From owner-freebsd-questions@FreeBSD.ORG Thu Nov 29 05:12:36 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4EC6C16A417 for ; Thu, 29 Nov 2007 05:12:36 +0000 (UTC) (envelope-from redchin@gmail.com) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.190]) by mx1.freebsd.org (Postfix) with ESMTP id EE4FD13C448 for ; Thu, 29 Nov 2007 05:12:35 +0000 (UTC) (envelope-from redchin@gmail.com) Received: by nf-out-0910.google.com with SMTP id b2so1663484nfb for ; Wed, 28 Nov 2007 21:12:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=ccyON5kwJ8+ktrdB95LZgFMzBlPDMzOW97lahR5oJjw=; b=W3ff6+mXBS/6l/AFCZ9VUF6ecP21nF8emyou+8dOvtayr/lLbH2iS96VqcCAptx0CbK6opHkigm2l74W/73oPBCjUOS2AG8ln5QVU90bLR2Sw/ORDdFgI74o3SnNrJ9P0wgqL2ri+M9N9dg8sOx1EBJ0RNzzzcSNUaq7fVxWEgY= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=I5YrvC2w4fNDhiz0h63UTpclIdU5pLkh9scg1hQ1QsU6vpUbApyvlnPz0Ol2AP8b1S/tszeGSJjvIWGVp9O9F3Li9sFXQgE6wcOXMXJ1FdJ3XKGSLtcp/i6KS9tln1qBmcqo7aXnwNifIs7LimMGEDUu20B2lpmpwCDcpTgrHGU= Received: by 10.82.121.15 with SMTP id t15mr3964862buc.1196313153461; Wed, 28 Nov 2007 21:12:33 -0800 (PST) Received: by 10.82.160.5 with HTTP; Wed, 28 Nov 2007 21:12:33 -0800 (PST) Message-ID: <1d3ed48c0711282112g389407ddyed367561910adfe4@mail.gmail.com> Date: Wed, 28 Nov 2007 21:12:33 -0800 From: "Kevin Downey" To: "Olivier Nicole" In-Reply-To: <200711290428.lAT4SOLd065598@banyan.cs.ait.ac.th> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <200711290428.lAT4SOLd065598@banyan.cs.ait.ac.th> Cc: freebsd-questions@freebsd.org Subject: Re: Secure remote shell X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Nov 2007 05:12:36 -0000 On Nov 28, 2007 8:28 PM, Olivier Nicole wrote: > Hi, > > Part of (un)registerings users on my system consists in connecting to > various servers to add the user account to some services: > > Registering users is done wia a web page, and the web server will > remote execute a script on the mail server to add the users in the > aliases and run newaliases, remote execute a script to the radius > server to add the user in the radius tables and restart radius, etc. > > Of course all the remote execution should be done as root :( > > So far, one specific user from the web server can rsh -l root to the > various other servers to do what needs to be done. But this is not > quite satisfactory. > > What other solution would you suggest to execute a shell remotely as > root, that could be automated in a script (no password required). > > Best regards, > > Olivier ssh using key authentication and sudo configured to allow a certain user to run the needed commands and only the needed commands as root. http://www.gratisoft.us/sudo/ http://sial.org/howto/openssh/publickey-auth/ -- The Mafia way is that we pursue larger goals under the guise of personal relationships. Fisheye