|
From: | Tom von Schwerdtner |
Subject: | Re: [Fab-user] remote sudo permissions |
Date: | Tue, 8 Sep 2009 15:15:29 -0400 |
On Sep 8, 2009, at 3:06 PM, Alan Hawrylyshen wrote:
On Sep 8, 2009, at 11:59 , Jeff Forcier wrote:Secondly, I'm not sure offhand why it would complain unless yourserver has an oddball sudoers setup. Have you worked with sudo before?Are you sure the account you're connecting as has sudoers permissions (e.g. is in the 'admin' or 'wheel' group)?Actually, it sounds like Tom has specifically cranked down the access for sudo.
Yes, that's exactly right. My sudoers line is:%staff ALL=NOPASSWD: /etc/init.d/apache2,/etc/init.d/memcache,/etc/ init.d/postgresql-8.3
I don't see much point in using sudo if you need access to /bin/bash, might as well just ssh as root.
(...) Can fabric be configured to dispense with the shell wrapper?I suspect this is a deep and complex issue; but it is well worth discussing.Tom; It might be possible to build a custom shell that would work in place of bash that restricted the sub-commands.
Cant' fabric just execute sudo remotely instead of using bash to execute sudo?
(Granted, I'm speaking fairly ignorantly, I haven't even glanced at the internals.)
-Tom
[Prev in Thread] | Current Thread | [Next in Thread] |