Consider using the NOPASSWD option, on the remote systems, to allow this particular use to run this particular script. -- Mike Burger http://www.bubbanfriends.org "It's always suicide-mission this, save-the-planet that. No one ever just stops by to say 'hi' anymore." --Colonel Jack O'Neill, SG1 > Hello list, > > I took another stab at finding a way to add a sudo user remotely and it > gets you most of the way there. If you execute the script as root it works > beautifully and does just what you want. Which is add the user to the > group and gives that user group rights to certain commands. > > But if you execute it as a user who only has sudo access to the > /etc/sudoers file it errors out. > > cloud:~] bluethundr% ./add_sudo.sh > reverse mapping checking getaddrinfo for $host failed - POSSIBLE BREAK-IN > ATTEMPT! > [sudo] password for bluethundr: Sorry, try again. > [sudo] password for bluethundr: Sorry, try again. > [sudo] password for bluethundr: Sorry, try again. > sudo: 3 incorrect password attempts > Connection to $host closed. > 1 > reverse mapping checking getaddrinfo for $host failed - POSSIBLE BREAK-IN > ATTEMPT! > bash: /tmp/sudoers.tmp: Permission denied > Connection $host to closed. > 1 > > The main problem is that the script doesn't enter the password. > > I'm attempting to echo the user's sudo pass in like this: > > $SSH -t $USER@$HOST <http://host.jokefire.com/> 'echo $PASSWD | $SUDO -S > $CP /etc/sudoers /tmp/sudoers-template' > > > (of course I'm trying it out in my own environment before I try to use it > in their environment). > > > Here' s the script itself, I was hoping you could offer some help here: > > #!/bin/bash > > SSH='/usr/bin/ssh' > ECHO='/bin/echo' > TEE='/usr/bin/tee' > SUDO='/usr/bin/sudo' > VISUDO='/usr/sbin/visudo' > CP='/bin/cp' > CAT='/bin/cat' > USER='user' > HOST='beta' > PASSWD='secret' > > > $SSH -t $USER@$HOST <http://host.jokefire.com/> 'echo $PASSWD | $SUDO -S > $CP /etc/sudoers /tmp/sudoers-template' > > echo $? > > if [ $? -eq 0 ]; then > $SSH -t $USER@$HOST <http://host.jokefire.com/> 'echo $PASSWD | > $SUDO > -S echo "%my_group ALL=(root) NOPASSWD: /sbin/service, /bin/rm, > /usr/bin/du, /bin/df" > /tmp/sudoers.tmp' > echo $? > > > if [ $? -eq 0 ]; then > $SSH -t $USER@$HOST <http://host.jokefire.com/> "echo $PASSWD | $SUDO > -S $CAT /tmp/sudoers.tmp | $TEE -a /tmp/sudoers-template" > echo $? > > if [ $? -eq 0 ]; then > > $SSH $USER@$HOST <http://host.jokefire.com/> "$VISUDO -cf > '/tmp/sudoers-template' 2>&1 >& /dev/null" > echo $? > > if [ $? -eq 0 ]; then > $SSH -t $USER@$HOST <http://host.jokefire.com/> "echo $PASSWD | > $SUDO -S $CP '/etc/$SUDOers' '/tmp/sudoers.bak'" > echo $? > > if [ $? -eq 0 ]; then > $SSH -t $USER@$HOST <http://host.jokefire.com/> "echo $PASSWD | > $SUDO -S $CP '/tmp/$SUDOers-template' '/etc/sudoers'" > echo $? > > if [ $? -eq 0 ]; then > $SSH -t $USER@$HOST <http://host.jokefire.com/> "echo $PASSWD > | > $SUDO -S $VISUDO -cf '/etc/sudoers'" > > fi > if [ $? -eq 0 ]; then > $ECHO -e "You have successfully added the user to sudoers" > fi > fi > fi > fi > fi > fi > > > > Thanks! > > -- > GPG me!! > > gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >