[drbd-mc] Using DRBD MC with sudo will leave cleartext password visable with ps -ef
Rasto Levrinc
rasto.levrinc at linbit.com
Mon Dec 20 15:16:43 CET 2010
On Mon, December 20, 2010 11:11 am, Kulovits Christian - OS ITSC wrote:
> Hello,
>
>
> We are using DRBD MC for some Linux Clusters, and it is a very great
> tool. We are not allowed to login with root account to our systems for
> admin purposes and so we use the sudo facility from the mc. We have su
> and sudo configured to get used without password for our admins, but when
> using the mc we could see the cleartext password with the ps -ef command:
>
>
> user 13768 29341 0 10:50 pts/2 00:00:00 bash -c trap - SIGPIPE;echo
> "PASSWORD"|sudo -S -p '' bash -c "trap - SIGPIPE; { nice -n 19
> /usr/local/bin/drbd-gui-helper-0.8.6 hw-info-lazy; } 2>&1" 2>/dev/null
>
>
> Is there another way to establish required authority, eg. sudo without
> password, or su -l (without password)?
If you configure sudo without password, then if you enter anything as a
"sudo password" it should work. I'll try to think about something to make
it suck less.
Rasto
--
: Dipl-Ing Rastislav Levrinc
: DRBD MC http://oss.linbit.com/drbd-mc/
: DRBD MC http://www.drbd.org/mc/management-console/
: DRBD/HA support and consulting http://www.linbit.com/
DRBD(R) and LINBIT(R) are registered trademarks of LINBIT, Austria.
More information about the drbd-mc
mailing list