tony.chamberlain at lemko.com
2009-Oct-15 12:31 UTC
[CentOS] CentOS Digest, Vol 57, Issue 14
Thanks for the responses. I think this is what I want to do. I commented out
#Defaults requiretty
in /etc/sudo. But what I really wanted to do was just place it in VPNUSERS:
%vpnusers ALL=NOPASSWD: /sbin/service myciscovpn start, \
/sbin/service myciscovpn stop, \
/sbin/service myciscovpn status, \
/usr/bin/mycisco, /usr/local/bin/vpnclient
visudo took it but it did not work. Actually if I could just put it in
user tony that would be best:
tony ALL=(ALL) NOPASSWD: ALL !requiretty
But that gives a syntax error. What is the correct way to specify it?
-----Original Message-----> Well, I noticed that ssh/scp probably requires tty and when called
> from a script, its not from a tty.
>
> At least in my case which was drupal calling a script that lauched
> ssh, a non tty source.
>
> I also required running privileged commands.
>
> Mebbe you don't need all this so check your logs and see what happens.
>
My last job, I was setting up rsync backups. What I did was create a user,
backup, then in /etc/sudoers, have !requiretty *only* for that user. The
user was also limited in what commands it could run (in that case, rsync
only).
Don't forget to log in as that user first, so that you don't get the
"Oh,
This is a new IP, are you Sure you want to continue connecting?!?!"
mark
> Thanks for the responses. I think this is what I want to do. I commented > out > > #Defaults requiretty > > in /etc/sudo. But what I really wanted to do was just place it in > VPNUSERS: > > %vpnusers ALL=NOPASSWD: /sbin/service myciscovpn start, \ > /sbin/service myciscovpn stop, \ > /sbin/service myciscovpn status, \ > /usr/bin/mycisco, /usr/local/bin/vpnclient > > visudo took it but it did not work. Actually if I could just put it in > user tony that would be best: > > tony ALL=(ALL) NOPASSWD: ALL !requiretty > > But that gives a syntax error. What is the correct way to specify it?For one, I *hope* that you used visudo, and not just vi. Second, leave the Defaults: requiretty in, put tony as the very last thing in the file, and put Defaults: !requiretty just above it. mark> > -----Original Message----- >> Well, I noticed that ssh/scp probably requires tty and when called >> from a script, its not from a tty. >> >> At least in my case which was drupal calling a script that lauched >> ssh, a non tty source. >> >> I also required running privileged commands. >> >> Mebbe you don't need all this so check your logs and see what happens. >> > My last job, I was setting up rsync backups. What I did was create a user, > backup, then in /etc/sudoers, have !requiretty *only* for that user. The > user was also limited in what commands it could run (in that case, rsync > only). > > Don't forget to log in as that user first, so that you don't get the "Oh, > This is a new IP, are you Sure you want to continue connecting?!?!" > > mark > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >