lc shell and command line

Bernard Devlin bdrunrev at gmail.com
Mon Nov 14 10:31:20 EST 2011 

It may be that the easiest way around that is to edit /etc/sudoers and
configure some username, such that said the logged-in user does not
need to enter a password in order to call 'sudo su - auser'.  If you
look inside /etc/sudoers it should explain what is required to make
access to sudo passwordless for that user.  You can limit within
sudoers which programs such a passwordless user can run.

Basically, by encoding passwords inside scripts you are circumventing
security policies.

If you are really determined that the password should be stored in a
script for some reason, then you may be able to get around unix
security by piping a password to some program or by reconfiguring the
tty (which is the component in unix that is prompting you for a
password) such that it would take the password as a form of input
other than from an interactive prompt.  A few days ago I saw in a book
on shell scripting how to redirect tty, but I don't have it to hand
now, and can't remember the details.

Once you have your circumvention working from a command line
(terminal), you should be able to pass that circumvention to shell()
within a livecode script.

I know that I have had to various forms of programmatic backflips to
"work within" unix security policies.  I would focus on the problem as
a unix command line problem first.  Then take that solution within
LiveCode. If it can run from a .sh script, then you are most of the
way to your solution.

I would really research the issues around unix security and sudo, su,
ssh thoroughly to understand the implications of what you are doing,
and the potential holes you open up.  If you are wishing to su to root
programmatically, then unix is going to try and stop you doing that.

Bernard

On Mon, Nov 14, 2011 at 2:31 PM, Peter Alcibiades
<palcibiades-first at yahoo.co.uk> wrote:
> Bernard, many thanks, yes, that works.  Can I ask one more question, how then
> would you get the shell to interact, like if you do su and want to get the
> password in, and then run a script that requires root password?  Or maybe
> all that has to be done in shell?
>
> Peter

More information about the use-livecode mailing list