From owner-freebsd-isp Wed Nov 13 21:47:21 2002 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2F9B437B401 for ; Wed, 13 Nov 2002 21:47:20 -0800 (PST) Received: from mordrede.visionsix.com (mordrede.visionsix.com [65.202.119.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id 835C143E42 for ; Wed, 13 Nov 2002 21:47:19 -0800 (PST) (envelope-from lists@visionsix.com) Received: from yogi (unverified [65.202.119.169]) by mordrede.visionsix.com (Vircom SMTPRS 1.4.232) with SMTP id ; Wed, 13 Nov 2002 23:47:18 -0600 Message-ID: <007e01c28ba0$d8587820$a977ca41@yogi> From: "Lewis Watson" To: "Andrew Thompson" , References: <002701c28b94$c378f4e0$a977ca41@yogi> <02Nov14.175625nzdt.119053@homer.fire.org.nz> Subject: Re: su and root password Date: Wed, 13 Nov 2002 23:44:05 -0600 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > >I have a program that ssh's to my machine and needs to do a script that > >calls pw useradd. I do not want to give root ssh ability so how can I make a > >regular user ssh in and utilize pw useradd as root? I have the script and it > >works great as root... I just can't figure out how to get around the > >password prompt for su.... > >Please pass me some suggestions. > >Thanks. > >Lewis > > > > > If you have "PermitRootLogin no" in the config root is still able to log > in using publickey. Then put command="pw useradd..." before the key in > the authorized_keys file. > > > Andy > Hey Everyone! I appreciate all of the excellent suggestions! I actually have several different scripts, all based around pw user commands that will be used. I like the idea of being able to let root do the work but it sounds like I have to have a specific command (i.e. pw useradd) in the authorized_keys file to do this. Maybe I could look at merging them all together and then do 'if then' statements to execute the needed part .... Basically the scripts are a combination of pw user add| delete| mod, pure-ftpd user managemnt, chmod, chown, cp files, and adding virtual hosts config files for apache and doing apachectl commands. One big script to create virtual hosts, another to delete, and another to modify, plus more scripts to add, delete, modify httpd /~user accounts. I also like the idea of being able to hand it off for instant results, ruling out cron. It sounds like sudo is the way to go until I roll all my scripts into one. I have specified only limited hosts that are allowed to ssh to the machine. I will create a dedicated user to do this job. Also, Mark, an example sudoers file would be awesome.... Thanks everyone for the quick help! Lewis To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message