[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Fab-user] Running a remote command with sudo
From: |
Jeff Forcier |
Subject: |
Re: [Fab-user] Running a remote command with sudo |
Date: |
Sun, 25 Nov 2012 17:54:33 -0800 |
Hi Tim,
On Wed, Nov 14, 2012 at 5:48 AM, Tim T. <address@hidden> wrote:
> I want to install software remotely, using some python scripting. I can
> create a user and allow all commands through sudo. However, I don't want to
> leave this account as an available login for others.
>
> Setting the shell to /sbin/nologin stops the sudo command from executing.
> Using /bin/false and /bin/true also don't work.
Can you post an example of both your fabfile & the (full!) output from
your run? There's a few possible reasons and it'd be helpful to rule
some out. I can't recreate this on a Debian system, but I know the
default sudoers configs differ a bit between distros.
On Fri, Nov 23, 2012 at 12:01 AM, Chris Withers <address@hidden> wrote:
> Didn't realise the client could specify what shell it wanted to use,
> wouldn't this be a bit of a security hole?
This is about a Fabric specific shell "wrapper" -- a command Fabric
wraps run()'s argument in, not the actual login shell of the user
(which isn't typically invoked. See e.g.
http://docs.fabfile.org/en/1.5/usage/env.html#shell .
Best,
Jeff
--
Jeff Forcier
Unix sysadmin; Python/Ruby engineer
http://bitprophet.org