Hi all,

Fairly green shell scripter just wrote a quick script that uses gksudo and sudo, and I was hoping on some feedback re any potential security problems.

Because I am paranoid, I keep all unnecessary inbound and outbound ports closed with iptables when not in use. However, I occasionally use Skype, and when I do so I need to open some ports I usually keep closed. So I don't have to switch back and forth manually, I wrote a tiny script called skype.sh:

#!/bin/sh
/path/to/iptables-skype.sh # Script that opens Skype ports
sudo -H -u myusername /usr/bin/skype-wrapper # Start Skype
/path/to/iptables-noskype.sh # Script that closes ports after Skype quits

To start Skype, I invoke gksudo /path/to/skype.sh and enter my sudo password. This is necessary because iptables has to be run as root. Then I use sudo to run Skype under my nonroot username, because running Skype as root would be really stupid.

But, it does mean that the skype.sh script is sitting around running as root until I quit Skype. (Also, if for some reason skype.sh is terminated before Skype itself is, the Skype ports will be left open [until I restart my computer--not such a big deal].)

Is there some glaring reason I shouldn't do this? Anything else I'm missing?

Many thanks,
grabled