----- Original Message ----- From: "Alex Zbyslaw" <[EMAIL PROTECTED]>
To: "Ray Still" <[EMAIL PROTECTED]>
Cc: <freebsd-questions@freebsd.org>
Sent: Friday, December 01, 2006 8:28 AM
Subject: Re: Fw: Re: problem with script execution


Ray Still wrote:

Just out of curiosity: What is the "echo * |" supposed to do? From my
point of view the shell will expand "*" to the list of files and
directories in PWD, so "echo *" acts like a simple ls in this context.
This list is piped to sudo. But what does sudo do with these?


sorry, I didn't want to show my passwords, so I replaced it with an astrix. the password of course is being read from the pipe by sudo because of the -S option.

Probably nothing to do with your original problem, but you do know that you can allow sudo to execute certain commands without a password? Passwords in shell scripts isn't exactly ideal...

I am aware of the security issues, but in this case I think it's the best option because:

1) any one who can login to the machine also knows root passwords.
2) this script lives in a directory that is password protected by apache.
3) I don't like the thought of turning off passwords.
so if you can see the script, you won't learn anything you don't already know.
am I totally out to lunch?


E.g. my sudoers has:

Cmnd_Alias      HEALTHD = /usr/local/sbin/healthd
[...]
%wheel  ALL=(root)      NOPASSWD: SMART_STATUS, HEALTHD, MBMON

So anyone in group wheel (me :-)) can excecute any of the named commands without any password. You can also force the flags that will be passed - the sudoers man page has more details.

--Alex






--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.430 / Virus Database: 268.15.2/559 - Release Date: 11/30/2006 5:07 AM



_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to