12-14-2008
How to securely invoke a Solaris privildged command (root) remotely?
Hi,
What I would like to do "securely" is the following.
From one central server invoke a script that does the following.
--Store user/name passwords. (password possibly encrypted in config file)
--From the central server invoke a privileged command (i.e. route add) on multiple servers.
High-level Steps:
1. User logs in Central Server
2. User Invokes "the script"
3. "The Script" --> SSH to <server(s)>, script invokes "privileged command", User has sudo-access to the "privileged command" only (everything should be logged).
Question:
What security issues can I potentially have with the above approach?
Is there other obvious (standard??) way to invoke privileged commands remotely that do not require some sort of agent running on each server? (Do I need an agent on each box??)
Would the new feature of Solaris 10 privileges help me in any way?
Your thoughts/advice on the above would be greatly appreciated.
Thanks
Sam
9 More Discussions You Might Find Interesting
1. Solaris
Hello - Could you please let me know where do I get the installer for installing netbackup on solaris 10 X86 ? along with the instructions?
Thank you. (1 Reply)
Discussion started by: panchpan
1 Replies
2. Solaris
Ok,
I am trying to install solaris, but I would like as a lean installation as possible (while still having a shread of functionality).
If I chose the minimal install I have little if no utilities to do work on the box.
My question is what installation method do most admins take?
... (7 Replies)
Discussion started by: liven
7 Replies
3. UNIX for Advanced & Expert Users
i'm trying to change passwd remotely in unix (solaris) and tried using "expect" but it is not working.
Any ideas to change the passwd remotely using a shell script? (1 Reply)
Discussion started by: pharos467
1 Replies
4. Shell Programming and Scripting
Hi All ,
i am trying to switch user (from unix1 to unix 2 ) The user will give me the input and also the password . also how can i login into with the password . itried several attempts . no luck
Can any one help on this !!! (4 Replies)
Discussion started by: raghav1982
4 Replies
5. Shell Programming and Scripting
Hi,
I have startup shell script called "xxxxx" for Jboss server which is taking more than expected timeline to complete the process, here I want to use the fork command to start the child process for non dependent component
I have a scheduler called "yyyy" which is currently getting invoked... (2 Replies)
Discussion started by: harish76
2 Replies
6. Shell Programming and Scripting
Hi All,
Hope you all doing well...!!!
First of all i will like to share few information about my network.
I have a network of 50 solaris servers sample IPs are (10.2.135.1 to 10.2.135.50)..
i have created trust for root user of servers 1(10.2.135.1) in all other servers, that is i have shared... (4 Replies)
Discussion started by: varunksharma87
4 Replies
7. Solaris
I have installed Solaris 11 Express on my machine. I have problems trying to reboot the computer remotely.
When I log to the local console as the root-user and run
reboot
everything is fine.
But when I log in remotely from a Windows machine using putty and do the same, the computer... (3 Replies)
Discussion started by: RychnD
3 Replies
8. Shell Programming and Scripting
Hi,
I have an command which find the files modified within last 3 days and then after selecting the files from the location it make the tar format and send it to the specified destination ...now I want that this task to be automative ..that is it should happen after every 5 minutes ..plz guide me... (5 Replies)
Discussion started by: Neera
5 Replies
9. Solaris
Hi everyone,
I have a Solaris machine:
SunOS 5.10 Generic_127127-11 sun4v sparc SUNW,SPARC-Enterprise-T5220
After reboot, I can't ssh to this machine. Error message:
ssh: connect to host xxxx port 22: Connection refused
It seems ssh daemon is not running, but I don't have... (5 Replies)
Discussion started by: Zaiwen Gong
5 Replies
LEARN ABOUT DEBIAN
condor_store_cred
condor_store_cred(1) General Commands Manual condor_store_cred(1)
Name
condor_store_cred securely - stash a password
Synopsis
condor_store_cred [-help]
condor_store_credadd[ -c | -u username] [-p password] [-n machinename] [-f filename]
condor_store_creddelete[ -c | -u username] [-n machinename]
condor_store_credquery[ -c | -u username] [-n machinename]
Description
condor_store_credstores passwords in a secure manner. There are two separate uses of condor_store_cred:
1. A shared pool password is needed in order to implement the PASSWORD authentication method. condor_store_cred using the -coption
deals with the password for the implied condor_pool@$(UID_DOMAIN) user name.
On a Unix machine, condor_store_cred with the -foption is used to set the pool password, as needed when used with the PASSWORD authen-
tication method. The pool password is placed in a file specified by the SEC_PASSWORD_FILE configuration variable.
2. In order to submit a job from a Windows platform machine, or to execute a job on a Windows platform machine utilizing the run_as_own-
erfunctionality, condor_store_cred stores the password of a user/domain pair securely in the Windows registry. Using this stored pass-
word, Condor may act on behalf of the submitting user to access files, such as writing output or log files. Condor is able to run jobs
with the user ID of the submitting user. The password is stored in the same manner as the system does when setting or changing account
passwords.
Passwords are stashed in a persistent manner; they are maintained across system reboots.
The addargument on the Windows platform stores the password securely in the registry. The user is prompted to enter the password twice for
confirmation, and characters are not echoed. If there is already a password stashed, the old password will be overwritten by the new pass-
word.
The deleteargument deletes the current password, if it exists.
The queryreports whether the password is stored or not.
Options
-c
Operations refer to the pool password, as used in the PASSWORD authentication method.
-f filename
For Unix machines only, generates a pool password file named filenamethat may be used with the PASSWORD authentication method.
-help
Displays a brief summary of command options.
-n machinename
Apply the command on the given machine.
-p password
Stores password, rather than prompting the user to enter a password.
-u username
Specify the user name.
Exit Status
condor_store_credwill exit with a status value of 0 (zero) upon success, and it will exit with the value 1 (one) upon failure.
Author
Condor Team, University of Wisconsin-Madison
Copyright
Copyright (C) 1990-2012 Condor Team, Computer Sciences Department, University of Wisconsin-Madison, Madison, WI. All Rights Reserved.
Licensed under the Apache License, Version 2.0.
See the Condor Version 7.8.2 Manualor http://www.condorproject.org/licensefor additional notices. condor-admin@cs.wisc.edu
September 2012 condor_store_cred(1)