Re: [Fab-user] can't use /bin/bash -l -c or /bin/su -c

[Ronan Amicel]

Hi Julien,

Have you tried using the "shell" argument to disable shell wrapping? e.g.

    sudo('uptime', shell=False)

See http://docs.fabfile.org/en/1.7/api/core/operations.html#fabric.operations.run

Regards,

Ronan Amicel

On Thu, Aug 22, 2013 at 12:34 AM, julien silverston <address@hidden> wrote:

Hello,

I'm very please with Fabric and I use it with a lot success to manage my servers.

Even convinced my collegues to use it.

But actually for security reason, mostly to avoid shell escape I can't use it.

As exemple I do with sudo :

@task

def host_type():

    run('sudo su -c "uname -a"')

    sudo('uptime')

[serverX] Executing task 'host_type'

[serverX] run: sudo su -c "uname -a"

[serverX] Login password for 'me': 

[serverX] out: [sudo] password for me: 

[serverX] out: Sorry, user me is not allowed to execute '/bin/su -c uname -a' as root on serverX.

[serverX] out: 

Warning: run() received nonzero return code 1 while executing 'sudo su -c "uname -a"'!

[serverX] sudo: uptime

[serverX] out: sudo password:

[serverX] out: Sorry, user me is not allowed to execute '/bin/bash -l -c uptime' as root on serverX.

[serverX] out: 

Warning: sudo() received nonzero return code 1 while executing 'uptime'!

I know how to setup sudoers, but for company policies I can't change it.

sudoers contains :

!/bin/bash,!/bin/su

I tried to use env.shell = "" , pty=False but with no success.

How I can update Fabric and others framework, like cuisine to continue to use Fabric despite this rule that I can't change.

I can change all sudo command for run('sudo xxx') but will ask my password each time and I can use cuisine anymore.

Thank you,

Julien

_______________________________________________
Fab-user mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/fab-user