Re: passwordless sudo

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


Am 30.11.2011 12:37, schrieb Emilio Lopez:
>> I'm trying to set up passwordless sudo for myself
> 
> Im not familiar with sudo, but doing it, sudo without password, is not
> a bad practice that allow any program
> to run anything as root without your knowledge, (calling sudo internally)???

yes it is normally a bad idea

but depends on what the user and script running under this
user are supposed to do - for role-accounts where you have
automatic batch-jobs which should start task as normal
user and needs sudo it is a good thing

[builduser@buildserver:~]$ cat /rpmbuild/SPECS/build-all.sh
#!/bin/bash

DATE_COMPILE_START=$(date "+%d.%m.%Y %H:%M:%S")

source /home/builduser/config.sh
cd /rpmbuild/SPECS/

QA_RPATHS=$[ 0x0001|0x0010 ] rpmbuild -bb GeoIP.spec
sudo yum --nogpgcheck -y localupdate /home/builduser/rpmbuild/RPMS/$RH_ARCH/*.rpm

rpmbuild -bb /home/builduser/rpmbuild/SPECS/httpd.spec
sudo yum --nogpgcheck -y localupdate /home/builduser/rpmbuild/RPMS/$RH_ARCH/*.rpm

QA_RPATHS=$[ 0x0001|0x0010 ] rpmbuild -bb /home/builduser/rpmbuild/SPECS/mod_security.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/mod_flvx.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/mod_bw.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/mod_bwshare.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/mod_h264_streaming.spec
sudo yum --nogpgcheck -y localupdate /home/builduser/rpmbuild/RPMS/$RH_ARCH/*.rpm

rpmbuild -bb /home/builduser/rpmbuild/SPECS/mysql.spec
sudo yum --nogpgcheck -y localupdate /home/builduser/rpmbuild/RPMS/$RH_ARCH/*.rpm

./build-all-php.sh

rpmbuild -bb /home/builduser/rpmbuild/SPECS/libmp4v2.spec
sudo yum --nogpgcheck -y localupdate /home/builduser/rpmbuild/RPMS/$RH_ARCH/*.rpm

rpmbuild -bb /home/builduser/rpmbuild/SPECS/x264.spec
sudo yum --nogpgcheck -y localupdate /home/builduser/rpmbuild/RPMS/$RH_ARCH/*.rpm

rpmbuild -bb /home/builduser/rpmbuild/SPECS/libquicktime.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/lame.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/faac.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/faad2.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/a52dec.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/libvpx.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/libmpdclient.spec
sudo yum --nogpgcheck -y localupdate /home/builduser/rpmbuild/RPMS/$RH_ARCH/*.rpm

rpmbuild -bb /home/builduser/rpmbuild/SPECS/pulsed.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/mpd.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/mpdscribble.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/ffmpeg.spec
sudo yum --nogpgcheck -y localupdate /home/builduser/rpmbuild/RPMS/$RH_ARCH/*.rpm

rpmbuild -bb /home/builduser/rpmbuild/SPECS/transcode.spec
sudo yum --nogpgcheck -y localupdate /home/builduser/rpmbuild/RPMS/$RH_ARCH/*.rpm

rpmbuild -bb /home/builduser/rpmbuild/SPECS/postfix.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/postgrey.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/dovecot.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/dbmail.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/dbmail-postfix-policyd.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/webalizer-xtended.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/mp3info.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/iat.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/aespipe.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/mysqltuner.spec

rpmbuild -bb /home/builduser/rpmbuild/SPECS/php-reader.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/php-manual-de.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/phpMyAdmin.spec

rpmbuild -bb /home/builduser/rpmbuild/SPECS/perl-class-std-fast.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/perl-soap-wsdl.spec
sudo yum --nogpgcheck -y localupdate /home/builduser/rpmbuild/RPMS/noarch/*.rpm

rpmbuild -bb /home/builduser/rpmbuild/SPECS/perl-net-dri.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/perl-IO-Socket-INET6.spec

rpmbuild -bb /home/builduser/rpmbuild/SPECS/netatalk.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/hylafax.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/iaxmodem.spec

sudo yum --nogpgcheck -y localupdate /home/builduser/rpmbuild/RPMS/$RH_ARCH/*.rpm
sudo yum --nogpgcheck -y localupdate /home/builduser/rpmbuild/RPMS/noarch/*.rpm

./build-horde.sh
sudo yum --nogpgcheck -y localupdate /home/builduser/rpmbuild/RPMS/noarch/*.rpm

DATE_COMPILE_FINISH=$(date "+%d.%m.%Y %H:%M:%S")
echo ""
echo "-----------------------------------------------"
echo $DATE_COMPILE_START
echo $DATE_COMPILE_FINISH
echo "-----------------------------------------------"

Attachment: signature.asc
Description: OpenPGP digital signature

-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux