Although security conscious people would shun against any means to pipe password into sudo, there is many legitimate reasons why you'd want to do it. All of the reasons have one thing in common: automate a process that requires 'sudo'.
Let me just make up an arbitrary automation example: building a large system that takes several hours, then download and install all necessary driver, finally deploying the new built system on the machine. Part of this automation may require root access.
There are many work-arounds to do that. One of them being 'expect'. But the 'sudo' implementer already anticipated the necessity to automate 'sudo', therefore, has implemented the '-S' flag. Here is the man page quote for the flag:
"The -S (stdin) option causes sudo to read the password from the standard input instead of the terminal device. The password must be followed by a newline character."
Here is the syntax of using it:
echo [password] | sudo -S [command]
I suspect many security conscious folks are jumping up and down, screaming in rage by now. But there are many ways to provide security even when the password is visible in a script. One, you can create a special account that has tightly controlled privileges, such as only being able to execute the automation. If you are a security conscious person, then I bet you can come up with many more solutions to provide security to piping password into 'sudo'.
Did your message disappear? Read the Forums FAQ.
Spam Control | * indicates required field
No TrackBacks yet. TrackBack can be used to link this thread to your weblog, or link your weblog to this thread. In addition, TrackBack can be used as a form of remote commenting. Rather than posting the comment directly on this thread, you can posts it on your own weblog. Then have your weblog sends a TrackBack ping to the TrackBack URL, so that your post would show up here.
Messages, files, and images copyright by respective owners.
39 Users Online
Copyright © 2004 - 2017. All Rights Reserved.