|
From: | Jordi Funollet |
Subject: | Re: [Fab-user] sudo fails every now and again |
Date: | Sun, 04 Dec 2011 13:13:24 +0100 |
User-agent: | Mozilla/5.0 (X11; Linux i686; rv:7.0.1) Gecko/20110929 Thunderbird/7.0.1 |
On 12/02/2011 07:36 PM, Jeff Forcier wrote:
Another alternative is actually to remove the sudo password entirely and give the user running this script (and only that user!) "ALL=(ALL) NOPASSWD: ALL" access. Combined with key-only SSH authentication and proper key management, it grants that user script-friendly admin access without having the user's login password in your code.
You can fine tune still more your sudo rights, which makes more sound avoiding hard-coded passwords at all.
Cmnd_Alias DEPLOY = /usr/sbin/service bind stop, \ /usr/sbin/service bind start, /usr/sbin/service bind restart deploy_user ALL=(ALL) NOPASSWD: DEPLOY -- Jordi Funollet Pujol http://www.linkedin.com/in/jordifunollet
[Prev in Thread] | Current Thread | [Next in Thread] |