hmm :"),
sorry i didn mentioned it.. this is a part of a script that does many other things..I want a script not a manualy doing this
And SUDO usage is the thing that guerantees security.. as many of u know giving root direct ssh access is not a good thing..i dont do it too :")
it has to always happen trought other user i.e. log as user X and switch to root only if nececary.
Now sudo is the only secure way to give non-root users some privileges, but not all.
Here comes the next barier i.e. the use of keychain(ssh-askpasswd! and so) which prevents multiple time entering password and doesnt transffer passwords over the wire.
In fact there is no other good secure method for restarting services automaticly via scripts over the network. I searched alot :"). if u know other way pls tell me
So back on the problem SUDO for some reason when ask for a password displays the password at the time I type it.
When I was doing this in shell script I solved the problem by specifyng "-t" switch. (with it the password is not shown while I type it.)
Now this trick doesnt work under perl. And from the responses and from my google search it seem to be really tricky thing...
| [reply] |
Way OT here, but there is a huge difference between using ssh as root and using ssh as a normal user who has sudo privileges.
While the differences are too numerous to mention, it is important to remember root is all-powerful. Period. No questions asked.
sudo is highly configurable as to which user/group can do what. You can fine-tune which user can do X, which group can do Y, etc.
I'll take 1,000 users with sudo privileges over 1,000 users logging in as root any day. At a minimum, I can look at the logs and see who did what, as opposed to thousands of entries showing root logging in, and then one entry where root rm -rf /.
If things get any worse, I'll have to ask you to stop helping me.
| [reply] |
sudo is highly configurable as to which user/group can do what. You can fine-tune which user can do X, which group can do Y, etc.
Agreed, but once I convinced the system admin that I had to do sudo make to compile some program. Having obtained the sudo access, I made a simple Makefile that called a script that modified the sudoer file, and gave me total control of the system. :-)
| [reply] [d/l] |
Given that /etc/sudoers is supposed to be read-only (444), this smacks of an insecure installation.
However, my point was not that sudo is perfection, only that it is far more preferable to allowing root access to ssh.
If things get any worse, I'll have to ask you to stop helping me.
| [reply] |