tags:

views:

119

answers:

2
+4  Q: 

Can I prevent fabric from prompting me for a sudo password?

I am using Fabric to run commands on a remote server. The user with which I connect on that server has some sudo privileges, and does not require a password to use these privileges. When SSH'ing into the server, I can run sudo blah and the command executes without prompting for a password. When I try to run the same command via Fabric's sudo function, I get prompted for a password. This is because Fabric builds a command in the following manner when using sudo:

sudo -S -p <sudo_prompt> /bin/bash -l -c "<command>"

Obviously, my user does not have permission to execute /bin/bash without a password.

I've worked around the problem by using run("sudo blah") instead of sudo("blah"), but I wondered if there is a better solution. Is there a workaround for this issue?

A: 

In your /etc/sudoers file, you could add

user ALL=NOPASSWD: /bin/bash

...where user is your Fabric username.

Obviously, you can only do this if you have root access, as /etc/sudoers is only writable by root.

Also obviously, this isn't terribly secure, as being able to execute /bin/bash leaves you open to essentially anything, so if you don't have root access and have to ask a sysadmin to do this for you, they probably won't.

CanSpice  2010-09-17 17:05:25
Right, I don't want the user to be able to do `/bin/bash` without a password.
mipadi  2010-09-17 17:12:49
+1  A: 

Try passing shell=False to sudo. That way /bin/bash won't be added to the sudo command. sudo('some_command', shell=False)

From line 503 of fabric/operations.py:

if (not env.use_shell) or (not shell):
    real_command = "%s %s" % (sudo_prefix, _shell_escape(command))

the else block looks like this:

                                             # V-- here's where /bin/bash is added
real_command = '%s %s "%s"' % (sudo_prefix, env.shell,
    _shell_escape(cwd + command))
sdolan  2010-09-17 17:07:45
I do have SSH keys set up. The issue is with the way Fabric passes the command off to sudo, not with SSH.
mipadi  2010-09-17 17:13:29
I see, so what's wrong with just defining the second function? Why complicate things?
sdolan  2010-09-17 17:20:02
As I noted, I've basically already done that. I just wondered if there was a config option or something that I'm missing.
mipadi  2010-09-17 17:39:24
I think I found it, check out my updated answer.
sdolan  2010-09-17 17:43:13
Hrm, thought I had tried that and it didn't work, but I gave it a shot just now and it did.
mipadi  2010-09-17 17:52:18

related questions

Programmatically talking to a Serial Port in OS X or Linux
Best ways to teach a beginner to program?
Calling a Function From a String With the Function's Name in Python
An executable Python app
Text Editor For Linux (Besides Vi)?
What Hosting Service is best for Django applications?
File size differences after copying a file to a server vía FTP
Python: what is the difference between (1,2,3) and [1,2,3], and when should I use each?
Python: What OS am I running on?
How do I make a menu in python that does not require the user to press (enter) to make a selection?
How do you express binary literals in Python?
What is the most efficient graph data structure in Python?
Adding a Method to an Existing Object
How to learn Python: Good Example Code?
How do I use Python's itertools.groupby()?
Python and MySQL
Class views in Django
Is there an IDE that provides code completion for Python
Using 'in' to match an attribute of Python objects in an array
cx_Oracle - what is the best way to iterate over a result set?
cx_Oracle - How do I access Oracle from Python?
Continuous Integration System for a Python Codebase
Get a preview jpeg of a pdf on windows?
How can I find the full path to a font from its display name on a Mac?
XML Processing in Python