[Omaha.pm] Net::SSH::Perl and sudo or su

Anthony Simons webmaster at tvortex.net
Thu Dec 6 16:03:41 PST 2007 

K, this doesn't wok so well with gmail so I emerged thunderbird :P

Q. So you have to be root to run your bash script?
A. The sudo part is only for the sinfp check.  I have keys for my own
user on the systems.

Q. What does sudo do if you're already root?
A. Won't do anything because there is no root access to the remote host

Q. What is that doing? Is it doing it locally?
A. It is doing it locally...once it determines which OS is running (we
only have 2 different flavors being Solaris or linux) it will be told
where sudo is located.  hmm.....may need to test my theory here for
the Perl method.*
*
Q. So this is our goal, right? To create /etc/serialnumber on the remote host?
A. Absolutely

Q. Why does this work under bash? Do all your remote hosts have
/root/.ssh/authorized_keys files set up to trust root coming from your
local machine?

A. The initial sudo test is to get the sudo running (for sinfp checks)
so I don't have to do it every time. (you'll see why that is done
after the next sentance)  Typically during a session you only have to
run sudo once for something; then it's taken care of your sudo session
for a certain time.
This is actually part 2 of the script...one part has my hosts list and
the other has a csv file with the serialnumbers, asset, tags and other
miscelaneous info, they get cross referenced becuase the list is mixed
with Windows servers.  That script calls this one for every host.

The functional part of the script runs entirely under my own account
it ssh's to a box sending along the script it needs to run as part of
the ssh command which includes the sudo commands that the remote host
needs to run.
I'm thinking I should have included line numbers in the code so I
could highlight certain aspects.

#-------------------------------------------------
# Making the connections
#-------------------------------------------------
if [ ${DEBUG} -eq 0 ]; then

Here's how this would initally read (run as me not sudo'd locally):
   /usr/bin/ssh "host" "echo -e [the string with all the information
in it] to a serialnumber temp file. THEN "remote sudo here' move the
temp file to /etc and change it's permissions"

    $SSHCMD ${SNFILE[${HOS}]} "echo -e $STR > /tmp/${SNFILE[${HOS}]}.sn
;$SUDO mv /tmp/${SNFILE[${HOS}]}.sn /etc/serialnumber; $SUDO chmod 660
/etc/serialnumber"
    RESULT=$?
    if [ ${RESULT} -gt 0 ]; then
        exit 22
    fi
else
    echo "This is what would be sent to ${SNFILE[${HOS}]}!"
    echo -e $STR
fi

More information about the Omaha-pm mailing list