Date: Thu, 14 Nov 2002 23:14:32 +0100 From: Paul Schenkeveld <fb-isp@psconsult.nl> To: Lewis Watson <lists@visionsix.com> Cc: freebsd-isp@FreeBSD.ORG Subject: Re: su and root password Message-ID: <20021114231432.A51618@psconsult.nl> In-Reply-To: <002701c28b94$c378f4e0$a977ca41@yogi>; from lists@visionsix.com on Wed, Nov 13, 2002 at 10:17:36PM -0600 References: <002701c28b94$c378f4e0$a977ca41@yogi>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, On Wed, Nov 13, 2002 at 10:17:36PM -0600, Lewis Watson wrote: > I have a program that ssh's to my machine and needs to do a script that > calls pw useradd. I do not want to give root ssh ability so how can I make a > regular user ssh in and utilize pw useradd as root? I have the script and it > works great as root... I just can't figure out how to get around the > password prompt for su.... > Please pass me some suggestions. > Thanks. > Lewis If you want to use su behind ssh and did not succeed because su cannot read a password from /dev/tty then try the -t option of ssh to force sshd to allocate a pty even if this is not an interactive session: $ ssh me@otherhost -t su root -c \'command args ...\' me@otherhost's password: Password: The first password prompt is obviously from sshd (it could also be a passphrase prompt when using public key authentication), the second password prompt comes from su. You need the backslashes before the quotes because both the local shell and the remote shell evaulate the command line and the -c option of su requires the command and arguments to be in a single shell word (on FreeBSD at least, I came across su implementations that are a bit more liberal here). I use this construction all the time for things I want to execute as root on another machine because I don't want to set up sudo on every machine (I'm the only administrator on most machines anyway). Hope this helps you or someone else. Paul Schenkeveld, Consultant PSconsult ICT Services BV To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021114231432.A51618>