I am in the process of a creating a script. Everytime I try and just do this I get:
cat passwd-file|ssh -t user@10.7.0.180 'sudo find / -depth'
Pseudo-terminal will not be allocated because stdin is not a terminal.
sudo: no tty present and no askpass program specified
If it isn't waiting for the prompt to type in the password, you may have to use a third-party utility like expect.
You could also configure sudo to allow it in a more careful manner -- only allow the 'find' command for a certain user, and with those exact arguments, which would prevent someone executing arbitrary commands as root with it.
I logged in as root, chmod /etc/sudoers from 440 to 600. Added my entry and then changed it back to 440 and rebooted the machine. This is an Ubuntu 10.04 build.
The code in sudo checks to see that its STDIN is a terminal, specifically trying to defeat input redirection from a file. The idea being that you should never put a clear text password in a file anywhere. Sudo wants to force you to manually enter the password on a keyboard in real time in order to run.
A utility like expect can be used to defeat this, but then you're just putting the clear text password into the expect file, which certainly isn't at all secure.
One secure solution would be to set up a root cron job on the target system to do the find periodically and make the output world readable in /tmp. Then you can set up a private/public key pair and just scp or cat the file whenever you like. Not quite real time, but reasonably timely, depending on the interval of the cron job.
Another method I've seen used is to set up key pairs and use scp to drop a trigger file of a particular name (which can be zero length) into predetermined location on the target system. This can be done as a normal user. There's a root cron job on the target system that runs every minute and looks for the trigger file. If found, root takes some predetermined action and then removes the trigger file. I recall an implementation of this where an admin had root doing all sorts of tasks on remote systems, depending on the name or the contents of the trigger file. The actions that root can take are spcifically coded into the cron script, which is only readable by root, so there's no danger of executing arbitrary code. You could trigger the action with the presence of the file and pass arguments as contents of the file.
Sort of the poor man's AutoSys or UC4...
Whatever you decide to do, please keep security in mind.
Make a script.sh on machine(server) you are trying to run find / gzip.
if ! [ -f /tmp/lockme ]; then
touch /tmp/lockme
##sudo code goes here
rm -f /tmp/lockme
else
echo "already running, try again later"
fi
On client side i would exchange ssh-keys as user to sudo-user on server (passwordless).
authorized keys on server will have to be modified in manner like :