in reply to running setuid for ssh ?

If you are prepared to let them run ssh using sudo or by setting the suid bit then why not just give them the key? You won't be letting them do anything they couldn't through the other methods.

ssh -l userX machine

You will also need to consider security, I would set up an account for this single purpose, write a script with menu options for the permitted functions. Ensure that no command gives a command shell or that control-C doesn't drop you there. Set that script as the shell in /etc/passwd.

sshd will also have to be configured to only permit the script. Look for ForceCommand in the ssh docs

Replies are listed 'Best First'.
Re^2: running setuid for ssh ?
by convenientstore (Pilgrim) on Jan 21, 2008 at 04:41 UTC
    one other question,

    Still considering using expect.pm at work if possible but when I look at the expect module code, it says

    use 5.006; # 4 won't cut it.
    At my work perl is  This is perl, version 5.005_03.

    Does this mean it will work since it's less than 5.006 but it only states that 4 won't cut it??? which means 5.005 is ok???? 

    # -*-cperl-*-
# Please see the .pod files for documentation. This module is copyrigh
+ted
# as per the usual perl legalese:
# Copyright (c) 1997 Austin Schutz.
# expect() interface & functionality enhancements (c) 1999 Roland Gier
+sig.
#
# All rights reserved. This program is free software; you can
# redistribute it and/or modify it under the same terms as Perl
# itself.
#
# Don't blame/flame me if you bust your stuff.
# Austin Schutz <ASchutz@users.sourceforge.net>
#
# This module now is maintained by
# Roland Giersig <RGiersig@cpan.org>
#

use 5.006;                # 4 won't cut it.

    [download]
[reply]
[d/l]
[select]
      Does anyone know the answer to this? I thought computer programming is all about giving precise instructions..:-P or am I misinterpreting ? 

      use 5.006 ;   # 4 won't cut it

      [download]
[reply]
[d/l]

        If you change that use line in your copy of Expect.pm, you could try your version of Perl and, who knows, it might work.

        There's also the option of installing a separate Perl to run your Expect-based program from. Perl doesn't take up a lot room, considering.

        non-Perl: read my music blog  be my fan at Reverbnation  bump me at the Sixty-One 
[reply]

In Section Seekers of Perl Wisdom