Re: [Fab-user] can't use /bin/bash -l -c or /bin/su -c

Thu, 26 Sep 2013 09:20:07 -0700 

Hello Ronan,

You're right, works fine.

But without bash I'm losing Fabric killer features :

I mean, can't use anymore :

"with cd"
sudo('command xx | command yy')
sudo('echo xxx > /etc/X.conf')
or fabric.contrib llike append despite using shell=False

Do you know any workaround ?

Thnak you

Julien


On Thu, Aug 22, 2013 at 11:11 AM, Ronan Amicel <[email protected]>wrote:

> Hi Julien,
>
> Have you tried using the "shell" argument to disable shell wrapping? e.g.
>
>     sudo('uptime', shell=False)
>
> See
> http://docs.fabfile.org/en/1.7/api/core/operations.html#fabric.operations.run
>
> Regards,
>
> Ronan Amicel
>
>
> On Thu, Aug 22, 2013 at 12:34 AM, julien silverston <
> [email protected]> wrote:
>
>> Hello,
>>
>> I'm very please with Fabric and I use it with a lot success to manage my
>> servers.
>> Even convinced my collegues to use it.
>> But actually for security reason, mostly to avoid shell escape I can't
>> use it.
>>
>> As exemple I do with sudo :
>>
>> @task
>> def host_type():
>>     run('sudo su -c "uname -a"')
>>     sudo('uptime')
>>
>>
>> [serverX] Executing task 'host_type'
>> [serverX] run: sudo su -c "uname -a"
>> [serverX] Login password for 'me':
>> [serverX] out: [sudo] password for me:
>> [serverX] out: Sorry, user me is not allowed to execute '/bin/su -c uname
>> -a' as root on serverX.
>> [serverX] out:
>>
>> Warning: run() received nonzero return code 1 while executing 'sudo su -c
>> "uname -a"'!
>>
>> [serverX] sudo: uptime
>> [serverX] out: sudo password:
>> [serverX] out: Sorry, user me is not allowed to execute '/bin/bash -l -c
>> uptime' as root on serverX.
>> [serverX] out:
>>
>>
>> Warning: sudo() received nonzero return code 1 while executing 'uptime'!
>>
>> I know how to setup sudoers, but for company policies I can't change it.
>>
>> sudoers contains :
>> !/bin/bash,!/bin/su
>>
>> I tried to use env.shell = "" , pty=False but with no success.
>>
>> How I can update Fabric and others framework, like cuisine to continue to
>> use Fabric despite this rule that I can't change.
>>
>> I can change all sudo command for run('sudo xxx') but will ask my
>> password each time and I can use cuisine anymore.
>>
>> Thank you,
>>
>> Julien
>>
>> _______________________________________________
>> Fab-user mailing list
>> [email protected]
>> https://lists.nongnu.org/mailman/listinfo/fab-user
>>
>>
>

_______________________________________________
Fab-user mailing list
[email protected]
https://lists.nongnu.org/mailman/listinfo/fab-user

Reply via email to