root password in a .py script
Piet van Oostrum
piet at cs.uu.nl
Sat Mar 13 15:46:43 CET 2004
>>>>> Bart Nessux <bart_nessux at hotmail.com> (BN) wrote:
BN> Dave Brueck wrote:
>> What is it that this script is doing? How is it getting invoked? And if it's
>> being invoked by a non-root user, why should that user be allowed to do
>> something that requires root privileges? Is there any reason why you simply
>> don't run the script as root?
BN> The script is setting the root password. It is running as root, by root as
BN> a daily cron job. It does three things:
BN> 1. Set root password to XXXXXXXXX
BN> 2. Make certain ssh is enabled on the machine, if not enable it.
BN> 3. Email the machine's IP to the admins
BN> Root is the owner of the script... it's perms are 700
BN> Why am I doing this? Because users turn off ssh and change the root
BN> password. Mac OSX allows "administrative" users to do this. This script
BN> undoes their changes.
Why don't you run a server process on a central server machine where you
only have to type in the password when that machine boots. And then run
cron jobs at all the client machines that get the password from the
server. Use ssl connections with client certificates for security.
Piet van Oostrum <piet at cs.uu.nl>
URL: http://www.cs.uu.nl/~piet [PGP]
Private email: P.van.Oostrum at hccnet.nl
More information about the Python-list