How many servers are involved? What are their Operating Systems - Solaris, AIX, Linux? If Linux, which distribution(s)?
How often are you likely to repeat this deployment? Once per server? Monthly/annually per server?
Personally, although others may disagree with me, I would use SSH to login directly as root on the server, removing the need for step three. But the best solution for you really depends on the answers you give to the above questions.
I agree with apmcd47's direction. You can set up ssh keys for the root user. This has some security issues. As you describe it, your ssh configuration probably does not allow root to login directly, which is definitely more secure.
Your described approach with echo is not secure. Period. root passwords do not belong in scripts.
The below stuff is a model, a suggestion. You need to change it. No sudo needed.
If you do not want to undo security consider a different model from your base proposal.
Create a directory off root: /venkidhadha, maybe with 1700 permissions, definitely 700, owned by venkidhadha user. That username (or whatever name you use) has to exist on every remote box.
Leave the directory EMPTY.
Write a simple script executed by the root user's crontab, and have run once a day, or once every hour - whatever:
crontab that runs at 1:00 am once a day:
Code:
0 1 * * * /path/to/runme.shl
Code:
# runme.shl in another admin directory must have execute
cd /venkidhadha
find . -type f user venkidhadha |
while read scriptname
do
./${scriptname} > ./${scriptname}.log_$(date "+%d%m%Y")
chown root:root scriptname
done
The above script needs some tweaking, but you need to keep track of what has been executing, maybe send email, changing the owner to root means you cannot use duplicate script names because this:
I saw an option with sudo -S ( where the input is not taken from terminal ) echo -e 'password' | sudo -S su root
Whenever you find yourself trying to do echo password | secure_tool or secure_tool 'commandline password' now is the time to rethink your strategy, as in the 21st century, no security system will accept a stored password without a fight.
There are two ways forward.
Install insecure, third-party cracking tools which will make the path of maximum resistance just barely possible.
Try some other way.
Quote:
I am not fine with editing the sudoers file as anyone can then login with this id without password.
Only if you allow sudoers to allow anyone to login to this id without a password. You can also tell sudo to only let some or one ID do so. Or only let someone in a particular group to do so. Or both.
I have to write a shell script in my current linux server and I have to connect to a different server then do sudo login and finally run some scripts residing in a particular directory and get results back. I am starting to write my shell script as below but after I do ssh login it prompts for... (2 Replies)
Hello All ,
Hope everyone is doing great !
can someone help me for the below problem statement with the help of a script .
1. I am having couple of Linux Servers
a. I need to login and need to do a sudo
b. need to give a user id , which will take to user directory`s homedirectory... (1 Reply)
Hi All,
I am trying use the below su command to execute a shell script using different user.
Caould some one please help me out as to how to pass the pass the password when prompted or is there any way to execute the shell script using other user.
I have had look at the other posts in forum... (1 Reply)
Hi, Have a need to run the below command as a "karuser" from a java class which will is running as "root" user. When we are trying to run the below command from java code getting the below error.
Command:
sudo -u karuser -s /bin/bash /bank/karunix/bin/build_cycles.sh
Error:
sudo: sorry,... (8 Replies)
Hi All,
I running a unix command using sudo option inside shell script. Its working well. But in crontab the same command is not working and its throwing
"sudo: sorry, you must have a tty to run sudo". I do not have root permission to add or change settings for my userid. I can not even ask... (9 Replies)
I am writing a BASH script to update a webserver and then restart Apache. It looks basically like this:
#!/bin/bash
rsync /path/on/local/machine/ foo.com:path/on/remote/machine/
ssh foo.com sudo /etc/init.d/apache2 reloadrsync and ssh don't prompt for a password, because I have DSA encryption... (9 Replies)
I logged in through ssh, but can't re-login as root.
sudo login
Arch login: root
Password:
Login incorrect
Arch login:
But I am sure my password is right. Why?
But on local tty1, this works. (2 Replies)
Hi Gurus,
I have small issue...
I used to pass the passwd for sudo commands like below,
gzcat ~/passwd.gz | sudo su - <villin> >> eof
------
-----
------
eof
And it was able to login into "villin" sudo account successfully. But now, I'm using the same in another script for the... (2 Replies)
Hi,
I am trying to execute some command, via ssh and sudo.
Here is what i want to do.
ssh localhost | sudo su - ldaprole | ls -ltrh
However, this command gives me listing of my home directory, and not of ldaprole.
If I logic directly, when i perform sudo su - ldaprole, it... (5 Replies)
Hi! I'm very new to unix, so please keep that in mind with the level of language used if you choose to help :D Thanks!
When attempting to use sudo on and AIX machine with oslevel 5.1.0.0, I get the following error:
exec(): 0509-036 Cannot load program sudo because of the following errors:... (1 Reply)
