Re: OT: Scripting with sudo password

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

Robert Spangler wrote:

On Wed November 14 2007 14:41, James A. Peltier wrote:


 Completely off topic, but I'm sure someone out there is using scripts
 that require a sudo password of some sort, so I'll ask.

 What are people doing to automate tasks that required sudo passwords in
 order to run?  sudo without a password is not an option for me, but I
 would like to be able to enter the password once have it saved and then
 read back when sudo is required.


Question for you then, why is sudo without a password not an option?
Because it makes the maintanance of our already very large sudoers file that much more complex. Many of my users want to be able to do this not just one or two. They want to do it for various tasks not just some subset of tasks (ie sudo which is outlined here). I probably should have been more precise
Check the man pages of sudoers. It is possible to setup a sudo user that is only allowed to run a set of command. This in effect only allows the user to run that one program (or as many as you setup) as sudo and no other. 

I was already well aware of that option but it doesn't work here.
This has to be better then reading a password file that is lying around on a disk somewhere.
The password would not be kept on disk as was pointed out in my first e-mail. The user would be prompted *once* for the password which would then be passed to any number of tasks. A good example would be a clusterssh session that requires a password to authenticate against some software such as sudo.
I think I'm going to have to look into expect or python-pexpect to accomplish what I want, but thought I would just put it out there to see what others are doing or have done. 

--
James A. Peltier
Technical Director, RHCE
SCIRF | GrUVi @ Simon Fraser University - Burnaby Campus
Phone   : 778-782-3610
Fax     : 778-782-3045
Mobile  : 778-840-6434
E-Mail  : jpeltier@xxxxxxxxx
Website : http://gruvi.cs.sfu.ca | http://scirf.cs.sfu.ca
MSN     : subatomic_spam@xxxxxxxxxxx
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux