sudoers - permettere comando user@host
Da "hosta" mi autentico con certificato su "hostb" ed eseguo il seguente
comando:
backuppc@hosta:~$ /usr/bin/ssh -q -x -n -t -l backuppc hostb \
/usr/bin/sudo /bin/tar
Se su "hostb" configuro '/etc/sudoers' cosi', in modo tale da permettere
l'esecusione di '/bin/tar' solo per 'backuppc@marte':
User_Alias BACKUPUSERS, backuppc
Host_Alias BACKUPSERVERS=marte, 10.1.1.134
Defaults visiblepw
BACKUPUSERS BACKUPSERVERS=(ALL) NOPASSWD: /bin/tar
ottengo:
backuppc@marte:~$ /usr/bin/ssh -q -x -n -t -l backuppc ldp038 /usr/bin/
sudo /bin/tar
[sudo] password for backuppc: Sorry, try again.
[sudo] password for backuppc: Sorry, try again.
[sudo] password for backuppc: Sorry, try again.
sudo: 3 incorrect password attempts
e su "hostb" leggo:
Feb 14 08:58:53 ldp038 sshd[19820]: Accepted publickey for backuppc
from 10.1.1.134 port 54517 ssh2
Feb 14 08:58:53 ldp038 sshd[19820]: pam_unix(sshd:session): session
opened for user backuppc by (uid=0)
Feb 14 08:58:54 ldp038 sudo: pam_unix(sudo:auth): conversation failed
Feb 14 08:58:54 ldp038 sudo: pam_unix(sudo:auth): auth could not
identify password for [backuppc]
Feb 14 08:58:54 ldp038 sudo: pam_unix(sudo:auth): conversation failed
Feb 14 08:58:54 ldp038 sudo: pam_unix(sudo:auth): auth could not
identify password for [backuppc]
Feb 14 08:58:54 ldp038 sudo: pam_unix(sudo:auth): conversation failed
Feb 14 08:58:54 ldp038 sudo: pam_unix(sudo:auth): auth could not
identify password for [backuppc]
Feb 14 08:58:54 ldp038 sudo: backuppc : 3 incorrect password attempts ;
TTY=unknown ; PWD=/home/backuppc ; USER=root ; COMMAND=/bin/tar
Feb 14 08:58:54 ldp038 sshd[19820]: pam_unix(sshd:session): session
closed for user backuppc
Se invece riconfiguro /etc/sudoers:
BACKUPUSERS ALL=(ALL) NOPASSWD: /bin/tar
tutto funziona.
Cosa sto sbagliando? :/
Reply to: