Re: [Fab-user] remote sudo permissions

[Jeff Forcier]

Minor additional note: I just noticed the docstring for sudo() trails
off right where it would be explaining the shell argument (though it
is present in the argstr and in the docs for run().) I've fixed this
and it will show up in the next docs push. Hopefully this wasn't
preventing Tom or others from noticing the feature :)

Best,
Jeff

On Tue, Sep 8, 2009 at 3:26 PM, Jeff Forcier<address@hidden> wrote:
> On Tue, Sep 8, 2009 at 3:06 PM, Alan Hawrylyshen<address@hidden> wrote:
>
>> Actually, it sounds like Tom has specifically cranked down the access for
>> sudo.
>>
>> Lots of administrators will do this. It is generally a good practice.
>
> Certainly; however, the default is typically for sudo to be wide open
> for some subset of users, so I was grouping a "specifically modified
> to be locked down" sudoers in with "oddball". Not knowing Tom I have
> to make assumptions, and many/most users seem to be coming from
> relatively default-ish setups :)
>
>>        Can fabric be configured to dispense with the shell wrapper?
>
> Yes, this is in fact the real question at hand (especially given Tom's
> response.) The answer is "yes", just specify shell=False (the argument
> exists for both run and sudo.)
>
> I honestly am not 100% sure why we default to wrapping in the shell,
> however. In that regard I've just been following the precedent laid
> down by Christian and Capistrano. If I had to guess, I'd say that the
> invocation used by the SSH layer is not "bash-like", i.e. it's more
> like an exec(), and thus command strings like "foo | bar > biz.baz"
> would then not work.
>
> However, again, I'm not positive about this and now I'm curious (the
> Paramiko API docs are not clear on the matter) so I'll take a look
> sometime soon -- if Christian doesn't remember and is watching this,
> that is :)
>
> But again -- sudo('command', shell=False) should do the trick.
>
> Best,
> Jef
>