I'm developing an application that will run on an Amazon EC2 instance, and execute certain commands that require root access. The problem is that different VM's give root access in different ways. E.g. some VM's give direct access to the root account, while others will simply allow a default non-root user access to sudo.
Now, I can easily solve the above example by adding an option to prepend "sudo " to all commands. However, I'm not very familiar with unix, and I'd like to know if there are any other ways of gaining root privileges that I should prepare my program for. Are su and sudo reasonably enough?
Best Answer
There are several sudo-like tools (calife, op, super, …) — see How do I run a command as the system administrator (root) — but you could spend your life on unix systems without encountering them (they've all been displaced by sudo). In practice, if you need to call scripts as root, either arrange for all your machines to have passwordless sudo, or to allow ssh logins as root. There's not much of a security difference between the two: either way, the script must have all the credentials necessary to reach the root account.
If you only want your scripts to be able to execute specific commands, use specific entries for these commands in
/etc/sudoers, or specific keys with acommand=line in~root/.ssh/authorized_keys.