LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices


Reply
  Search this Thread
Old 03-01-2011, 11:06 AM   #1
japhyr
LQ Newbie
 
Registered: Nov 2009
Posts: 11

Rep: Reputation: 0
Root commands in SSH script


Hello,

I am trying to administer a small group of ubuntu desktops in my classroom. I can use ssh to perform administrative tasks one at a time on each machine, but I want to automate these tasks through a small number of scripts. I am having trouble with running root commands through a script.

On other distros, I think I would simply ssh into the root account, and run the script. But as an ubuntu user, I have only ever used sudo, and folks at ubuntuforums are understandably hesitant to recommend logging in as root. Instead I am seeing suggestions to disable the password requirement for each specific command I want to run, which does not seem like best practice.

Should I enable the root account, give it a password, and ssh to the root account to run the scripts? To be specific, the scripts will do things like install updates, install programs, add or delete users, configure the desktop, etc.

Thank you.
 
Old 03-01-2011, 11:22 AM   #2
vigilandy
Member
 
Registered: Mar 2010
Location: Tokyo
Distribution: Arch, Fedora
Posts: 71

Rep: Reputation: 23
I'm not great at sudo configuration, but you could give a user the right to run some set of commands without needing a password.
 
Old 03-01-2011, 11:27 AM   #3
vigilandy
Member
 
Registered: Mar 2010
Location: Tokyo
Distribution: Arch, Fedora
Posts: 71

Rep: Reputation: 23
something like this may work:
Code:
japhyr ALL=(root)NOPASSWD:/usr/bin/apt-get,/usr/sbin/adduser
 
Old 03-01-2011, 11:59 AM   #4
japhyr
LQ Newbie
 
Registered: Nov 2009
Posts: 11

Original Poster
Rep: Reputation: 0
I might try that, but why the recommendation to work around needing a password? Isn't there a way to log in remotely as a trusted administrative user, through the use of keys, in a way that retains sudo/superuser privileges?
 
Old 03-01-2011, 12:11 PM   #5
Reuti
Senior Member
 
Registered: Dec 2004
Location: Marburg, Germany
Distribution: openSUSE 13.1
Posts: 1,330

Rep: Reputation: 254Reputation: 254Reputation: 254
Quote:
Originally Posted by japhyr View Post
Isn't there a way to log in remotely as a trusted administrative user, through the use of keys, in a way that retains sudo/superuser privileges?
I suggest to look into the /etc/ssh/sshd_config setting:
Code:
PermitRootLogin without-password
which will only allow the use of ssh keys or
Code:
PermitRootLogin forced-commands-only
and the setting of ForceCommand which could be used to force to run a script with only one or two options taken from the invocation's commandline.
 
Old 03-01-2011, 12:22 PM   #6
SL00b
Member
 
Registered: Feb 2011
Location: LA, US
Distribution: SLES
Posts: 375

Rep: Reputation: 112Reputation: 112
Quote:
Originally Posted by japhyr View Post
I might try that, but why the recommendation to work around needing a password? Isn't there a way to log in remotely as a trusted administrative user, through the use of keys, in a way that retains sudo/superuser privileges?
You can log in as a trusted administrative user through the use of keys. However, as soon as that trusted administrative user tries to execute something as root via the sudo command, the user will get a password prompt for the sudo command (unless that has been disabled, which isn't a good idea). So if you want to run this in a script, you'll want to set NOPASSWD in the sudoers file for that user and those commands.

Here's where it's helpful to set up a service account that doesn't belong to anyone in particular to do these functions, so then you can lock down your sudo rules to exactly which functions you want to automate.
 
  


Reply

Tags
sudo


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Passing commands through an SSH shell in a bash script buee Linux - Newbie 12 07-01-2010 02:28 AM
script which logs into devices over ssh and executes commands m4rtin Programming 1 03-23-2010 01:51 PM
Running multiple commands remotely via SSH in a script gimpy530 Linux - General 4 12-19-2009 11:22 PM
How to ssh as root to a workstation and then run commands as another user. martinhb Linux - Security 5 06-10-2009 11:04 PM
How to write a script with auto login ssh and then run commands? keber314 Linux - Server 13 02-16-2009 04:37 PM

LinuxQuestions.org > Forums > Non-*NIX Forums > Programming

All times are GMT -5. The time now is 09:44 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration