how to confirm non-root user is a qualified sudo user in a (perl) script?
Todd C. Miller
Todd.Miller at courtesan.com
Fri Mar 19 12:55:32 EST 2004
In message <1079645251.1658.80.camel at tuba.moneng.mei.com>
so spake Ken Wolcott (ken.wolcott):
> However, just like telnet and ftp and a multitude of other user
> applications that are usually meant for interactive use that do require
> authentication, the password prompt is at the tty layer, not in the
> STDIN layer. So just redirecting the input, output and stderr, as your
> example code does, is not sufficient. It looks like I need to use
> expect, which handles the tty layer, or expect within perl. I was
> hoping that there was something in the usage that I was missing with
> sudo that would not prompt me for a password, and would just silently
> fail (nonzero error code response) and/or a simple stderr error msg.
> Your code snippet constantly and consistently fails (at least for me) in
> spite of whether the user who runs it is authorized to run sudo or not.
> I even inserted a benign command for the user to execute with sudo (eg:
> /bin/ls) and it still fails. Doing the equivalent from the command line
> directly also fails as the password is still displayed.
Hmm, the use of the -S flag should be all that is required to avoid
use of /dev/tty; it certainly does in my tests. What version of
sudo are you using?
- todd
More information about the sudo-users
mailing list