Date: Wed, 13 Nov 2002 23:44:05 -0600 From: "Lewis Watson" <lists@visionsix.com> To: "Andrew Thompson" <andy@fud.org.nz>, <freebsd-isp@FreeBSD.ORG> Subject: Re: su and root password Message-ID: <007e01c28ba0$d8587820$a977ca41@yogi> References: <002701c28b94$c378f4e0$a977ca41@yogi> <02Nov14.175625nzdt.119053@homer.fire.org.nz>
next in thread | previous in thread | raw e-mail | index | archive | help
> >I have a program that ssh's to my machine and needs to do a script that > >calls pw useradd. I do not want to give root ssh ability so how can I make a > >regular user ssh in and utilize pw useradd as root? I have the script and it > >works great as root... I just can't figure out how to get around the > >password prompt for su.... > >Please pass me some suggestions. > >Thanks. > >Lewis > > > > > If you have "PermitRootLogin no" in the config root is still able to log > in using publickey. Then put command="pw useradd..." before the key in > the authorized_keys file. > > > Andy > Hey Everyone! I appreciate all of the excellent suggestions! I actually have several different scripts, all based around pw user commands that will be used. I like the idea of being able to let root do the work but it sounds like I have to have a specific command (i.e. pw useradd) in the authorized_keys file to do this. Maybe I could look at merging them all together and then do 'if then' statements to execute the needed part .... Basically the scripts are a combination of pw user add| delete| mod, pure-ftpd user managemnt, chmod, chown, cp files, and adding virtual hosts config files for apache and doing apachectl commands. One big script to create virtual hosts, another to delete, and another to modify, plus more scripts to add, delete, modify httpd /~user accounts. I also like the idea of being able to hand it off for instant results, ruling out cron. It sounds like sudo is the way to go until I roll all my scripts into one. I have specified only limited hosts that are allowed to ssh to the machine. I will create a dedicated user to do this job. Also, Mark, an example sudoers file would be awesome.... Thanks everyone for the quick help! Lewis To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?007e01c28ba0$d8587820$a977ca41>