Ask Your Question
0

How to securely automate running commands as root with “sudo su -”?

asked 2013-03-26 04:23:59 -0500

newusereze gravatar image

So.. it would be a very easy task to automate running commands via SSH on servers with the root user on server side (in the end we need to run a script from a desktop machine on server side with root user, but running a command automated would be enough to know, from there we could do the thing..).

BUT: the Question is that how to securely automate running commands with root if we have to "sudo su -" first on the server, and give password in it?

UPDATE: modifying the sudoers file is not an option. (maybe puppet can do ... (more)

edit retag flag offensive close merge delete

2 Answers

Sort by » oldest newest most voted
0

answered 2013-03-26 09:33:44 -0500

jonn gravatar image

Puppet has a number of ways of modifying sudoers - this link describes just one of them. If you can add specific sudoers rules with NOPASSWD, then this might be a way around your problem. (Only you can decide whether this is secure enough for your purposes :)

However, if modifying the sudoers file is not an option, as you suggest it may not be, then you could investigate a tool that lets you drive the command via a pseudo-tty, such as expect. Again, this has security implications that you will probably want to consider quite carefully, especially if the user ID ... (more)

edit flag offensive delete link more
0

answered 2013-03-26 08:27:00 -0500

llowder gravatar image

Puppet isn't really intended for this sort of thing.

If you need to run them on demand, you have two options that I can think of.

The first, setup a series of execs to run the commands, and set them refresh only, and then when you need to run them, use a file resource to trigger a notify to the given commands.

The other is to use some sort of orchestration tool such as MCollective or Capistrano to run the commands. MCO isn't really setup to allow running of arbitrary commands, but you could create an agent for ... (more)

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2013-03-26 04:23:59 -0500

Seen: 674 times

Last updated: Mar 26 '13