[CentOS] OT: Scripting with sudo password

Thu Nov 15 01:04:46 UTC 2007
James A. Peltier <jpeltier at cs.sfu.ca>

Robert Spangler wrote:
> On Wed November 14 2007 14:41, James A. Peltier wrote:
>>  Completely off topic, but I'm sure someone out there is using scripts
>>  that require a sudo password of some sort, so I'll ask.
>>  What are people doing to automate tasks that required sudo passwords in
>>  order to run?  sudo without a password is not an option for me, but I
>>  would like to be able to enter the password once have it saved and then
>>  read back when sudo is required.
> Question for you then, why is sudo without a password not an option?

Because it makes the maintanance of our already very large sudoers file 
that much more complex.  Many of my users want to be able to do this not 
just one or two.  They want to do it for various tasks not just some 
subset of tasks (ie sudo which is outlined here).  I probably should 
have been more precise

> Check the man pages of sudoers.  It is possible to setup a sudo user that is 
> only allowed to run a set of command.  This in effect only allows the user to 
> run that one program (or as many as you setup) as sudo and no other.

I was already well aware of that option but it doesn't work here.

> This has to be better then reading a password file that is lying around on a 
> disk somewhere.

The password would not be kept on disk as was pointed out in my first 
e-mail.  The user would be prompted *once* for the password which would 
then be passed to any number of tasks.  A good example would be a 
clusterssh session that requires a password to authenticate against some 
software such as sudo.

I think I'm going to have to look into expect or python-pexpect to 
accomplish what I want, but thought I would just put it out there to see 
what others are doing or have done.

James A. Peltier
Technical Director, RHCE
SCIRF | GrUVi @ Simon Fraser University - Burnaby Campus
Phone   : 778-782-3610
Fax     : 778-782-3045
Mobile  : 778-840-6434
E-Mail  : jpeltier at cs.sfu.ca
Website : http://gruvi.cs.sfu.ca | http://scirf.cs.sfu.ca
MSN     : subatomic_spam at hotmail.com