Completely off topic, but I'm sure someone out there is using scripts that require a sudo password of some sort, so I'll ask. What are people doing to automate tasks that required sudo passwords in order to run? sudo without a password is not an option for me, but I would like to be able to enter the password once have it saved and then read back when sudo is required. something like run_on_all_hosts perform_sudo_command script prompts for password script lauches on all hosts and passes password when required. Any examples? -- James A. Peltier Technical Director, RHCE SCIRF | GrUVi @ Simon Fraser University - Burnaby Campus Phone : 778-782-3610 Fax : 778-782-3045 Mobile : 778-840-6434 E-Mail : jpeltier at cs.sfu.ca Website : http://gruvi.cs.sfu.ca | http://scirf.cs.sfu.ca MSN : subatomic_spam at hotmail.com
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/14/07, James A. Peltier wrote:> Completely off topic, but I'm sure someone out there is using scripts > that require a sudo password of some sort, so I'll ask. > > What are people doing to automate tasks that required sudo passwords in > order to run? sudo without a password is not an option for me, but I > would like to be able to enter the password once have it saved and then > read back when sudo is required. > > something like > > run_on_all_hosts perform_sudo_command > script prompts for password > script lauches on all hosts and passes password when required. > > Any examples?- From the man page: -S The -S (stdin) option causes sudo to read the password from the standard input instead of the terminal device. Keep in mind this is still a VERY bad idea. Anyone can see the password just by using the ps command. What I've done before is, on the remote host, set up a script that runs periodically through cron or as a daemon that looks for files in a particular directory. The non-root user on the local machine only has access to scp some files into their home directory on the remote host. So I would just have the remote host watch for files to appear in this directory and then act accordingly. - -- Andy Harrison public key: 0x67518262 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: http://firegpg.tuxfamily.org iD8DBQFHO2XWNTm8fWdRgmIRAt1LAJ4lxdVRUgC9Y/RU2FVNctJsrIAcWwCfQKP1 M3sfc7NmZs61TWFzw7OMC74=I7hj -----END PGP SIGNATURE-----
On Wed November 14 2007 14:41, James A. Peltier wrote:> Completely off topic, but I'm sure someone out there is using scripts > that require a sudo password of some sort, so I'll ask. > > What are people doing to automate tasks that required sudo passwords in > order to run? sudo without a password is not an option for me, but I > would like to be able to enter the password once have it saved and then > read back when sudo is required.Question for you then, why is sudo without a password not an option? Check the man pages of sudoers. It is possible to setup a sudo user that is only allowed to run a set of command. This in effect only allows the user to run that one program (or as many as you setup) as sudo and no other. This has to be better then reading a password file that is lying around on a disk somewhere.> Any examples?Plenty in the man pages. -- Regards Robert Smile... it increases your face value!
You can use expect man expect. You can also export ssh key of regular user to do remote then su to root put everything on expect. On 11/14/07, James A. Peltier <jpeltier at cs.sfu.ca> wrote:> Completely off topic, but I'm sure someone out there is using scripts > that require a sudo password of some sort, so I'll ask. > > What are people doing to automate tasks that required sudo passwords in > order to run? sudo without a password is not an option for me, but I > would like to be able to enter the password once have it saved and then > read back when sudo is required. > > something like > > run_on_all_hosts perform_sudo_command > script prompts for password > script lauches on all hosts and passes password when required. > > Any examples? > > -- > James A. Peltier > Technical Director, RHCE > SCIRF | GrUVi @ Simon Fraser University - Burnaby Campus > Phone : 778-782-3610 > Fax : 778-782-3045 > Mobile : 778-840-6434 > E-Mail : jpeltier at cs.sfu.ca > Website : http://gruvi.cs.sfu.ca | http://scirf.cs.sfu.ca > MSN : subatomic_spam at hotmail.com > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >-- sometimes truth is stranger than fiction -bad religion- http://www.bloglines.com/blog/mailist