Re: [Fab-user] remote sudo permissions

[Tom von Schwerdtner]

On Sep 8, 2009, at 3:06 PM, Alan Hawrylyshen wrote:

> On Sep 8, 2009, at 11:59 , Jeff Forcier wrote:
>
> > Secondly, I'm not sure offhand why it would complain unless your
> > server has an oddball sudoers setup. Have you worked with sudo  
> > before?
> > Are you sure the account you're connecting as has sudoers permissions
> > (e.g. is in the 'admin' or 'wheel' group)?
>
> Actually, it sounds like Tom has specifically cranked down the  
> access for sudo.

Yes, that's exactly right.  My sudoers line is:

%staff ALL=NOPASSWD: /etc/init.d/apache2,/etc/init.d/memcache,/etc/ 
init.d/postgresql-8.3

I don't see much point in using sudo if you need access to /bin/bash,  
might as well just ssh as root.


> (...)
>
>         Can fabric be configured to dispense with the shell wrapper?
>
> I suspect this is a deep and complex issue; but it is well worth  
> discussing.
>
> Tom; It might be possible to build a custom shell that would work in  
> place of bash that restricted the sub-commands.


Cant' fabric just execute sudo remotely instead of using bash to  
execute sudo?

(Granted, I'm speaking fairly ignorantly, I haven't even glanced at  
the internals.)

-Tom