[TriLUG] Help with setuid C wrapper script

Aaron Joyner aaron at joyner.ws
Wed Oct 13 09:52:53 EDT 2010


Another way to solve the same problem is to ask ssh to always create a
psuedo-tty.  By default, if you're not running an interactive shell, the
openssh client will not request a psuedo-tty on the remote end, as
presumably you won't be doing things like running curses apps or editors
which make use of the size and display parameters of your tty.  You can
request that it ignore your environment and ask for a pseudo-tty with the -t
flag.  From the ssh man page:

-----8< snip 8<-----
     -T      Disable pseudo-tty allocation.
     -t      Force pseudo-tty allocation.  This can be used to execute
arbitrary screen-based programs on a remote machine, which can be
very useful, e.g. when implementing menu services.  Multiple -t options
force tty allocation, even if ssh has no local tty.
-----8< snip 8<-----

Thus:
ssh -t rmaint at 1.2.3.4 "tail -100 /var/log/messages"

Aaron S. Joyner


On Wed, Oct 13, 2010 at 1:25 PM, Ron Kelley <rkelleyrtp at gmail.com> wrote:

> Thanks Kevin.  This got me 99% there.  After using "sudo" in the command, I
> got this message:
>
> "sudo: sorry, you must have a tty to run sudo"
>
>
> After a little googling, I found I needed to add an additional line to
> /etc/sudoers like this:
>
> Defaults:%rmaint !requiretty
>
>
> This allows the user "rmaint" to run sudo without a tty.  So, the complete
> lines in /etc/sudoers include:
> --------------------------------------------------------
> Defaults:%rmaint !requiretty
> rmaint ALL=(root) NOPASSWD: /usr/bin/tail -100 /var/log/messages,
> /usr/bin/tail -50 /var/log/secure
> --------------------------------------------------------
>
>
> Hope this helps someone else...
>
>
> Really appreciate the help of everyone on the alias!
>
>
>
>
> -Ron
>
>
>
>
>
>
>
> On Oct 13, 2010, at 9:08 AM, Kevin Hunter wrote:
>
> > At 8:31am -0400 Wed, 13 Oct 2010, Ron Kelley wrote:
> >> Thanks for the syntax Jonathan. However, this is what happens when I
> >> try to do the command:
> >>
> >> [root at test-svr1 ~]# ssh rmaint at 1.2.3.4 "tail -100 /var/log/messages"
> >> tail: cannot open `/var/log/messages' for reading: Permission denied
> >
> > /etc/sudoers is read by the sudo command.  Meaning that the user needs to
> use sudo.  Try:
> >
> > $ ssh rmaint at 1.2.3.4 "sudo tail -100 /var/log/messages"
> >
> > Note also that sudo requires the command to match /exactly/.  For
> instance if you had this in your sudoers file:
> >
> > rmaint ALL=(root) NOPASSWD: /bin/ls /var/spool/cron/atjobs/
> >
> > Then you would always need that trailing slash or will ask for a
> password:
> >
> > $ sudo ls /var/spool/cron/atjobs
> > [sudo] password for rmaint:
> >
> > Hope this helps,
> >
> > Kevin
> > --
> > This message was sent to: Ron Kelley <rkelleyrtp at gmail.com>
> > To unsubscribe, send a blank message to trilug-leave at trilug.org from
> that address.
> > TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> > Unsubscribe or edit options on the web        :
> http://www.trilug.org/mailman/options/trilug/rkelleyrtp%40gmail.com
> > TriLUG FAQ          :
> http://www.trilug.org/wiki/Frequently_Asked_Questions
>
> --
> This message was sent to: Aaron S. Joyner <aaron at joyner.ws>
> To unsubscribe, send a blank message to trilug-leave at trilug.org from that
> address.
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> Unsubscribe or edit options on the web  :
> http://www.trilug.org/mailman/options/trilug/aaron%40joyner.ws
> TriLUG FAQ          :
> http://www.trilug.org/wiki/Frequently_Asked_Questions
>



More information about the TriLUG mailing list