On Mon, Oct 31, 2016 at 3:44 PM, Ben Finney <ben+pyt...@benfinney.id.au> wrote: > Note that ‘sudo’ is specifically designed to be invoked interactively, > seeking to verify that the current user has credentials to run the > command. > > Note further that ‘sudo’ will record when the *current user session* > last invoked ‘sudo’ and seek re-verification if that is too long in the > past. > > Both of these are security measures, and are designed to avoid > non-interactive use of ‘sudo’. Rather, it's meant to be used > interactively by a real, present human with credentials to run the > command.
I don't know that non-interactive sudo is so bad a thing. In fact, sudo has a --non-interactive option that appears specifically designed for this kind of thing - it causes the command to fail rather than prompt. You can configure a sudoers file to allow passwordless execution of specific commands, and then permit scripts to elevate privileges in very limited ways, safely. ChrisA -- https://mail.python.org/mailman/listinfo/python-list