Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 14 Nov 2002 23:14:32 +0100
From:      Paul Schenkeveld <fb-isp@psconsult.nl>
To:        Lewis Watson <lists@visionsix.com>
Cc:        freebsd-isp@FreeBSD.ORG
Subject:   Re: su and root password
Message-ID:  <20021114231432.A51618@psconsult.nl>
In-Reply-To: <002701c28b94$c378f4e0$a977ca41@yogi>; from lists@visionsix.com on Wed, Nov 13, 2002 at 10:17:36PM -0600
References:  <002701c28b94$c378f4e0$a977ca41@yogi>
next in thread | previous in thread | raw e-mail | index | archive | help 
Hi,

On Wed, Nov 13, 2002 at 10:17:36PM -0600, Lewis Watson wrote:
> I have a program that ssh's to my machine and needs to do a script that
> calls pw useradd. I do not want to give root ssh ability so how can I make a
> regular user ssh in and utilize pw useradd as root? I have the script and it
> works great as root... I just can't figure out how to get around the
> password prompt for su....
> Please pass me some suggestions.
> Thanks.
> Lewis

If you want to use su behind ssh and did not succeed because su cannot
read a password from /dev/tty then try the -t option of ssh to force
sshd to allocate a pty even if this is not an interactive session:

  $ ssh me@otherhost -t su root -c \'command args ...\'
  me@otherhost's password:
  Password:

The first password prompt is obviously from sshd (it could also be
a passphrase prompt when using public key authentication), the second
password prompt comes from su.

You need the backslashes before the quotes because both the local shell
and the remote shell evaulate the command line and the -c option of su
requires the command and arguments to be in a single shell word (on
FreeBSD at least, I came across su implementations that are a bit more
liberal here).

I use this construction all the time for things I want to execute as
root on another machine because I don't want to set up sudo on every
machine (I'm the only administrator on most machines anyway).

Hope this helps you or someone else.

Paul Schenkeveld, Consultant
PSconsult ICT Services BV

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021114231432.A51618>