Sudo with background processes
mlh at zip.com.au
mlh at zip.com.au
Thu Feb 26 06:15:08 EST 2004
On Wed, 25 Feb 2004 12:15:50 -0600
"Ladner, Eric (Eric.Ladner)" <Eric.Ladner at chevrontexaco.com> wrote:
>
> Launching the script with sudo gets your fresh key out there for 5
> minutes. The only problem with that is if in the script you call sudo
> 15 minutes later, it'll prompt you again.
>
> The thing to do is remove the sudo inside the script and have them
> launch the script with sudo.
The other alternative is to leave them in the script and make
them NOPASSWD. There is usually no real loss in security if
the command is very specific, and you get a lot better auditing.
Matt
More information about the sudo-users
mailing list