virtualsue has asked for the wisdom of the Perl Monks concerning the following question:
I have inherited a Perl program which performs a number of operations which require superuser/root privileges. The last thing it does is an ssh out to each a number of different hosts (specified by the user) and run local copies of the same program on those systems. Currently, this program is run by users via sudo, and the users are expected to set up their own ssh keys to the various hosts which the program will need to access.
scriptname does lots of things...then:sudo scriptname -a opt1 -b opt2 -w host1, host2, host3
This works OK when a human is in charge. They enter their password when they start the process, then for every host that the program needs to update. But now we also need to do this automagically, via cron. One condition is that root not be used for this task, as this would require setting up ssh keys for the root user. I can think of 2 ways to accomplish this in a way that won't have a large impact on the existing code. Assume a special user is created and ssh keys set up for all the hosts ever accessed, and then:foreach $dest (@dests) { system /usr/local/bin/ssh -l <user> -i <user's ssh identity> -t $de +st sudo scriptname + opts }
- Use sudo -S and provide the password via stdin This will require wrapping the invocation of the program in a script and putting a password in it. Not brilliant, but it does have the minor advantage of being congruent to the command-line usage of the program. sudo also scares people less than setuid (though it probably shouldn't).
- Use a simple, carefully-written C wrapper for the program and make it setuid This has the disadvantage of being 'non-standard', which is annoying. Not as annoying as having to put passwords into scripts, though. It would be easy to weed out non-permitted users here.
|
---|
Replies are listed 'Best First'. | |
---|---|
Re: Running Perl program w/root privs via cron
by Corion (Patriarch) on Jun 08, 2002 at 19:42 UTC | |
by virtualsue (Vicar) on Jun 09, 2002 at 09:44 UTC | |
Re: Running Perl program w/root privs via cron
by atcroft (Abbot) on Jun 08, 2002 at 19:35 UTC | |
Re: Running Perl program w/root privs via cron
by Anonymous Monk on Jun 09, 2002 at 06:00 UTC | |
by virtualsue (Vicar) on Jun 09, 2002 at 11:03 UTC | |
Re: Running Perl program w/root privs via cron
by thraxil (Prior) on Jun 08, 2002 at 20:16 UTC | |
Re: Running Perl program w/root privs via cron
by greenFox (Vicar) on Jun 09, 2002 at 06:14 UTC |
Back to
Seekers of Perl Wisdom