Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Clusterssh, should be the one. But any idea whether it could be scripted to execute some commands as root on a bunch. I cannot do a ssh key exchange for root.
Clusterssh, should be the one. But any idea whether it could be scripted to execute some commands as root on a bunch. I cannot do a ssh key exchange for root.
Cheers!!
You don't need to, as long as there's a remote user who can sudo
either w/o password, or with the same password on all clients.
The beauty of clusterssh is that you can do the "same interactive
command simultaneously on all machines" (of course, that's a danger,
too, if you fat-finger something and e.g. break networking on all
of them in one fell swoop)...
Tink, I don't mind having the root password in a file and feed it into a script, delete it after the activity is done. When i configure sudo, that user will have access to run any script with the name given in the sudoers file. Security guys will not be happy with that isn't it?. What do you think?
All other apps life cfengine, puppet, etc. They need to have a agen running on the clients am i right?. Is it possible for me to push a script and execute them as root in these?.
Tink, I don't mind having the root password in a file and feed it into a script, delete it after the activity is done. When i configure sudo, that user will have access to run any script with the name given in the sudoers file.
Who said? That's certainly not how sudo is normally implemented.
sudo will execute the binary given with full path in sudoers file
if it happens to be in the search PATH of the user. He will not
be able to e.g. make a script called if-down-eth0 in his home and
run that using sudo.
Quote:
Originally Posted by earlysame55
Security guys will not be happy with that isn't it?. What do you think?
No, they wouldn't. Thank the Lord for coders with some brains, though.
The above line means user1 could run the /home/user1/runitnow without any password as root. Am i right ?
Then when this script exists, anyone can run any set of commands as /home/user1/runitnow the script without a problem. This is what i want to stop.
Well... don't put scripts you need to run as root
in users homes, then. Simple as that. Put them
in a shared location like /usr/local/scripts, make
sure that neither the directory nor the script are
world-writable (and that the script is safe, e.g.
won't allow the user to interrupt it and end up on
a root shell; scripts and sudo are a bit of a mixed
bag .... ).
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.