How to disable requiretty for a particular user

You will get an error like this if you execute some commands by "sudo -u username command" in a cron job or something else which doesn't have a tty device associated.
sudo: sorry, you must have a tty to run sudo
An easy solution is to comment out the below line in /etc/sudoers:

Defaults    requiretty
However this is system-wide and might be a security hole, thus we rather disable requiretty for a particular user,

Defaults:username !requiretty
i.e
Defaults:oracle !requiretty    #here we are disabling requiretty for the oracle account/user
SO ULTIMATELY I GUESS THE QUESTION WILL BE "WHAT IS REQUIRETTY?"
requiretty indicates that sudo may be used even if there is no interactive shell/session.
The security impact depends on the system settings. If apache can write to /etc/init.d/httpd or change the behaviour of the init scipt then the attacker can do just about everything.

Leave a Reply

Your email address will not be published. Required fields are marked *