[CentOS] CentOS Digest, Vol 57, Issue 14

tony.chamberlain at lemko.com tony.chamberlain at lemko.com
Thu Oct 15 13:31:12 UTC 2009


Thanks for the responses.  I think this is what I want to do. I commented out

           #Defaults    requiretty

in /etc/sudo.  But what I really wanted to do was just place it in VPNUSERS:

     %vpnusers     ALL=NOPASSWD: /sbin/service myciscovpn start, \
                 /sbin/service myciscovpn stop,  \
                 /sbin/service myciscovpn status, \
                 /usr/bin/mycisco, /usr/local/bin/vpnclient

visudo took it but it did not work.  Actually if I could just put it in
user tony that would be best:

  tony            ALL=(ALL)       NOPASSWD: ALL !requiretty

But that gives a syntax error.  What is the correct way to specify it?

-----Original Message-----
> Well, I noticed that ssh/scp probably requires tty and when called
> from a script, its not from a tty.
>
> At least in my case which was drupal calling a script that lauched
> ssh, a non tty source.
>
> I also required running privileged commands.
>
> Mebbe you don't need all this so check your logs and see what happens.
>
My last job, I was setting up rsync backups. What I did was create a user,
backup, then in /etc/sudoers, have !requiretty *only* for that user. The
user was also limited in what commands it could run (in that case, rsync
only).

Don't forget to log in as that user first, so that you don't get the "Oh,
This is a new IP, are you Sure you want to continue connecting?!?!"

mark




More information about the CentOS mailing list