RE: [PBML] Net:: Telnet and sudo problem
- First I have no control over the sudoers file, the customer would never
allow a NOPASSWD entry in it. Secondly I've tried redirecting the
command output into a file to copy back, but for some reason the
redirect doesn't work either under sudo. If I do anything with sudo,
either sudo <command> or sudo su -, all I get back is a 1 or 0 for
success or failure. The Dump_log and Input_log shows the commands
executed successfully. Sudo seams to put an extra wrapper around
Net::Telnet that I haven't figured out how to get around. Does anyone
have any other ideas.
HP UNIX OVO Enrollment
From: Rob Biedenharn [mailto:Rob@...]
Sent: Monday, July 02, 2007 5:44 PM
To: Dukelow, Don
Subject: Re: [PBML] Net:: Telnet and sudo problem
On Jul 2, 2007, at 2:06 PM, Dukelow, Don wrote:
> I've posted this before a after several suggestion offline it was
> suggested to repost to all.
> I'm using Net::telnet to log into a remote server and once there I
> issue the following commands.
> my @answer = $TELNET->print('sudo df -k');
> $TELNET->waitfor('/Password:/i'); $TELNET->print($PASSWD);
> print "TEST @answer\n";
> If I do this without sudo it works fine, but the shell script I want
> to run requires root access this the need for sudo.
> The dump_log puts this out!
> 0x00000: 73 75 64 6f 20 64 66 20 2d 6b 0d 0a sudo df
> < 0x00000: 73 75 64 6f 20 64 66 20 2d 6b 0d 0a sudo df
> < 0x00000: 50 61 73 73 77 6f 72 64 3a
> > 0x00000: XX XX XX XX XX XX XX XX XX XX
> The only thing I get back in @answer is a 1, not the output from df
> I believe the "1" coming back is from the successful password entry.
> How can I get the results back from the df or any other command/
> script I want through sudo?
> Don Dukelow
> HP UNIX OVO Enrollment
> Hewlett-Packard Company
> e-mail: dukelow@...
> URL: http://www.hp.ca
You can add 'NOPASSWD:' in front of the df line in the sudoers file
and allow certain commands to be run without requiring a password.
Alternatively, you could run some other command with sudo first and then
the df command wouldn't need a password (if your sudo is configured to
have a timeout on the authentication step as most do).
You'll probably notice that your password has magically appeared.
You need to sanitize the hex dump as well as the ASCII part to keep such
things secret. Besides, it's not a good idea to hardcode passwords in
Rob Biedenharn http://agileconsultingllc.com
- Hello All:
Which one of the two versions of blessing is better?
The 'two parameter' version. e.g. bless $objref, $class;
Or the 'no parameter' version.
What are the advantages of one over the other? Or is there any difference at all?
Send free SMS to your Friends on Mobile from your Yahoo! Messenger. Download Now! http://messenger.yahoo.com/download.php
[Non-text portions of this message have been removed]
>>>>> "aditi" == aditi gupta <aditi9783@...> writes:aditi> Which one of the two versions of blessing is better?
aditi> The 'two parameter' version. e.g. bless $objref, $class;
aditi> Or the 'no parameter' version.
One-argument "bless" was a mistake. Always use the two-argument version.
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!