everything.

I'm a bit new to Vagrant so I welcome some tips.

@fastzombies

This comment has been minimized.

Copy link

fastzombies commented Oct 26, 2016

I am also using libvirt. This ended up being the solution:

# Enable passwordless libvirt
pkaction --verbose --action-id org.libvirt.unix.manage

sudo tee /etc/polkit-1/localauthority/50-local.d/50-org.libvirt-access.pkla << 'EOF'

[libvirt Admin Access]
Identity=unix-group:virt
Action=org.libvirt.unix.manage
ResultAny=yes
ResultInactive=yes
ResultActive=yes
EOF

sudo groupadd virt
sudo usermod -aG virt $USER

tee -a ~/.bash_aliases << 'EOF'
if test -x `type -p virsh`; then
    export LIBVIRT_DEFAULT_URI=qemu:///system
fi
EOF
@mcandre

This comment has been minimized.

Copy link

mcandre commented Oct 21, 2017

Hmm, for some reason I still get repeated password prompts for vagrant after running this script.

I'm using macOS Sierra.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.