[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Omaha.pm] Net::SSH::Perl and sudo or su
Q. So you have to be root to run your bash script?
A. The sudo part is only for the sinfp check. I have keys for my own user on the systems.
Q. What does sudo do if you're already root?
A. Won't do anything because there is no root access to the remote host
Q. What is that doing? Is it doing it locally?
A. It is doing it locally...once it determines which OS is running (we only have 2 different flavors being Solaris or linux) it will be told where sudo is located. hmm.....may need to test my theory here for the Perl method.
Q. So this is our goal, right? To create /etc/serialnumber on the remote host?
A. Absolutely
Q. Why does this work under bash? Do all your remote hosts have
/root/.ssh/authorized_keys files set up to trust root coming from your
local machine?
A. The initial sudo test is to get the sudo running (for sinfp checks) so I don't have to do it every time. (you'll see why that is done after the next sentance) Typically during a session you only have to run sudo once for something; then it's taken care of your sudo session for a certain time.
This is actually part 2 of the script...one part has my hosts list and the other has a csv file with the serialnumbers, asset, tags and other miscelaneous info, they get cross referenced becuase the list is mixed with Windows servers. That script calls this one for every host.
The functional part of the script runs entirely under my own account it ssh's to a box sending along the script it needs to run as part of the ssh command which includes the sudo commands that the remote host needs to run.
I'm thinking I should have included line numbers in the code so I could highlight certain aspects.
#-------------------------------------------------
# Making the connections
#-------------------------------------------------
if [ ${DEBUG} -eq 0 ]; then
Here's how this would initally read (run as me not sudo'd locally):
/usr/bin/ssh "host" "echo -e [the string with all the information in it] to a serialnumber temp file. THEN "remote sudo here' move the temp file to /etc and change it's permissions"
$SSHCMD ${SNFILE[${HOS}]} "echo -e $STR > /tmp/${SNFILE[${HOS}]}.sn
;$SUDO mv /tmp/${SNFILE[${HOS}]}.sn /etc/serialnumber; $SUDO chmod 660
/etc/serialnumber"
RESULT=$?
if [ ${RESULT} -gt 0 ]; then
exit 22
fi
else
echo "This is what would be sent to ${SNFILE[${HOS}]}!"
echo -e $STR
fi