On 12/02/2011 07:36 PM, Jeff Forcier wrote:
Another alternative is actually to remove the sudo password entirely
and give the user running this script (and only that user!) "ALL=(ALL)
NOPASSWD: ALL" access. Combined with key-only SSH authentication and
proper key management, it grants that user script-friendly admin
access without having the user's login password in your code.
You can fine tune still more your sudo rights, which makes more sound
avoiding hard-coded passwords at all.
Cmnd_Alias DEPLOY = /usr/sbin/service bind stop, \
/usr/sbin/service bind start, /usr/sbin/service bind restart
deploy_user ALL=(ALL) NOPASSWD: DEPLOY
--
Jordi Funollet Pujol
http://www.linkedin.com/in/jordifunollet
_______________________________________________
Fab-user mailing list
[email protected]
https://lists.nongnu.org/mailman/listinfo/fab-user
