Consider using the NOPASSWD option, on the remote systems, to allow this
particular use to run this particular script.
--
Mike Burger
http://www.bubbanfriends.org
"It's always suicide-mission this, save-the-planet that. No one ever just
stops by to say 'hi' anymore." --Colonel Jack O'Neill, SG1
> Hello list,
>
> I took another stab at finding a way to add a sudo user remotely and it
> gets you most of the way there. If you execute the script as root it works
> beautifully and does just what you want. Which is add the user to the
> group and gives that user group rights to certain commands.
>
> But if you execute it as a user who only has sudo access to the
> /etc/sudoers file it errors out.
>
> cloud:~] bluethundr% ./add_sudo.sh
> reverse mapping checking getaddrinfo for $host failed - POSSIBLE BREAK-IN
> ATTEMPT!
> [sudo] password for bluethundr: Sorry, try again.
> [sudo] password for bluethundr: Sorry, try again.
> [sudo] password for bluethundr: Sorry, try again.
> sudo: 3 incorrect password attempts
> Connection to $host closed.
> 1
> reverse mapping checking getaddrinfo for $host failed - POSSIBLE BREAK-IN
> ATTEMPT!
> bash: /tmp/sudoers.tmp: Permission denied
> Connection $host to closed.
> 1
>
> The main problem is that the script doesn't enter the password.
>
> I'm attempting to echo the user's sudo pass in like this:
>
> $SSH -t $USER@$HOST <http://host.jokefire.com/> 'echo $PASSWD | $SUDO -S
> $CP /etc/sudoers /tmp/sudoers-template'
>
>
> (of course I'm trying it out in my own environment before I try to use it
> in their environment).
>
>
> Here' s the script itself, I was hoping you could offer some help here:
>
> #!/bin/bash
>
> SSH='/usr/bin/ssh'
> ECHO='/bin/echo'
> TEE='/usr/bin/tee'
> SUDO='/usr/bin/sudo'
> VISUDO='/usr/sbin/visudo'
> CP='/bin/cp'
> CAT='/bin/cat'
> USER='user'
> HOST='beta'
> PASSWD='secret'
>
>
> $SSH -t $USER@$HOST <http://host.jokefire.com/> 'echo $PASSWD | $SUDO -S
> $CP /etc/sudoers /tmp/sudoers-template'
>
> echo $?
>
> if [ $? -eq 0 ]; then
> $SSH -t $USER@$HOST <http://host.jokefire.com/> 'echo $PASSWD |
> $SUDO
> -S echo "%my_group ALL=(root) NOPASSWD: /sbin/service, /bin/rm,
> /usr/bin/du, /bin/df" > /tmp/sudoers.tmp'
> echo $?
>
>
> if [ $? -eq 0 ]; then
> $SSH -t $USER@$HOST <http://host.jokefire.com/> "echo $PASSWD | $SUDO
> -S $CAT /tmp/sudoers.tmp | $TEE -a /tmp/sudoers-template"
> echo $?
>
> if [ $? -eq 0 ]; then
>
> $SSH $USER@$HOST <http://host.jokefire.com/> "$VISUDO -cf
> '/tmp/sudoers-template' 2>&1 >& /dev/null"
> echo $?
>
> if [ $? -eq 0 ]; then
> $SSH -t $USER@$HOST <http://host.jokefire.com/> "echo $PASSWD |
> $SUDO -S $CP '/etc/$SUDOers' '/tmp/sudoers.bak'"
> echo $?
>
> if [ $? -eq 0 ]; then
> $SSH -t $USER@$HOST <http://host.jokefire.com/> "echo $PASSWD |
> $SUDO -S $CP '/tmp/$SUDOers-template' '/etc/sudoers'"
> echo $?
>
> if [ $? -eq 0 ]; then
> $SSH -t $USER@$HOST <http://host.jokefire.com/> "echo $PASSWD
> |
> $SUDO -S $VISUDO -cf '/etc/sudoers'"
>
> fi
> if [ $? -eq 0 ]; then
> $ECHO -e "You have successfully added the user to sudoers"
> fi
> fi
> fi
> fi
> fi
> fi
>
>
>
> Thanks!
>
> --
> GPG me!!
>
> gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos
>
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
