passwordless sudo

Reindl Harald h.reindl at thelounge.net
Wed Nov 30 11:46:40 UTC 2011 


Am 30.11.2011 12:37, schrieb Emilio Lopez:
>> I'm trying to set up passwordless sudo for myself
> 
> Im not familiar with sudo, but doing it, sudo without password, is not
> a bad practice that allow any program
> to run anything as root without your knowledge, (calling sudo internally)???

yes it is normally a bad idea

but depends on what the user and script running under this
user are supposed to do - for role-accounts where you have
automatic batch-jobs which should start task as normal
user and needs sudo it is a good thing

[builduser at buildserver:~]$ cat /rpmbuild/SPECS/build-all.sh
#!/bin/bash

DATE_COMPILE_START=$(date "+%d.%m.%Y %H:%M:%S")

source /home/builduser/config.sh
cd /rpmbuild/SPECS/

QA_RPATHS=$[ 0x0001|0x0010 ] rpmbuild -bb GeoIP.spec
sudo yum --nogpgcheck -y localupdate /home/builduser/rpmbuild/RPMS/$RH_ARCH/*.rpm

rpmbuild -bb /home/builduser/rpmbuild/SPECS/httpd.spec
sudo yum --nogpgcheck -y localupdate /home/builduser/rpmbuild/RPMS/$RH_ARCH/*.rpm

QA_RPATHS=$[ 0x0001|0x0010 ] rpmbuild -bb /home/builduser/rpmbuild/SPECS/mod_security.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/mod_flvx.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/mod_bw.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/mod_bwshare.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/mod_h264_streaming.spec
sudo yum --nogpgcheck -y localupdate /home/builduser/rpmbuild/RPMS/$RH_ARCH/*.rpm

rpmbuild -bb /home/builduser/rpmbuild/SPECS/mysql.spec
sudo yum --nogpgcheck -y localupdate /home/builduser/rpmbuild/RPMS/$RH_ARCH/*.rpm

./build-all-php.sh

rpmbuild -bb /home/builduser/rpmbuild/SPECS/libmp4v2.spec
sudo yum --nogpgcheck -y localupdate /home/builduser/rpmbuild/RPMS/$RH_ARCH/*.rpm

rpmbuild -bb /home/builduser/rpmbuild/SPECS/x264.spec
sudo yum --nogpgcheck -y localupdate /home/builduser/rpmbuild/RPMS/$RH_ARCH/*.rpm

rpmbuild -bb /home/builduser/rpmbuild/SPECS/libquicktime.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/lame.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/faac.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/faad2.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/a52dec.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/libvpx.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/libmpdclient.spec
sudo yum --nogpgcheck -y localupdate /home/builduser/rpmbuild/RPMS/$RH_ARCH/*.rpm

rpmbuild -bb /home/builduser/rpmbuild/SPECS/pulsed.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/mpd.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/mpdscribble.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/ffmpeg.spec
sudo yum --nogpgcheck -y localupdate /home/builduser/rpmbuild/RPMS/$RH_ARCH/*.rpm

rpmbuild -bb /home/builduser/rpmbuild/SPECS/transcode.spec
sudo yum --nogpgcheck -y localupdate /home/builduser/rpmbuild/RPMS/$RH_ARCH/*.rpm

rpmbuild -bb /home/builduser/rpmbuild/SPECS/postfix.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/postgrey.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/dovecot.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/dbmail.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/dbmail-postfix-policyd.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/webalizer-xtended.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/mp3info.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/iat.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/aespipe.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/mysqltuner.spec

rpmbuild -bb /home/builduser/rpmbuild/SPECS/php-reader.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/php-manual-de.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/phpMyAdmin.spec

rpmbuild -bb /home/builduser/rpmbuild/SPECS/perl-class-std-fast.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/perl-soap-wsdl.spec
sudo yum --nogpgcheck -y localupdate /home/builduser/rpmbuild/RPMS/noarch/*.rpm

rpmbuild -bb /home/builduser/rpmbuild/SPECS/perl-net-dri.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/perl-IO-Socket-INET6.spec

rpmbuild -bb /home/builduser/rpmbuild/SPECS/netatalk.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/hylafax.spec
rpmbuild -bb /home/builduser/rpmbuild/SPECS/iaxmodem.spec

sudo yum --nogpgcheck -y localupdate /home/builduser/rpmbuild/RPMS/$RH_ARCH/*.rpm
sudo yum --nogpgcheck -y localupdate /home/builduser/rpmbuild/RPMS/noarch/*.rpm

./build-horde.sh
sudo yum --nogpgcheck -y localupdate /home/builduser/rpmbuild/RPMS/noarch/*.rpm

DATE_COMPILE_FINISH=$(date "+%d.%m.%Y %H:%M:%S")
echo ""
echo "-----------------------------------------------"
echo $DATE_COMPILE_START
echo $DATE_COMPILE_FINISH
echo "-----------------------------------------------"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
Url : http://lists.fedoraproject.org/pipermail/users/attachments/20111130/0967ae36/attachment.bin

More information about the users mailing list