|
| From: | julien silverston |
| Subject: | Re: [Fab-user] can't use /bin/bash -l -c or /bin/su -c |
| Date: | Thu, 26 Sep 2013 11:19:22 -0500 |
Hi Julien,Have you tried using the "shell" argument to disable shell wrapping? e.g.sudo('uptime', shell=False)Regards,Ronan AmicelOn Thu, Aug 22, 2013 at 12:34 AM, julien silverston <address@hidden> wrote:
_______________________________________________Hello,I'm very please with Fabric and I use it with a lot success to manage my servers.Even convinced my collegues to use it.But actually for security reason, mostly to avoid shell escape I can't use it.As exemple I do with sudo :@taskdef host_type():run('sudo su -c "uname -a"')sudo('uptime')[serverX] Executing task 'host_type'[serverX] run: sudo su -c "uname -a"[serverX] Login password for 'me':[serverX] out: [sudo] password for me:[serverX] out: Sorry, user me is not allowed to execute '/bin/su -c uname -a' as root on serverX.[serverX] out:Warning: run() received nonzero return code 1 while executing 'sudo su -c "uname -a"'![serverX] sudo: uptime[serverX] out: sudo password:[serverX] out: Sorry, user me is not allowed to execute '/bin/bash -l -c uptime' as root on serverX.[serverX] out:Warning: sudo() received nonzero return code 1 while executing 'uptime'!I know how to setup sudoers, but for company policies I can't change it.sudoers contains :!/bin/bash,!/bin/suI tried to use env.shell = "" , pty=False but with no success.
How I can update Fabric and others framework, like cuisine to continue to use Fabric despite this rule that I can't change.I can change all sudo command for run('sudo xxx') but will ask my password each time and I can use cuisine anymore.Thank you,Julien
Fab-user mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/fab-user
| [Prev in Thread] | Current Thread | [Next in Thread] |