Results 1 to 7 of 7

Thread: Sudo..Sudoers...General Access

  1. #1
    Join Date
    Feb 2007
    Beans
    9

    Sudo..Sudoers...General Access

    I am using Altiris Deployment Server that runs a job on some Mac computers that we have. The job is very simple and is comprised of two parts.

    Job: Deploy the Altiris NS Agent for Mac
    Task1: Copy file to
    Details: Copy from \\server\share1\aex-bootstrap.Z to / (root on Mac HD)

    Task2: Run Script
    Details:
    cd / (changes to root)
    uncompress aex-bootstrap.Z && chmod u+x aex-bootstrap && sudo ./aex-bootstrap http://altiris_server.acme.com

    The run script basically is doing a change dir to the root (where the file was copied in task1). Then it has a set of commands chained together.

    The uncompress command works perfectly, the aex-bootstrap.Z file becomes uncompress as aex-bootstrap on the root. The change mod to executable command is also functioning as intended. The problem happens when the sudo command is used to assume super user status to execute aex-bootstrap from the current dir and set the location of the Altiris Notification Server.

    Question is this: How do you solve this problem? It wouldn't be smart to pass the password in the script (if it's even possible) but I wonder if it is the only possible solution. I thought about editing the list of sudoers but I do not wish to attempt this as I would need to repeat this task on 300 computers.

    Ideas?!

  2. #2
    Join Date
    Dec 2005
    Beans
    19,390

    Re: Sudo..Sudoers...General Access

    Are you running this script on a Mac computer with what os: OSX or Ubuntu?
    Learning is not attained by chance, it must be sought for with ardor and attended to with diligence. Abigail Adams ( 1744 - 1818 ), 1780;

    My blog Poetry and More Free Ubuntu Magazine

  3. #3
    Join Date
    Feb 2007
    Beans
    9

    Re: Sudo..Sudoers...General Access

    Yes the script is executed on MAC OS X (10.4.11), While it is mac, in the terminal it's still unix

  4. #4
    Join Date
    May 2008
    Location
    SoCal
    Beans
    Hidden!
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Sudo..Sudoers...General Access

    You can use SUID for this. See:
    http://www.gnufans.net/~deego/pub/De...ianSetuid.html
    http://sisc.sdsu.edu/doc/debian/ch-advanced.html

    Read the pertinent parts on the sticky bit attribute. This may need to be confirmed for OSX as it uses BSD as it's base.

    Essentially you need to set the perms on the script to be something like: 4770 and owned by root and the group being someadmingroup. This will allow you to run the script as root while you are a member of the someadmingroup group.

    This has nothing to do with sudo. It can be a security risk. But if used wisely it has its place.
    -BAB1

  5. #5
    Join Date
    Dec 2005
    Beans
    19,390

    Re: Sudo..Sudoers...General Access

    Yes the script is executed on MAC OS X (10.4.11), While it is mac, in the terminal it's still unix
    Moved to BSD Discussions. General Help is restricted to Ubuntu, Kubuntu, and Xubuntu. Also OSX is directly based, in part, on FreeBSD.
    Learning is not attained by chance, it must be sought for with ardor and attended to with diligence. Abigail Adams ( 1744 - 1818 ), 1780;

    My blog Poetry and More Free Ubuntu Magazine

  6. #6
    Join Date
    Aug 2007
    Beans
    2,132

    Re: Sudo..Sudoers...General Access

    Quote Originally Posted by Sef View Post
    Moved to BSD Discussions. General Help is restricted to Ubuntu, Kubuntu, and Xubuntu. Also OSX is directly based, in part, on FreeBSD.
    What? We have a Mac OSX subforum that is a much better place for OS X related topics

  7. #7
    Join Date
    Nov 2005
    Location
    Bordeaux, France
    Beans
    11,297
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Sudo..Sudoers...General Access

    Quote Originally Posted by cardinals_fan View Post
    What? We have a Mac OSX subforum that is a much better place for OS X related topics
    Aye.
    「明後日の夕方には帰ってるからね。」


Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •