fab-user
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Fab-user] sudo fails every now and again

From: Jordi Funollet
Subject: Re: [Fab-user] sudo fails every now and again
Date: Sun, 04 Dec 2011 13:13:24 +0100
User-agent: Mozilla/5.0 (X11; Linux i686; rv:7.0.1) Gecko/20110929 Thunderbird/7.0.1 
On 12/02/2011 07:36 PM, Jeff Forcier wrote:

Another alternative is actually to remove the sudo password entirely
and give the user running this script (and only that user!) "ALL=(ALL)
NOPASSWD: ALL" access. Combined with key-only SSH authentication and
proper key management, it grants that user script-friendly admin
access without having the user's login password in your code.
You can fine tune still more your sudo rights, which makes more sound avoiding hard-coded passwords at all. 

  Cmnd_Alias DEPLOY = /usr/sbin/service bind stop, \
    /usr/sbin/service bind start, /usr/sbin/service bind restart

  deploy_user ALL=(ALL) NOPASSWD: DEPLOY


--
Jordi Funollet Pujol
http://www.linkedin.com/in/jordifunollet
reply via email to
[Prev in Thread] Current Thread [Next in Thread]