[CentOS] CentOS Digest, Vol 57, Issue 14

m.roth at 5-cent.us m.roth at 5-cent.us
Thu Oct 15 14:41:16 UTC 2009


> Thanks for the responses.  I think this is what I want to do. I commented
> out
>
>            #Defaults    requiretty
>
> in /etc/sudo.  But what I really wanted to do was just place it in
> VPNUSERS:
>
>      %vpnusers     ALL=NOPASSWD: /sbin/service myciscovpn start, \
>                  /sbin/service myciscovpn stop,  \
>                  /sbin/service myciscovpn status, \
>                  /usr/bin/mycisco, /usr/local/bin/vpnclient
>
> visudo took it but it did not work.  Actually if I could just put it in
> user tony that would be best:
>
>   tony            ALL=(ALL)       NOPASSWD: ALL !requiretty
>
> But that gives a syntax error.  What is the correct way to specify it?

For one, I *hope* that you used visudo, and not just vi.

Second, leave the Defaults: requiretty in, put tony as the very last thing
in the file, and put Defaults: !requiretty just above it.

      mark
>
> -----Original Message-----
>> Well, I noticed that ssh/scp probably requires tty and when called
>> from a script, its not from a tty.
>>
>> At least in my case which was drupal calling a script that lauched
>> ssh, a non tty source.
>>
>> I also required running privileged commands.
>>
>> Mebbe you don't need all this so check your logs and see what happens.
>>
> My last job, I was setting up rsync backups. What I did was create a user,
> backup, then in /etc/sudoers, have !requiretty *only* for that user. The
> user was also limited in what commands it could run (in that case, rsync
> only).
>
> Don't forget to log in as that user first, so that you don't get the "Oh,
> This is a new IP, are you Sure you want to continue connecting?!?!"
>
> mark
>
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>




More information about the CentOS mailing list