how to confirm non-root user is a qualified sudo user in a (perl) script?
Ken Wolcott
ken.wolcott at med.ge.com
Fri Mar 19 13:40:35 EST 2004
Hi Todd;
This is very bizarre -- the following works from the command line now:
sudo -S -v </dev/null >/dev/null 2>&1
echo $?
As an authorized sudo user: output is 0 (good)
As an unauthorized sudo user: output is 1 (good)
Wonder why it wasn't working yesterday? Doesn't work on Thursdays? :-)
It should be fine in perl now...
Thanks for the help,
Ken
On Fri, 2004-03-19 at 11:55, Todd C. Miller wrote:
> In message <1079645251.1658.80.camel at tuba.moneng.mei.com>
> so spake Ken Wolcott (ken.wolcott):
>
> > However, just like telnet and ftp and a multitude of other user
> > applications that are usually meant for interactive use that do require
> > authentication, the password prompt is at the tty layer, not in the
> > STDIN layer. So just redirecting the input, output and stderr, as your
> > example code does, is not sufficient. It looks like I need to use
> > expect, which handles the tty layer, or expect within perl. I was
> > hoping that there was something in the usage that I was missing with
> > sudo that would not prompt me for a password, and would just silently
> > fail (nonzero error code response) and/or a simple stderr error msg.
> > Your code snippet constantly and consistently fails (at least for me) in
> > spite of whether the user who runs it is authorized to run sudo or not.
> > I even inserted a benign command for the user to execute with sudo (eg:
> > /bin/ls) and it still fails. Doing the equivalent from the command line
> > directly also fails as the password is still displayed.
>
> Hmm, the use of the -S flag should be all that is required to avoid
> use of /dev/tty; it certainly does in my tests. What version of
> sudo are you using?
>
> - todd
More information about the sudo-users
mailing list