Discussion:
[drbd-mc] Using DRBD MC with sudo will leave cleartext password visable with ps -ef
Kulovits Christian - OS ITSC
2010-12-20 10:11:23 UTC
Permalink
Hello,

We are using DRBD MC for some Linux Clusters, and it is a very great tool.
We are not allowed to login with root account to our systems for admin purposes and so we use the sudo facility from the mc. We have su and sudo configured to get used without password for our admins, but when using the mc we could see the cleartext password with the ps -ef command:

user 13768 29341 0 10:50 pts/2 00:00:00 bash -c trap - SIGPIPE;echo "PASSWORD"|sudo -S -p '' bash -c "trap - SIGPIPE; { nice -n 19 /usr/local/bin/drbd-gui-helper-0.8.6 hw-info-lazy; } 2>&1" 2>/dev/null

Is there another way to establish required authority, eg. sudo without password, or su -l (without password)?

Regards, Christian


________________________________________________
Austrian Airlines AG, Office Park 2, P.O. Box 100, 1300?Vienna-Airport, Austria, registered office: Vienna, registered with?Vienna Commercial Court under FN 111000k, DVR 0091740. This?e-mail is confidential and is subject to disclaimers. Details can be found at: http://www.austrian.com/disclaimer.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linbit.com/pipermail/drbd-mc/attachments/20101220/a6bf5034/attachment.htm>
Rasto Levrinc
2010-12-20 14:16:43 UTC
Permalink
Post by Kulovits Christian - OS ITSC
Hello,
We are using DRBD MC for some Linux Clusters, and it is a very great
tool. We are not allowed to login with root account to our systems for
admin purposes and so we use the sudo facility from the mc. We have su
and sudo configured to get used without password for our admins, but when
user 13768 29341 0 10:50 pts/2 00:00:00 bash -c trap - SIGPIPE;echo
"PASSWORD"|sudo -S -p '' bash -c "trap - SIGPIPE; { nice -n 19
/usr/local/bin/drbd-gui-helper-0.8.6 hw-info-lazy; } 2>&1" 2>/dev/null
Is there another way to establish required authority, eg. sudo without
password, or su -l (without password)?
If you configure sudo without password, then if you enter anything as a
"sudo password" it should work. I'll try to think about something to make
it suck less.

Rasto
--
: Dipl-Ing Rastislav Levrinc
: DRBD MC http://oss.linbit.com/drbd-mc/
: DRBD MC http://www.drbd.org/mc/management-console/
: DRBD/HA support and consulting http://www.linbit.com/
DRBD(R) and LINBIT(R) are registered trademarks of LINBIT, Austria.
Kulovits Christian - OS ITSC
2010-12-21 10:10:58 UTC
Permalink
Post by Rasto Levrinc
Post by Kulovits Christian - OS ITSC
Hello,
We are using DRBD MC for some Linux Clusters, and it is a very great
tool. We are not allowed to login with root account to our systems for
admin purposes and so we use the sudo facility from the mc. We have su
and sudo configured to get used without password for our admins, but when
user 13768 29341 0 10:50 pts/2 00:00:00 bash -c trap - SIGPIPE;echo
"PASSWORD"|sudo -S -p '' bash -c "trap - SIGPIPE; { nice -n 19
/usr/local/bin/drbd-gui-helper-0.8.6 hw-info-lazy; } 2>&1" 2>/dev/null
Is there another way to establish required authority, eg. sudo without
password, or su -l (without password)?
If you configure sudo without password, then if you enter anything as a
"sudo password" it should work. I'll try to think about something to make
it suck less.
Rasto
Hello,
We get prompted for a password only once, which is used for the ssh connection and the sudo command.
Christian


________________________________________________
Austrian Airlines AG, Office Park 2, P.O. Box 100, 1300?Vienna-Airport, Austria, registered office: Vienna, registered with?Vienna Commercial Court under FN 111000k, DVR 0091740. This?e-mail is confidential and is subject to disclaimers. Details can be found at: http://www.austrian.com/disclaimer.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linbit.com/pipermail/drbd-mc/attachments/20101221/0fc00ea5/attachment.htm>
Rasto Levrinc
2010-12-21 16:57:24 UTC
Permalink
Post by Kulovits Christian - OS ITSC
Post by Rasto Levrinc
Post by Kulovits Christian - OS ITSC
Is there another way to establish required authority, eg. sudo
without password, or su -l (without password)?
If you configure sudo without password, then if you enter anything as a
"sudo password" it should work. I'll try to think about something to
make it suck less.
Rasto
Hello,
We get prompted for a password only once, which is used for the ssh
connection and the sudo command. Christian
Hi, if you connect using ssh-keys, then you get prompt to enter a sudo
password, where you can enter anything, if you have sudo with no password.
This is what I tried. :)

Rasto
--
: Dipl-Ing Rastislav Levrinc
: DRBD MC http://oss.linbit.com/drbd-mc/
: DRBD MC http://www.drbd.org/mc/management-console/
: DRBD/HA support and consulting http://www.linbit.com/
DRBD(R) and LINBIT(R) are registered trademarks of LINBIT, Austria.
Loading...