Sudo from scripts
Jerry Feldman
gaf at blu.org
Mon Nov 17 12:45:59 UTC 2008
On 11/17/2008 12:47 AM, g wrote:
> as a question of curiousness, and 'wat' from svr5 days, have you tried
> giving ownership of script to root?
>
> also, if you want backup to run only after you are logged off, or after
> you have done something needing backup, have script check for 'filename'
> and then delete 'filename' as part of closing. this way, you can run
> 'touch filename' to enable.
My specific solution was to simply run a root cron. But I did test sudo
by disabling "#Defaults requiretty" in /etc/sudoers. Giving root
ownership to a script IMHO is a security issue. Actually, the backup
script probably should have been run as root via a root crontab in the
first place.
The bottom line is that things change as time goes on, and it is
important that one (eg. me) keep up. Subsequently we had the exact same
problem on the Boston Linux server, and as I saw the logs, I let my
partner know about it since he maintains those.
--
Jerry Feldman <gaf at blu.org>
Boston Linux and Unix
PGP key id: 537C5846
PGP Key fingerprint: 3D1B 8377 A3C0 A5F2 ECBB CA3B 4607 4319 537C 5846
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 251 bytes
Desc: OpenPGP digital signature
Url : http://lists.fedoraproject.org/pipermail/users/attachments/20081117/10a6e802/attachment-0001.bin
More information about the users
mailing list