passwordless sudo
Reindl Harald
h.reindl at thelounge.net
Wed Nov 30 11:46:40 UTC 2011
Am 30.11.2011 12:37, schrieb Emilio Lopez:
>> I'm trying to set up passwordless sudo for myself
>
> Im not familiar with sudo, but doing it, sudo without password, is not
> a bad practice that allow any program
> to run anything as root without your knowledge, (calling sudo internally)???
yes it is normally a bad idea
but depends on what the user and script running under this
user are supposed to do - for role-accounts where you have
automatic batch-jobs which should start task as normal
user and needs sudo it is a good thing
[builduser at buildserver:~]$ cat /rpmbuild/SPECS/build-all.sh
#!/bin/bash
DATE_COMPILE_START=$(date "+%d.%m.%Y %H:%M:%S")
source /home/builduser/config.sh
cd /rpmbuild/SPECS/
QA_RPATHS=$[ 0x0001|0x0010 ] rpmbuild -bb GeoIP.spec
sudo yum --nogpgcheck -y localupdate /home/builduser/rpmbuild/RPMS/$RH_ARCH/*.rpm
rpmbuild -bb /home/builduser/rpmbuild/SPECS/httpd.spec
sudo yum --nogpgcheck -y localupdate /home/builduser/rpmbuild/RPMS/$RH_ARCH/*.rpm
QA_RPATHS=$[ 0x0001|0x0010 ] rpmbuild -bb /home/builduser/rpmbuild/SPECS/mod_security.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/mod_flvx.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/mod_bw.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/mod_bwshare.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/mod_h264_streaming.spec
sudo yum --nogpgcheck -y localupdate /home/builduser/rpmbuild/RPMS/$RH_ARCH/*.rpm
rpmbuild -bb /home/builduser/rpmbuild/SPECS/mysql.spec
sudo yum --nogpgcheck -y localupdate /home/builduser/rpmbuild/RPMS/$RH_ARCH/*.rpm
./build-all-php.sh
rpmbuild -bb /home/builduser/rpmbuild/SPECS/libmp4v2.spec
sudo yum --nogpgcheck -y localupdate /home/builduser/rpmbuild/RPMS/$RH_ARCH/*.rpm
rpmbuild -bb /home/builduser/rpmbuild/SPECS/x264.spec
sudo yum --nogpgcheck -y localupdate /home/builduser/rpmbuild/RPMS/$RH_ARCH/*.rpm
rpmbuild -bb /home/builduser/rpmbuild/SPECS/libquicktime.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/lame.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/faac.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/faad2.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/a52dec.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/libvpx.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/libmpdclient.spec
sudo yum --nogpgcheck -y localupdate /home/builduser/rpmbuild/RPMS/$RH_ARCH/*.rpm
rpmbuild -bb /home/builduser/rpmbuild/SPECS/pulsed.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/mpd.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/mpdscribble.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/ffmpeg.spec
sudo yum --nogpgcheck -y localupdate /home/builduser/rpmbuild/RPMS/$RH_ARCH/*.rpm
rpmbuild -bb /home/builduser/rpmbuild/SPECS/transcode.spec
sudo yum --nogpgcheck -y localupdate /home/builduser/rpmbuild/RPMS/$RH_ARCH/*.rpm
rpmbuild -bb /home/builduser/rpmbuild/SPECS/postfix.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/postgrey.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/dovecot.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/dbmail.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/dbmail-postfix-policyd.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/webalizer-xtended.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/mp3info.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/iat.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/aespipe.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/mysqltuner.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/php-reader.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/php-manual-de.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/phpMyAdmin.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/perl-class-std-fast.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/perl-soap-wsdl.spec
sudo yum --nogpgcheck -y localupdate /home/builduser/rpmbuild/RPMS/noarch/*.rpm
rpmbuild -bb /home/builduser/rpmbuild/SPECS/perl-net-dri.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/perl-IO-Socket-INET6.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/netatalk.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/hylafax.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/iaxmodem.spec
sudo yum --nogpgcheck -y localupdate /home/builduser/rpmbuild/RPMS/$RH_ARCH/*.rpm
sudo yum --nogpgcheck -y localupdate /home/builduser/rpmbuild/RPMS/noarch/*.rpm
./build-horde.sh
sudo yum --nogpgcheck -y localupdate /home/builduser/rpmbuild/RPMS/noarch/*.rpm
DATE_COMPILE_FINISH=$(date "+%d.%m.%Y %H:%M:%S")
echo ""
echo "-----------------------------------------------"
echo $DATE_COMPILE_START
echo $DATE_COMPILE_FINISH
echo "-----------------------------------------------"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
Url : http://lists.fedoraproject.org/pipermail/users/attachments/20111130/0967ae36/attachment.bin
More information about the users
mailing list