Alex Young
6/13/2007 1:19:00 PM
anansi wrote:
> the thing is that everything needs to be done by this script and no
> further command. So can an app give it self the root uid at runtime?
After a little experimentation (on Ubuntu), it would seem that the only
way to get my suggestion to work is by creating a setuid link to the
ruby binary, and using that to run the script. That's just as insecure
as keeping a password in a file, so I take back my suggestion entirely.
A slightly less unsafe method (but still rather iffy) would be to create
a public key for the root account, and do everything over SSH. That way
you can arrange to only need to authenticate once per session (or, if
you really want to play fast and loose, leave the private key with an
empty passphrase). I don't know if that helps at all...
--
Alex
>
> Alex Young wrote:
>> anansi wrote:
>>> hi,
>>> I wanna execute in a script of mine commands like: "sudo apt-get
>>> clean" or "sudo nano /etc/X11/xorg.conf". The difference is:
>>>
>>> The first command needs to be executed without influence to the main
>>> process of the ruby scipt. It should simply be started as a second
>>> process totally independent from the ruby-script which invokes it.
>>> I think system("sudo apt-get clean") would be the right command.
>>>
>>> The second command should be this way that it is the only one after
>>> it has been executed. So the ruby-script should be stopped and
>>> therefor in the same console nano should be opened.
>>> I think exec("sudo nano /etc/X11/xorg.conf") would be the right command.
>>>
>>> But my problem is the password of sudo? How can I make my ruby-scipt
>>> give the password to sudo so I don't have to give it in every time?
>>>
>>>
>> Wouldn't a setuid root script that actually calls the executable
>> you're aiming at do what you need here?
>>
>
>