[CentOS] sudo add user script

Thu Jul 18 10:48:02 UTC 2013
Mike Burger <mburger at bubbanfriends.org>

Consider using the NOPASSWD option, on the remote systems, to allow this
particular use to run this particular script.
-- 
Mike Burger
http://www.bubbanfriends.org

"It's always suicide-mission this, save-the-planet that. No one ever just
stops by to say 'hi' anymore." --Colonel Jack O'Neill, SG1


> Hello list,
>
>  I took another stab at finding a way to add a sudo user remotely and it
> gets you most of the way there. If you execute the script as root it works
> beautifully and does just what you want. Which is add the user  to the
> group and gives that user group rights to certain commands.
>
> But if you execute it as a user who only has sudo access to the
> /etc/sudoers file it errors out.
>
> cloud:~] bluethundr% ./add_sudo.sh
> reverse mapping checking getaddrinfo for $host failed - POSSIBLE BREAK-IN
> ATTEMPT!
> [sudo] password for bluethundr: Sorry, try again.
> [sudo] password for bluethundr: Sorry, try again.
> [sudo] password for bluethundr: Sorry, try again.
> sudo: 3 incorrect password attempts
> Connection to $host closed.
> 1
> reverse mapping checking getaddrinfo for $host failed - POSSIBLE BREAK-IN
> ATTEMPT!
> bash: /tmp/sudoers.tmp: Permission denied
> Connection $host to closed.
> 1
>
> The main problem is that the script doesn't enter the password.
>
> I'm attempting to echo the user's sudo pass in like this:
>
> $SSH -t  $USER@$HOST <http://host.jokefire.com/>  'echo $PASSWD | $SUDO -S
> $CP /etc/sudoers /tmp/sudoers-template'
>
>
> (of course I'm trying it out in my own environment before I try to use it
> in their environment).
>
>
> Here' s the script itself, I was hoping you could offer some help here:
>
> #!/bin/bash
>
> SSH='/usr/bin/ssh'
> ECHO='/bin/echo'
> TEE='/usr/bin/tee'
> SUDO='/usr/bin/sudo'
> VISUDO='/usr/sbin/visudo'
> CP='/bin/cp'
> CAT='/bin/cat'
> USER='user'
> HOST='beta'
> PASSWD='secret'
>
>
> $SSH -t  $USER@$HOST <http://host.jokefire.com/> 'echo $PASSWD | $SUDO -S
> $CP /etc/sudoers /tmp/sudoers-template'
>
>    echo $?
>
>      if [ $?  -eq 0  ]; then
>      $SSH -t  $USER@$HOST <http://host.jokefire.com/> 'echo $PASSWD |
> $SUDO
> -S  echo "%my_group  ALL=(root) NOPASSWD:   /sbin/service, /bin/rm,
> /usr/bin/du, /bin/df" > /tmp/sudoers.tmp'
>      echo $?
>
>
>      if [ $? -eq 0 ]; then
>      $SSH -t $USER@$HOST <http://host.jokefire.com/> "echo $PASSWD | $SUDO
> -S $CAT /tmp/sudoers.tmp | $TEE -a /tmp/sudoers-template"
>     echo $?
>
>    if [ $? -eq 0 ]; then
>
>    $SSH  $USER@$HOST <http://host.jokefire.com/>  "$VISUDO -cf
> '/tmp/sudoers-template' 2>&1 >& /dev/null"
>     echo $?
>
>     if [ $? -eq 0 ]; then
>       $SSH -t $USER@$HOST <http://host.jokefire.com/>   "echo $PASSWD |
> $SUDO -S  $CP '/etc/$SUDOers' '/tmp/sudoers.bak'"
>      echo $?
>
>        if [ $?  -eq 0 ]; then
>          $SSH -t $USER@$HOST <http://host.jokefire.com/>   "echo $PASSWD |
> $SUDO -S  $CP '/tmp/$SUDOers-template' '/etc/sudoers'"
>          echo $?
>
>          if [ $?  -eq 0 ]; then
>           $SSH -t $USER@$HOST <http://host.jokefire.com/>   "echo $PASSWD
> |
> $SUDO -S $VISUDO  -cf '/etc/sudoers'"
>
>          fi
>             if [ $?  -eq 0 ]; then
>               $ECHO -e "You have successfully added the user to sudoers"
>             fi
>         fi
>        fi
>     fi
>    fi
> fi
>
>
>
> Thanks!
>
> --
> GPG me!!
>
> gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>