[ale] to sudo or not to sudo

Lightner, Jeff JLightner at water.com
Thu Jan 26 10:23:17 EST 2012


The other thing you can do if you start with sudo is include an su in your script so that other commands don't run as root:

sudo script

script has something like:
#!/bin/bash
rootcommand
su - nonrootuser -c otherscript

Since the script is running as root it has permission to su to any other user it wants.  We have many cron jobs we run as root (so don't need to sudo to them) that do the switch user when they get to sections that don't need to be run as root.

Again you have to be sure the script is only editable by root and is in a directory that can only be changed by root.





-----Original Message-----
From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On Behalf Of John Pilman
Sent: Thursday, January 26, 2012 10:07 AM
To: Atlanta Linux Enthusiasts
Subject: Re: [ale] to sudo or not to sudo

On Thu, Jan 26, 2012 at 9:58 AM, leam hall <leamhall at gmail.com> wrote:
> I think so, but try it. write the script with a sudo, and then a line
> afterwards  "touch /tmp/myfile". See who owns /tmp/myfile.

OK, I tried and it is owned by root.
...John

_______________________________________________
Ale mailing list
Ale at ale.org
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo




Athena®, Created for the Cause(tm)
Making a Difference in the Fight Against Breast Cancer

---------------------------------
CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you.
----------------------------------




More information about the Ale mailing list