[CentOS] OT: Scripting with sudo password

Andy Harrison aharrison at gmail.com
Wed Nov 14 21:16:41 UTC 2007

Hash: SHA1

On 11/14/07, James A. Peltier  wrote:
> Completely off topic, but I'm sure someone out there is using scripts
> that require a sudo password of some sort, so I'll ask.
> What are people doing to automate tasks that required sudo passwords in
> order to run?  sudo without a password is not an option for me, but I
> would like to be able to enter the password once have it saved and then
> read back when sudo is required.
> something like
> run_on_all_hosts perform_sudo_command
> script prompts for password
> script lauches on all hosts and passes password when required.
> Any examples?

- From the man page:

       -S  The -S (stdin) option causes sudo to read the password from
the standard input instead of the terminal device.

Keep in mind this is still a VERY bad idea.  Anyone can see the
password just by using the ps command.

What I've done before is, on the remote host, set up a script that
runs periodically through cron or as a daemon that looks for files in
a particular directory.  The non-root user on the local machine only
has access to scp some files into their home directory on the remote
host.  So I would just have the remote host watch for files to appear
in this directory and then act accordingly.

- --
Andy Harrison
public key: 0x67518262
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org


More information about the CentOS mailing list