[CentOS] OT: Scripting with sudo password

Wed Nov 14 21:16:41 UTC 2007
Andy Harrison <aharrison at gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



On 11/14/07, James A. Peltier  wrote:
> Completely off topic, but I'm sure someone out there is using scripts
> that require a sudo password of some sort, so I'll ask.
>
> What are people doing to automate tasks that required sudo passwords in
> order to run?  sudo without a password is not an option for me, but I
> would like to be able to enter the password once have it saved and then
> read back when sudo is required.
>
> something like
>
> run_on_all_hosts perform_sudo_command
> script prompts for password
> script lauches on all hosts and passes password when required.
>
> Any examples?

- From the man page:

       -S  The -S (stdin) option causes sudo to read the password from
the standard input instead of the terminal device.



Keep in mind this is still a VERY bad idea.  Anyone can see the
password just by using the ps command.

What I've done before is, on the remote host, set up a script that
runs periodically through cron or as a daemon that looks for files in
a particular directory.  The non-root user on the local machine only
has access to scp some files into their home directory on the remote
host.  So I would just have the remote host watch for files to appear
in this directory and then act accordingly.

- --
Andy Harrison
public key: 0x67518262
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org

iD8DBQFHO2XWNTm8fWdRgmIRAt1LAJ4lxdVRUgC9Y/RU2FVNctJsrIAcWwCfQKP1
M3sfc7NmZs61TWFzw7OMC74=
=I7hj
-----END PGP SIGNATURE-----