: :

Add Comment | Related Links | TrackBack
Related Content

Automate 'sudo'

Although security conscious people would shun against any means to pipe password into sudo, there is many legitimate reasons why you'd want to do it. All of the reasons have one thing in common: automate a process that requires 'sudo'.

Let me just make up an arbitrary automation example: building a large system that takes several hours, then download and install all necessary driver, finally deploying the new built system on the machine. Part of this automation may require root access.

There are many work-arounds to do that. One of them being 'expect'. But the 'sudo' implementer already anticipated the necessity to automate 'sudo', therefore, has implemented the '-S' flag. Here is the man page quote for the flag:

"The -S (stdin) option causes sudo to read the password from the standard input instead of the terminal device. The password must be followed by a newline character."

Here is the syntax of using it:

echo [password] | sudo -S [command]

I suspect many security conscious folks are jumping up and down, screaming in rage by now. But there are many ways to provide security even when the password is visible in a script. One, you can create a special account that has tightly controlled privileges, such as only being able to execute the automation. If you are a security conscious person, then I bet you can come up with many more solutions to provide security to piping password into 'sudo'.

Mon, 11 Aug 2014 22:19:26 +0400

Add Comment | Related Links | TrackBack
Related Content

Did your message disappear? Read the Forums FAQ.

Add Comment

Spam Control | * indicates required field
Your Name: *
Remember Me!
Comment: *
File attachment is optional. Please do not attach a file to your submission unless it is relevent.
Attach File:
(20 MB Max)
Spam Protection: * Answer of 8 + 3?
Click button only once, please!


TrackBack only accepted from WebSite-X Suite web sites. Do not submit TrackBacks from other sites.

Send Ping | TrackBack URL | Spam Control

No TrackBacks yet. TrackBack can be used to link this thread to your weblog, or link your weblog to this thread. In addition, TrackBack can be used as a form of remote commenting. Rather than posting the comment directly on this thread, you can posts it on your own weblog. Then have your weblog sends a TrackBack ping to the TrackBack URL, so that your post would show up here.

Messages, files, and images copyright by respective owners.

Articles | Wiki
Forums | Latest | RSS
Library | Links | News
Search | Store | Help

444 Users Online

Hacking Digital Cameras
Fun for Photographers

Amazon Associate

Copyright © 2004 - 2024. All Rights Reserved.