sudo-agent
Alek O. Komarnitsky (N-CSC)
alek at ast.lmco.com
Tue Jun 12 01:42:55 EDT 2001
> From: John E Hein at work <jhein at timing.com>
> Subject: sudo-agent
> To: sudo-users at courtesan.com
>
> I have the need to be able to run a script that takes a long time that
> only needs sudo privs at a few strategic points in the script.
>
> I would like to be able to enter my password at the beginning of the run,
> but not run as su until a sudo is actually executed. In essence something
> could securely store the sudo credential until needed.
>
> ...
>
> Anyone ever done something like that? This avoids the problem with
> sudo timing out and exiting after a few minutes if I don't get back to type the password at the
> right time. And it allows me to just type in the password once and not have to come back and type it in each time I need sudo privs in the script.
>
>
> Right now, our workaround is to call sudo-wrapper:
>
> #!/bin/sh
> # Avoid sudo timeouts in long-running, multi-part makefiles
> while :
> do
> sudo -v
> if [ $? -eq 1 ]
> then
> continue
> fi
> sudo $*
> break
> done
> exit $?
>
>
> But this still requires me to return to the script each time sudo needs
> to be updated with a fresh password. If my script takes 15 hours to run
> and needs sudo privs a dozen times, this gets to be tedious. For a build
> as complex as this one, I don't want to run the whole thing as root.
My submittal for the hack job of the month would be:
sudo -v # so you get his interactively for password
$lockfile = /tmp/keep-my-sudo # More appropriate name/location could be used
touch $lockfile
run-sudo-keeper $lockfile & # See script below - put in background!
run various shell commands that you want done
rm $lockfile # Remove this sorry excuse for a lockfile
And run-sudo-keeper (which is fired up in the background)
$lockfile = $1
while ( -e $lockfile ) {
sleep 240 # 4 minutes
sudo -v # refresh the timestamp
also-exit-loop-if-"parent"-process above dies
}
That's the basic idea - some appropriate error checking/corner cases
would have to be covered ... not elegant ... but should work and some
random thoughts at close to Midnight on a warm Colorado evening! ;-)
alek
More information about the sudo-users
mailing list