Re: Ruby + SSH + Sudo

< ^ > P N |<>|^_>< --- | ~ ...Help
Sry, was really a backbone answer without thought.

One of the old hazards with using passwords on any kind of command line
is the risk of exposing it. I just never do it to be sure. I do not know
how big the risk really is today with current tools. Good old days was
full of shellscripts with all kind of obscure environment variables and
other crap.

On the other hand i do not see the problem with invoking it password
free, even if it's within a app. Specific account, ssh logon via
embedded pwd or (even better if supported) keyfile. Sudo without
password. Sounds solid to me without the need to risk/expose anything.
And since you ssh anyway, you don't need to stay in the boundaries of
same account.

Well, perhaps a dead horse anyhow, hope the original issue have been
resolved. This is after all not a Ruby-specific issue but rather a linux
 opinion thingy.

Still learning Ruby, and having lots of fun.

/Thomas

Rick DeNatale wrote:
> On 9/15/06, Thomas <notpublic / not.public> wrote:
>> Rick DeNatale wrote:
>> > On 9/8/06, Alex LeDonne <aledonne.listmail / gmail.com> wrote:
>> >> On 9/7/06, Matt Rose <mattrose / folkwolf.net> wrote:
>> >> > there is a way to pass the password in using sudo.  I forget the
>> >> > syntax but the man page should have it.  If you're still curious
>> >> > tomorrow, I'll dig up some code I wrote to do exactly this.
>> >> >
>> >> > Matt
>> >>
>> >> On my system, according to man sudo, -S causes sudo to read the
>> >> password from STDIN.
>> >
>> > Yep, missed that one.
>> >
>> > So:
>> >
>> > echo secretPasswd | ssh -S command...
>> >
>> > should do the trick
>> >
>>
>> And hope no one does a ps -a at the time and get account pwd.
>>
>> Might be best to use separate account with sudo privs without need of
>> pwd.
>>
>> Just my 0.02 cents
>>
> 
> Except this was [implicitly] in the context of executing the command
> from within a program.
> 
> It's an interesting thought though I'm not even sure that it's an
> issue if issued from the command line, this is on linux:
> 
> rick@frodo:/public/rubyscripts$ echo hello world | ruby -e
> "sleep(10);puts readlines.join(' ').chomp" & ps aux | grep hello
> [1] 5136
> rick      5138  0.0  0.1   2876   808 pts/2    S+   16:27   0:00 grep hello
> rick@frodo:/public/rubyscripts$ hello world
> 
> Where the hello world showed up after the command prompt 10 seconds later.
> 
>