how to confirm non-root user is a qualified sudo user in a (perl)script?

Ken Wolcott ken.wolcott at med.ge.com
Thu Mar 18 10:51:41 EST 2004 

Hi Aaron;

  Thank you very much for your reply.

  Did you try your proposed solution?  Did you try it for both
"authorized" sudo users and unauthorized users?

  I guess I wasn't clear about what the problem is.  The script I'm
writing needs to be non-interactive.  If an unauthorized user of sudo
attempts to run sudo, the password prompt appears at the tty layer now
making the the script an interactive one.  What I wanted to do was to
call sudo in such a way as it would either succeed or fail (error code
return handling), not ask for a password.  Since it asks for a password,
it looks like I'll have to use the expect package in CPAN (it is a perl
script that I'm writing).  I wanted to avoid using expect (even inside
perl), but it looks like I have no choice.

Ken

On Thu, 2004-03-18 at 06:11, Aaron Spangler wrote:
> How about something like this?
> 
> #!/bin/sh
> tmpfile=/tmp/sudo_test$$
> 
> sudo touch $tmpfile
> if [ -f $tmpfile ];then
>   echo "Your sudo privs work fine"
> else
>   echo "Sorry.  Unable to use sudo"
>   exit 2
> fi
> rm -f $tmpfile
> 
> sudo realcommand1
> sudo realcommand2
> sudo realcommand3
> sudo realcommand4
> 
>  -Aaron
> 
> 
> ----- Original Message -----
> From: "Ken Wolcott" <ken.wolcott at med.ge.com>
> To: "sudo mailing list" <sudo-users at sudo.ws>
> Sent: Wednesday, March 17, 2004 2:15 PM
> Subject: how to confirm non-root user is a qualified sudo user in a
> (perl)script?
> 
> 
> > Hi;
> >
> > I am writing a perl script that needs to be run as a non-root user
> > but uses sudo extensively.  How do I verify in the
> > script (non-interactively) that the user running the script has
> > sudo privileges?  It looks like I need to use expect (*sigh*) to
> > get underneath the tty layer.  Right now it looks like I don't have
> > any choice but to assume that the user already has sudo
> > privileges.  I have looked at the sudo man pages and in the mailing list
> > archives but I did not find anything I thought was pertinent to the
> > issue I am facing.  The sudo privileges must be absolute like the
> > following in the sudoers file:
> >
> > username ALL = NOPASSWD: ALL
> >
> > Any hints?
> >
> > Thanks,
> > Ken

More information about the sudo-users mailing list