On 26-Oct-2007, at 07:50, Chris Pepper wrote:
You can configure sudo not to require a password: "visudo" or
perhaps "sudo visudo" from the command line; then add "Defaults !
authenticate" at the top of the file.
SPECTACULARLY BAD IDEA.
Please, don't even consider doing this. Not only is it horribly
insecure, it makes it trivial for you to accidently hose yourself
completely.
What you do is you write your script and save it; say in /Users/rich/
bin/myscript. make sure the file is marked as executable. Set the
permission on the file to be owned by root and with permissions of 700
(or -rwx------).
Now, us sudo visudo and add a line like this:
rich localhost=/Users/rich/bin/myscript
this will allow the user rich, ONLY when logged in locally, to use
sudo to execute the myscript script with root permissions. This will
still prompt for rich's password. If you ssh into the machine, you
will not be able to run it. So even if someone gets your password,
they can't run it. You can bypass the password prompt by making the
line:
rich localhost=NOPASSWD: /Users/rich/bin/myscript
This will not prompt for a password, but it still only allows rich to
run the script as root with the sudo command, and NOTHING ELSE.
--
Why can't you be in a good mood? How hard is it to decide to be in a
good mood and be in a good mood once in a while?"
--
------------------------------------------------------------------
Have a feature request? Not sure the software's working correctly?
If so, please send mail to <[EMAIL PROTECTED]>, not to the list.
List FAQ: <http://www.barebones.com/support/lists/bbedit_talk.shtml>
List archives: <http://www.listsearch.com/BBEditTalk.lasso>
To unsubscribe, send mail to: <[EMAIL PROTECTED]>
