how to confirm non-root user is a qualified sudo user in a (perl)script?
ken.wolcott at med.ge.com
Thu Mar 18 10:51:41 EST 2004
Thank you very much for your reply.
Did you try your proposed solution? Did you try it for both
"authorized" sudo users and unauthorized users?
I guess I wasn't clear about what the problem is. The script I'm
writing needs to be non-interactive. If an unauthorized user of sudo
attempts to run sudo, the password prompt appears at the tty layer now
making the the script an interactive one. What I wanted to do was to
call sudo in such a way as it would either succeed or fail (error code
return handling), not ask for a password. Since it asks for a password,
it looks like I'll have to use the expect package in CPAN (it is a perl
script that I'm writing). I wanted to avoid using expect (even inside
perl), but it looks like I have no choice.
On Thu, 2004-03-18 at 06:11, Aaron Spangler wrote:
> How about something like this?
> sudo touch $tmpfile
> if [ -f $tmpfile ];then
> echo "Your sudo privs work fine"
> echo "Sorry. Unable to use sudo"
> exit 2
> rm -f $tmpfile
> sudo realcommand1
> sudo realcommand2
> sudo realcommand3
> sudo realcommand4
> ----- Original Message -----
> From: "Ken Wolcott" <ken.wolcott at med.ge.com>
> To: "sudo mailing list" <sudo-users at sudo.ws>
> Sent: Wednesday, March 17, 2004 2:15 PM
> Subject: how to confirm non-root user is a qualified sudo user in a
> > Hi;
> > I am writing a perl script that needs to be run as a non-root user
> > but uses sudo extensively. How do I verify in the
> > script (non-interactively) that the user running the script has
> > sudo privileges? It looks like I need to use expect (*sigh*) to
> > get underneath the tty layer. Right now it looks like I don't have
> > any choice but to assume that the user already has sudo
> > privileges. I have looked at the sudo man pages and in the mailing list
> > archives but I did not find anything I thought was pertinent to the
> > issue I am facing. The sudo privileges must be absolute like the
> > following in the sudoers file:
> > username ALL = NOPASSWD: ALL
> > Any hints?
> > Thanks,
> > Ken
More information about the sudo-users