From owner-freebsd-questions@FreeBSD.ORG Fri Dec 1 15:47:03 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 96CC416A492 for ; Fri, 1 Dec 2006 15:47:03 +0000 (UTC) (envelope-from rastill@shaw.ca) Received: from pd2mo3so.prod.shaw.ca (shawidc-mo1.cg.shawcable.net [24.71.223.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2C9F343CA2 for ; Fri, 1 Dec 2006 15:46:48 +0000 (GMT) (envelope-from rastill@shaw.ca) Received: from pd2mr6so.prod.shaw.ca (pd2mr6so-qfe3.prod.shaw.ca [10.0.141.9]) by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0J9L008SQQID2F10@l-daemon> for freebsd-questions@freebsd.org; Fri, 01 Dec 2006 08:47:01 -0700 (MST) Received: from pn2ml9so.prod.shaw.ca ([10.0.121.7]) by pd2mr6so.prod.shaw.ca (Sun Java System Messaging Server 6.2-2.05 (built Apr 28 2005)) with ESMTP id <0J9L000MZQIDCLP0@pd2mr6so.prod.shaw.ca> for freebsd-questions@freebsd.org; Fri, 01 Dec 2006 08:47:01 -0700 (MST) Received: from New ([70.65.134.12]) by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with SMTP id <0J9L00LSLQICIAD0@l-daemon> for freebsd-questions@freebsd.org; Fri, 01 Dec 2006 08:47:00 -0700 (MST) Date: Fri, 01 Dec 2006 08:47:02 -0700 From: Ray Still To: Alex Zbyslaw Message-id: <007101c7155f$f1fb6790$6700a8c0@New> MIME-version: 1.0 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 X-Mailer: Microsoft Outlook Express 6.00.2900.2180 Content-type: text/plain; format=flowed; charset=iso-8859-1; reply-type=response Content-transfer-encoding: 7bit X-Priority: 3 X-MSMail-priority: Normal References: <004601c71559$f2d645f0$6700a8c0@New> <45704A22.9060100@dial.pipex.com> Cc: freebsd-questions@freebsd.org Subject: Re: Fw: Re: problem with script execution X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Dec 2006 15:47:03 -0000 ----- Original Message ----- From: "Alex Zbyslaw" To: "Ray Still" Cc: Sent: Friday, December 01, 2006 8:28 AM Subject: Re: Fw: Re: problem with script execution > Ray Still wrote: > >>>> Just out of curiosity: What is the "echo * |" supposed to do? From my >>>> point of view the shell will expand "*" to the list of files and >>>> directories in PWD, so "echo *" acts like a simple ls in this context. >>>> This list is piped to sudo. But what does sudo do with these? >>> >>> >>> sorry, I didn't want to show my passwords, so I replaced it with an >>> astrix. the password of course is being read from the pipe by sudo >>> because of the -S option. >> > Probably nothing to do with your original problem, but you do know that > you can allow sudo to execute certain commands without a password? > Passwords in shell scripts isn't exactly ideal... I am aware of the security issues, but in this case I think it's the best option because: 1) any one who can login to the machine also knows root passwords. 2) this script lives in a directory that is password protected by apache. 3) I don't like the thought of turning off passwords. so if you can see the script, you won't learn anything you don't already know. am I totally out to lunch? > > E.g. my sudoers has: > > Cmnd_Alias HEALTHD = /usr/local/sbin/healthd > [...] > %wheel ALL=(root) NOPASSWD: SMART_STATUS, HEALTHD, MBMON > > So anyone in group wheel (me :-)) can excecute any of the named commands > without any password. You can also force the flags that will be passed - > the sudoers man page has more details. > > --Alex > > > > > > > -- > No virus found in this incoming message. > Checked by AVG Free Edition. > Version: 7.5.430 / Virus Database: 268.15.2/559 - Release Date: 11/30/2006 > 5:07 AM > >