[CentOS] OT: Scripting with sudo password
Andy Harrison
aharrison at gmail.com
Wed Nov 14 21:16:41 UTC 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 11/14/07, James A. Peltier wrote:
> Completely off topic, but I'm sure someone out there is using scripts
> that require a sudo password of some sort, so I'll ask.
>
> What are people doing to automate tasks that required sudo passwords in
> order to run? sudo without a password is not an option for me, but I
> would like to be able to enter the password once have it saved and then
> read back when sudo is required.
>
> something like
>
> run_on_all_hosts perform_sudo_command
> script prompts for password
> script lauches on all hosts and passes password when required.
>
> Any examples?
- From the man page:
-S The -S (stdin) option causes sudo to read the password from
the standard input instead of the terminal device.
Keep in mind this is still a VERY bad idea. Anyone can see the
password just by using the ps command.
What I've done before is, on the remote host, set up a script that
runs periodically through cron or as a daemon that looks for files in
a particular directory. The non-root user on the local machine only
has access to scp some files into their home directory on the remote
host. So I would just have the remote host watch for files to appear
in this directory and then act accordingly.
- --
Andy Harrison
public key: 0x67518262
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org
iD8DBQFHO2XWNTm8fWdRgmIRAt1LAJ4lxdVRUgC9Y/RU2FVNctJsrIAcWwCfQKP1
M3sfc7NmZs61TWFzw7OMC74=
=I7hj
-----END PGP SIGNATURE-----
More information about the CentOS
mailing list