Re: [Fab-user] remote sudo permissions

fab-user

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Fab-user] remote sudo permissions

From:	Christian Vest Hansen
Subject:	Re: [Fab-user] remote sudo permissions
Date:	Wed, 9 Sep 2009 08:33:32 +0200

On Tue, Sep 8, 2009 at 9:26 PM, Jeff Forcier<address@hidden> wrote:
> On Tue, Sep 8, 2009 at 3:06 PM, Alan Hawrylyshen<address@hidden> wrote:
>
>> Actually, it sounds like Tom has specifically cranked down the access for
>> sudo.
>>
>> Lots of administrators will do this. It is generally a good practice.
>
> Certainly; however, the default is typically for sudo to be wide open
> for some subset of users, so I was grouping a "specifically modified
> to be locked down" sudoers in with "oddball". Not knowing Tom I have
> to make assumptions, and many/most users seem to be coming from
> relatively default-ish setups :)
>
>>        Can fabric be configured to dispense with the shell wrapper?
>
> Yes, this is in fact the real question at hand (especially given Tom's
> response.) The answer is "yes", just specify shell=False (the argument
> exists for both run and sudo.)
>
> I honestly am not 100% sure why we default to wrapping in the shell,
> however. In that regard I've just been following the precedent laid
> down by Christian and Capistrano. If I had to guess, I'd say that the
> invocation used by the SSH layer is not "bash-like", i.e. it's more
> like an exec(), and thus command strings like "foo | bar > biz.baz"
> would then not work.

That is one part of the answer. Bash provides a familiar syntax, but
it also sets up an execution environment; variables, paths and that
sort of thing. The idea is to make it appear as if you had SSH'd to
the machine normally. This is also why we give bash the "-l" argument.

>
> However, again, I'm not positive about this and now I'm curious (the
> Paramiko API docs are not clear on the matter) so I'll take a look
> sometime soon -- if Christian doesn't remember and is watching this,
> that is :)
>
> But again -- sudo('command', shell=False) should do the trick.
>
> Best,
> Jef
>
>
> _______________________________________________
> Fab-user mailing list
> address@hidden
> http://lists.nongnu.org/mailman/listinfo/fab-user
>



-- 
Venlig hilsen / Kind regards,
Christian Vest Hansen.

[Prev in Thread]

Current Thread

[Next in Thread]

[Fab-user] remote sudo permissions, Tom von Schwerdtner, 2009/09/08
- Re: [Fab-user] remote sudo permissions, Jeff Forcier, 2009/09/08
  - Re: [Fab-user] remote sudo permissions, Alan Hawrylyshen, 2009/09/08
    - Re: [Fab-user] remote sudo permissions, Tom von Schwerdtner, 2009/09/08
    - Re: [Fab-user] remote sudo permissions, Jeff Forcier, 2009/09/08
    - Re: [Fab-user] remote sudo permissions, Jeff Forcier, 2009/09/08
    - Re: [Fab-user] remote sudo permissions, Christian Vest Hansen <=
  - Message not available
    - Re: [Fab-user] remote sudo permissions, Tom von Schwerdtner, 2009/09/08
- [Fab-user] remote sudo permissions, Tom von Schwerdtner, 2009/09/08

Prev by Date: Re: [Fab-user] remote sudo permissions
Next by Date: [Fab-user] @needs_host decorator trashes function signature on functions it decorates
Previous by thread: Re: [Fab-user] remote sudo permissions
Next by thread: Re: [Fab-user] remote sudo permissions
Index(es):
- Date
- Thread