[CentOS] remote sudo script

zGreenfelder zgreenfelder at gmail.com
Tue Oct 8 04:47:40 UTC 2013


On Mon, Oct 7, 2013 at 10:51 PM, Tim Dunphy <bluethundr at gmail.com> wrote:

> Hey guys,
>
>
> I'm trying to write a simple bash script that will cp a configuration file
> to a backup (with the date) remotely to a bunch of machines, using sudo
> with ssh.
>
> I notice that if I run the commands individually, they both work (albeit
> with some strange output I'd like to suppress):
>
> [tdunphy at MIAGRBISSH01V ~]$ ssh -q -t -t -t MIAGRBIORCA00V  sudo -S 'cp -v
> /data/solr-4.3.1/zoe/etc/logback.xml /tmp/logback.xml-${i}-$(date
> +%Y%m%d).bak' <<EOF
> > secret_sauce
> > EOF
> tcgetattr: Inappropriate ioctl for device
> `/data/solr-4.3.1/zoe/etc/logback.xml' -> `/tmp/logback.xml--20131007.bak'
>
>
> [tdunphy at MIAGRBISSH01V ~]$ ssh -q -t -t -t MIAGRBIORCA00V  sudo -S 'ls -l
> /home/tdunphy/logback.xml-${i}-$(date +%Y%m%d).bak' <<EOF
> > secret_sauce
> > EOF
> tcgetattr: Inappropriate ioctl for device
> -rw-r--r-- 1 root root 3372 Oct  7 22:07
> /home/tdunphy/logback.xml--20131007.bak
>
> The best part of the above is that I am passing my password (secret_sauce -
> not my real one for obvious reasons) to sudo and having the command
> executed.
>
> One thing I'd like to be able to figure out is how to suppress this
> message, which is a little distracting and useless to the process:
>
> tcgetattr: Inappropriate ioctl for device
>
> But more importantly, when I try to pop the above two working statements
> from the command line into a script, the following occurs:
>
> [tdunphy at MIAGRBISSH01V ~]$ for i in MIAGRBIORCA0{0..9}V
> MIAGRBIORCA1{0..2}V
> >
> > do
> >
> > ssh -q -t -t -t $i sudo -S 'cp -v /data/solr-4.3.1/zoe/etc/logback.xml
> /tmp/logback.xml-${i}-$(date +%Y%m%d).bak' <<EOF
> > secret_sauce
> > EOF
> >
> > ssh -q -t -t -t $i sudo -S 'ls -l  /home/tdunphy/logback.xml-${i}-$(date
> +%Y%m%d).bak' <<EOF
> > secret_sauce
> > EOF
> >
> > done
> tcgetattr: Inappropriate ioctl for device
> `/data/solr-4.3.1/zoe/etc/logback.xml' -> `/tmp/logback.xml--20131007.bak'
> tcgetattr: Inappropriate ioctl for device
> -rw-r--r-- 1 root root 3372 Oct  7 22:07
> /home/tdunphy/logback.xml--20131007.bak
> tcgetattr: Inappropriate ioctl for device
> [sudo] password for tdunphy:
>
> For some reason the <<EOF password EOF routine is not working to provide
> the password to sudo the way I was able to when running the commands
> individually.
>
> Any thoughts on how I should be going about this?
>
>
2 things I'd consider (and yes, before someone starts that 'that's not
nearly secure enough!' debate, 1 isn't great security, but every place has
different levels of acceptable, so it might pass for some while it'd never
fly for others)
1. change your ID/to an ID that doesn't have to supply a password to sudo
commands   e.g. has the NOPASSWD option set in sudoers file.
2. change up to expect.  it's a little wonky and different from other
scripting languages, but it's really made for this sort of thing.

-- 
Even the Magic 8 ball has an opinion on email clients: Outlook not so good.



More information about the CentOS mailing list