Remove hardcodes password for sudoer postscript

[cxhong]

The PR is to fix issue #5115

The modification include

##Remove hardcodes username and password for sudoer
-##User needs to pass in arguments for sudoer username and password

The UT result

##The UT output##

# updatenode mid08tor03cn01 -P sudoer
mid08tor03cn01: =============updatenode starting====================
mid08tor03cn01: trying to download postscripts...
mid08tor03cn01: postscripts downloaded successfully
mid08tor03cn01: trying to get mypostscript from 172.20.254.2...
mid08tor03cn01: postscript start..: sudoer
mid08tor03cn01:
mid08tor03cn01: Usage: ./sudoer -u username -p password
mid08tor03cn01:         -u sudoer user name
mid08tor03cn01:         -p sudoer password
mid08tor03cn01: postscript end....: sudoer exited with code 1
mid08tor03cn01: Running of postscripts has completed.
mid08tor03cn01: =============updatenode ending====================


# updatenode mid08tor03cn01 -P "sudoer -u xcat2 -p rootpw"
mid08tor03cn01: =============updatenode starting====================
mid08tor03cn01: trying to download postscripts...
mid08tor03cn01: postscripts downloaded successfully
mid08tor03cn01: trying to get mypostscript from 172.20.254.2...
mid08tor03cn01: postscript start..: sudoer
mid08tor03cn01: postscript end....: sudoer exited with code 0
mid08tor03cn01: Running of postscripts has completed.
mid08tor03cn01: =============updatenode ending====================

[root@boston02 ~]# ssh xcat2@mid08tor03cn01
xcat2@mid08tor03cn01's password:
[xcat2@mid08tor03cn01 ~]$ pwd
/home/xcat2

[immarvin]

suggest $SUDOER and $SUDOERPW be set to default value if not specified to keep backward compatibility

[neo954]

I don't like the idea of using command line argument to pass the password. This idea is even worse than hard code the password. I list some of the reasons below.

• User might need to run something like chdef mid08tor03cn01 -p 'postscripts=sudoer -u xcat2 -p rootpw' to make it works. It is complex.
• It use to have a single place to change the default password. Now it is scattered to node attribute across different compute nodes.
• Passing password with command line argument is insecure. The command line argument can be read by ps ax.

[cxhong]

@neo954 , any suggestion which method will be better? I think we should support different sudoer so can't define in the site table, or passwd table, or node attributes. can we prompt the command and ask for user input? I think another options is reading user/password from a file.

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[viniciusferrao]

This would be a heavy rewrite to make it correct. Probably for xCAT 2.19 (maybe 3.0)?