returned = capture("ls /etc/sudoers.d/deploy_permissions 2>&1")
is a String, and thus doesn't have transformations (wrapping it in the sudo
su ..) applied:
returned = capture(:ls, "/etc/sudoers.d/deploy_permissions 2>&1")
Lee Hambley
--
http://lee.hambley.name/
+49 (0) 170 298 5667
On 18 March 2014 03:42, Roy Miller <r...@theotherroad.com> wrote:
> Using Cap 3.1.0. I have this in a task I run after a deploy is done:
>
> task :'check-dependencies' do
> on roles(:all) do |host|
> [...]
> as :root do
> puts capture(:whoami)
> returned = capture("ls /etc/sudoers.d/deploy_permissions 2>&1")
> end
> end
> end
>
> That task runs, and the puts statement prints "root" on the console, as
> one would expect, so it looks like the "as" magic and the capture statement
> are working fine (same result with 'root' as a string or :root as a
> symbol). The problem is, the second capture statement fails like so:
>
> DEBUG [e8cc068a] Running */usr/bin/env if ! sudo su root -c whoami >
> /dev/null; then echo "You cannot switch to user 'root' using sudo, please
> check the sudoers file" 1>&2; false; fi* on [server].com
> [00:04:13.766] DEBUG [e8cc068a] Command: if ! sudo su root -c whoami >
> /dev/null; then echo "You cannot switch to user 'root' using sudo, please
> check the sudoers file" 1>&2; false; fi
> [00:04:13.832] DEBUG [e8cc068a] Finished in 0.065 seconds with exit status 0
> (*successful*).
> [00:04:13.832] DEBUG [068c401a] Running */usr/bin/env whoami* on [server].com
> [00:04:13.833] DEBUG [068c401a] Command: sudo su root -c "/usr/bin/env whoami"
> [00:04:13.889] DEBUG [068c401a] root
> [00:04:13.892] DEBUG [068c401a] Finished in 0.059 seconds with exit status 0
> (*successful*).
> [00:04:13.893] root
> [00:04:13.893] DEBUG [76bb93f0] Running */usr/bin/env ls
> /etc/sudoers.d/deploy_permissions 2>&1* on [server].com
> [00:04:13.894] DEBUG [76bb93f0] Command: ls /etc/sudoers.d/deploy_permissions
> 2>&1
> [00:04:13.905] DEBUG [76bb93f0] ls:
> [00:04:13.905] DEBUG [76bb93f0] cannot access
> /etc/sudoers.d/deploy_permissions
> [00:04:13.906] DEBUG [76bb93f0] : Permission denied
>
>
>
> When I SSH into the box, get root, and run the statement, I can see the
> file (which is indeed owned by root). Am I doing something wrong? I thought
> any statement inside the "as [blah]" section would execute as the given
> user. The result of the first capture statement tends to confirm that it's
> working as expected, but the second capture statement failing is mysterious
> to me.
>
> Incidentally, the "run as a different user" example on the sshkit example
> page shows this:
>
> on hosts do |host|
> as 'www-data' do
> puts capture(:whoami)
> end
> end
>
>
> But when I try to use the "on hosts do |host|" bit, I get an error like
> this:
>
> [00:04:12.138] ** Invoke diagnostics:check-dependencies
> (first_time)[00:04:12.138] ** Execute
> diagnostics:check-dependencies[00:04:12.138] cap aborted![00:04:12.139]
> undefined local variable or method `hosts' for main:Object
>
>
> So I reverted to use "on roles(:all)". I wonder if I'm not understanding
> something fundamental. Am I?
>
> Roy
>
> --
> You received this message because you are subscribed to the Google Groups
> "Capistrano" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to capistrano+unsubscr...@googlegroups.com.
> To view this discussion on the web, visit
> https://groups.google.com/d/msgid/capistrano/050e418a-1073-4dd7-b138-0199c3108705%40googlegroups.com<https://groups.google.com/d/msgid/capistrano/050e418a-1073-4dd7-b138-0199c3108705%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>
--
You received this message because you are subscribed to the Google Groups
"Capistrano" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to capistrano+unsubscr...@googlegroups.com.
To view this discussion on the web, visit
https://groups.google.com/d/msgid/capistrano/CAN_%2BVLUpuhkckay%3Ds4%3D3Sx%3DnNZbF%2BCcWUBU7mnEzxeUwqc%2BKOg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
