[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: expect upgrade has broken my scripts

On Fri, 01 Sep 2000, Ethan Benson wrote:
>On Thu, Aug 31, 2000 at 11:34:32AM +0200, Russell Coker wrote:
>> #!/usr/bin/expect
>> set timeout 40
>> spawn ssh [lrange $argv 0 0]
>> expect "$"
>> send "exec su -\n"
>> expect "Password: "
>> send "$env(ROOTPW)\n"
>> expect "#"
>> send "exec bash\n"
>> expect "#"
>> interact
>ewww this is very insecure.  you also should not be running around as
>root full time, on any system.  go to root only when you need to for
>as long as needed to complete the very specific task.

My very specific task is to configure numerous server processes that run as
root and appropriately edit configuration files that are owned by root.  Also
I edit data files that are in no-login accounts (IE the shell specified in
/etc/passwd is /bin/false).

>if you really must go to root automatically and directly you would be
>better off setting PermitRootLogin to no-password and using RSA
>authentication.  (possibly with ssh-agent) 

The problem with that is that there is no way of tracking who is logging in
as root.  If ssh would log the fingerprint of the authorised key that was
used AND the identd information (if available) then I could probably do this.

I am in a site where there are a number of people doing things as root.  When
something gets stuffed up we can currently look at the logs to see who su'd
to root at the time of the breakage.

>but again that is very foolish thing to do, most work need not be done
>as root. 

I know all about this.  One benefit of a script to login as root rapidly is
that I can login, run one command, then logout.  So I am only as root for
small amounts of time needed to run a few commands.  It makes it easier for
my colleagues to see what I am doing, and means that I can easily go from
non-root to root without typing passwords excessive numbers of times.

Now we have resolved that issue, do you have any advice on how to run expect?

My current location - X marks the spot.

Reply to: