Beefy Boxes and Bandwidth Generously Provided by pair Networks
Do you know where your variables are?

Re: send su password in ssh

by ctilmes (Vicar)
on Sep 27, 2010 at 21:53 UTC ( #862310=note: print w/replies, xml ) Need Help??

in reply to send su password in ssh

I agree with the discomfort expressed by sundialsvc4 about doing it at all, but with that caveat, if you do need/want to do it that way, use the SSH facilities to limit the use of the key to come from only a specific IP address, and only allow it to be used to run a specific command.

Replies are listed 'Best First'.
Re^2: send su password in ssh
by sundialsvc4 (Abbot) on Sep 28, 2010 at 01:11 UTC

    I believe that the tool to be used here is sudo.

    If I may hazard a general statement here... I rather think that too many developers “routinely” have access to root.   And they (so to speak) “lazily” write code that “merely assumes it.”   They write code that does things as they would (can...) do it.   And this quickly leads to trouble.

    The “principle of least privilege” needs to apply to every privileged thing that you do.   I happen to think that it is an excellent practice to dictate that no developer shall have access to root.   If you impose that restriction upon them (also building the restriction that “developers have no way to reach the production databases, directories and files,” no matter how loudly they whine), that restriction becomes reflected in their code.   Necessity is the mother of invention.   Even a self-imposed version of that discipline is beneficial.   This point-of-view needs to be something that is “in your blood.”

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://862310]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others exploiting the Monastery: (3)
As of 2021-09-20 09:10 GMT
Find Nodes?
    Voting Booth?

    No recent polls found