Re: [Fab-user] Running a remote command with sudo

[Jeff Forcier]

Hi Tim,

On Wed, Nov 14, 2012 at 5:48 AM, Tim T. <address@hidden> wrote:

> I want to install software remotely, using some python scripting. I can
> create a user and allow all commands through sudo. However, I don't want to
> leave this account as an available login for others.
>
> Setting the shell to /sbin/nologin stops the sudo command from executing.
> Using /bin/false and /bin/true also don't work.

Can you post an example of both your fabfile & the (full!) output from
your run? There's a few possible reasons and it'd be helpful to rule
some out. I can't recreate this on a Debian system, but I know the
default sudoers configs differ a bit between distros.


On Fri, Nov 23, 2012 at 12:01 AM, Chris Withers <address@hidden> wrote:
> Didn't realise the client could specify what shell it wanted to use,
> wouldn't this be a bit of a security hole?

This is about a Fabric specific shell "wrapper" -- a command Fabric
wraps run()'s argument in, not the actual login shell of the user
(which isn't typically invoked. See e.g.
http://docs.fabfile.org/en/1.5/usage/env.html#shell .


Best,
Jeff

-- 
Jeff Forcier
Unix sysadmin; Python/Ruby engineer
http://bitprophet.org