On Mon, 2003-06-16 at 19:26, Drew Weaver wrote:
> Ok, well im not trying to be difficult, this script adds/removes/changes
> users in the passwd files. Basically what happens is a cold fusion
> script on our db server contacts the mail server and says hey, add this
> user, with this password, and this perl script does it, and returns an
> OKOK, the perl script runs under apache, im not sure how you make apache
> run sudo before launching the create/delete/modify scripts.
>
> Any advice on this would be appreciated.
>
I use php and have always just used it in either backticks or the
system() function.
here is one that retrieves a file from one of our remote displays and
copies it to a local temp file the user specified is the only one with a
key on the remote computer to allow the copy via scp.
$scpoutput = system("sudo -u exhibitor scp
$display:$output.screen.small.jpeg $localtmpfile 2>&1",$retcode);
you use the command visudo to configure sudo. here is a sample from the
one on the box that allows nobody to run any command as exhibitor
without a password. (yeah it is an old server that runs our internal
web-based app)
nobody ALL=(exhibitor) NOPASSWD:ALL
Here is one that allows a user (exhibitor) cronjob to load a database
with log information after it has down loaded all the logfiles and
summarized them. I happens that I own the db.
exhibitor ALL=(bhughes) NOPASSWD: /usr/local/bin/elevatingloadlog.pl
the command /usr/local/bin/elevatingloadlog.pl is the only one that
exhibitor can run as me.
sudo has lots of grouping functionality that I have never had a real
reason to get into but it is a fantastic tool.
Bret
--
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/redhat-list
