executing sudo from ruby

A

anansi

hi,
I wanna execute in a script of mine commands like: "sudo apt-get clean"
or "sudo nano /etc/X11/xorg.conf". The difference is:

The first command needs to be executed without influence to the main
process of the ruby scipt. It should simply be started as a second
process totally independent from the ruby-script which invokes it.
I think system("sudo apt-get clean") would be the right command.

The second command should be this way that it is the only one after it
has been executed. So the ruby-script should be stopped and therefor in
the same console nano should be opened.
I think exec("sudo nano /etc/X11/xorg.conf") would be the right command.

But my problem is the password of sudo? How can I make my ruby-scipt
give the password to sudo so I don't have to give it in every time?
 
M

Morten

anansi said:
hi,
I wanna execute in a script of mine commands like: "sudo apt-get clean"
or "sudo nano /etc/X11/xorg.conf". The difference is:

The first command needs to be executed without influence to the main
process of the ruby scipt. It should simply be started as a second
process totally independent from the ruby-script which invokes it.
I think system("sudo apt-get clean") would be the right command.

The second command should be this way that it is the only one after it
has been executed. So the ruby-script should be stopped and therefor in
the same console nano should be opened.
I think exec("sudo nano /etc/X11/xorg.conf") would be the right command.

But my problem is the password of sudo? How can I make my ruby-scipt
give the password to sudo so I don't have to give it in every time?
Click to expand...

Set NOPASSWD in your sudoers file for the given commands, eg.:

sudoeruser ALL=(ALL) NOPASSWD: /usr/bin/nano,/usr/bin/apt-get


Morten
 
A

anansi

thanks for your answers but that are no options here. I know hardcoded
passes are in generally a bad idea but it's really needed here and safe.
This is just a personal code on an offline pc with a highly encrypted
partitions...

Is there no way to give the pass as argument or pipe it or kind if that?
But as said I need a technique working in both cases mentioned in the
first post.
 
A

Alex Young

anansi said:
hi,
I wanna execute in a script of mine commands like: "sudo apt-get clean"
or "sudo nano /etc/X11/xorg.conf". The difference is:

The first command needs to be executed without influence to the main
process of the ruby scipt. It should simply be started as a second
process totally independent from the ruby-script which invokes it.
I think system("sudo apt-get clean") would be the right command.

The second command should be this way that it is the only one after it
has been executed. So the ruby-script should be stopped and therefor in
the same console nano should be opened.
I think exec("sudo nano /etc/X11/xorg.conf") would be the right command.

But my problem is the password of sudo? How can I make my ruby-scipt
give the password to sudo so I don't have to give it in every time?
Click to expand...
Wouldn't a setuid root script that actually calls the executable you're
aiming at do what you need here?
 
A

anansi

the thing is that everything needs to be done by this script and no
further command. So can an app give it self the root uid at runtime?
 
A

Alex Young

anansi said:
the thing is that everything needs to be done by this script and no
further command. So can an app give it self the root uid at runtime?
Click to expand...
After a little experimentation (on Ubuntu), it would seem that the only
way to get my suggestion to work is by creating a setuid link to the
ruby binary, and using that to run the script. That's just as insecure
as keeping a password in a file, so I take back my suggestion entirely.

A slightly less unsafe method (but still rather iffy) would be to create
a public key for the root account, and do everything over SSH. That way
you can arrange to only need to authenticate once per session (or, if
you really want to play fast and loose, leave the private key with an
empty passphrase). I don't know if that helps at all...
 
B

Bob Hutchison

the thing is that everything needs to be done by this script and no
further command. So can an app give it self the root uid at runtime?
Click to expand...

If you aren't worried about security, you might try expect. Using
expect you can define responses to prompts, e.g. responding with the
password.

----
Bob Hutchison -- tumblelog at <http://
www.recursive.ca/so/>
Recursive Design Inc. -- weblog at <http://www.recursive.ca/
hutch>
-- works at <http://www.recursive.ca/>
 
K

Ken Bloom

After a little experimentation (on Ubuntu), it would seem that the only
way to get my suggestion to work is by creating a setuid link to the
ruby binary, and using that to run the script. That's just as insecure
as keeping a password in a file, so I take back my suggestion entirely.

A slightly less unsafe method (but still rather iffy) would be to create
a public key for the root account, and do everything over SSH. That way
you can arrange to only need to authenticate once per session (or, if
you really want to play fast and loose, leave the private key with an
empty passphrase). I don't know if that helps at all...
Click to expand...

To run your editor, you'd probably need to use the -t option of ssh to
alloate a pseudo-tty.

You can configure the SSH keypair so that it's only authorized to run a
couple of specific commands, which should help with security. Also, be
sure to use "nano -R" so that the user can't edit other files.

The exec() call is wrong, because that replaces the running ruby script
with a different process, and the ruby script can't terminate. system()
is correct for the second case too.
 
B

Bob Hutchison

thanks for the hint but I only found this about expect:http://
www.ruby-doc.org/stdlib/libdoc/pty/rdoc/classes/IO.html#M001710
. Is there any better doc or examples for this ?
Click to expand...

I used the unix version of the command directly. The man page is
useful I thought. I've never used the ruby expect classes but imagine
that they would be doing something similar.

Cheers,
Bob
--
greets

one must still have chaos in oneself to be able
to give birth to a dancing star
Click to expand...

----
Bob Hutchison -- tumblelog at <http://
www.recursive.ca/so/>
Recursive Design Inc. -- weblog at <http://www.recursive.ca/
hutch>
-- works at <http://www.recursive.ca/>
 
D

Damjan Rems

Alex said:
After a little experimentation (on Ubuntu), it would seem that the only
way to get my suggestion to work is by creating a setuid link to the
ruby binary, and using that to run the script. That's just as insecure
as keeping a password in a file, so I take back my suggestion entirely.

A slightly less unsafe method (but still rather iffy) would be to create
a public key for the root account, and do everything over SSH. That way
you can arrange to only need to authenticate once per session (or, if
you really want to play fast and loose, leave the private key with an
empty passphrase). I don't know if that helps at all...
Click to expand...

How about running job in a cron under root user.

sudo kcron (in kde) will start kcron in mode where you can schedule a
job to run as any user.

by

TheR
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Trying to run a sudo command from script 2
problem executing bash script from ruby - resend 2
Using pexpect with 'sudo' 0
problem executing bash script from ruby 2
need help. want to use Net::sh to do sudo command 1
Installing Ruby on Red Hat Enterprise Edition on a Terminal 5
Can platform agnosticism be achieved? 6
RVM macruby install procedure needs improvement 4

Members online

No members online now.
Total: 30 (members: 0, guests: 30)
Robots: 319

Forum statistics

Threads
473,755
Messages
2,569,536
Members
45,011
Latest member
AjaUqq1950

Latest Threads

Top