Fw: Re: problem with script execution

Ray Still rastill at shaw.ca
Fri Dec 1 07:47:03 PST 2006


----- Original Message ----- 
From: "Alex Zbyslaw" <xfb52 at dial.pipex.com>
To: "Ray Still" <rastill at shaw.ca>
Cc: <freebsd-questions at freebsd.org>
Sent: Friday, December 01, 2006 8:28 AM
Subject: Re: Fw: Re: problem with script execution


> Ray Still wrote:
>
>>>> Just out of curiosity: What is the "echo * |" supposed to do? From my
>>>> point of view the shell will expand "*" to the list of files and
>>>> directories in PWD, so "echo *" acts like a simple ls in this context.
>>>> This list is piped to sudo. But what does sudo do with these?
>>>
>>>
>>> sorry, I didn't want to show my passwords, so I replaced it with an 
>>> astrix. the password of course is being read from the pipe by sudo 
>>> because of the -S option.
>>
> Probably nothing to do with your original problem, but you do know that 
> you can allow sudo to execute certain commands without a password? 
> Passwords in shell scripts isn't exactly ideal...

I am aware of the security issues, but in this case I think it's the best 
option because:

1) any one who can login to the machine also knows root passwords.
2) this script lives in a directory that is password protected by apache.
3) I don't like the thought of turning off passwords.
 so if you can see the script, you won't learn anything you don't already 
know.
am I totally out to lunch?

>
> E.g. my sudoers has:
>
> Cmnd_Alias      HEALTHD = /usr/local/sbin/healthd
> [...]
> %wheel  ALL=(root)      NOPASSWD: SMART_STATUS, HEALTHD, MBMON
>
> So anyone in group wheel (me :-)) can excecute any of the named commands 
> without any password.  You can also force the flags that will be passed - 
> the sudoers man page has more details.
>
> --Alex
>
>
>
>
>
>
> -- 
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.5.430 / Virus Database: 268.15.2/559 - Release Date: 11/30/2006 
> 5:07 AM
>
> 



More information about the freebsd-questions mailing list