returned = capture("ls /etc/sudoers.d/deploy_permissions 2>&1")
is a String, and thus doesn't have transformations (wrapping it in the sudo su ..) applied: returned = capture(:ls, "/etc/sudoers.d/deploy_permissions 2>&1") Lee Hambley -- http://lee.hambley.name/ +49 (0) 170 298 5667 On 18 March 2014 03:42, Roy Miller <r...@theotherroad.com> wrote: > Using Cap 3.1.0. I have this in a task I run after a deploy is done: > > task :'check-dependencies' do > on roles(:all) do |host| > [...] > as :root do > puts capture(:whoami) > returned = capture("ls /etc/sudoers.d/deploy_permissions 2>&1") > end > end > end > > That task runs, and the puts statement prints "root" on the console, as > one would expect, so it looks like the "as" magic and the capture statement > are working fine (same result with 'root' as a string or :root as a > symbol). The problem is, the second capture statement fails like so: > > DEBUG [e8cc068a] Running */usr/bin/env if ! sudo su root -c whoami > > /dev/null; then echo "You cannot switch to user 'root' using sudo, please > check the sudoers file" 1>&2; false; fi* on [server].com > [00:04:13.766] DEBUG [e8cc068a] Command: if ! sudo su root -c whoami > > /dev/null; then echo "You cannot switch to user 'root' using sudo, please > check the sudoers file" 1>&2; false; fi > [00:04:13.832] DEBUG [e8cc068a] Finished in 0.065 seconds with exit status 0 > (*successful*). > [00:04:13.832] DEBUG [068c401a] Running */usr/bin/env whoami* on [server].com > [00:04:13.833] DEBUG [068c401a] Command: sudo su root -c "/usr/bin/env whoami" > [00:04:13.889] DEBUG [068c401a] root > [00:04:13.892] DEBUG [068c401a] Finished in 0.059 seconds with exit status 0 > (*successful*). > [00:04:13.893] root > [00:04:13.893] DEBUG [76bb93f0] Running */usr/bin/env ls > /etc/sudoers.d/deploy_permissions 2>&1* on [server].com > [00:04:13.894] DEBUG [76bb93f0] Command: ls /etc/sudoers.d/deploy_permissions > 2>&1 > [00:04:13.905] DEBUG [76bb93f0] ls: > [00:04:13.905] DEBUG [76bb93f0] cannot access > /etc/sudoers.d/deploy_permissions > [00:04:13.906] DEBUG [76bb93f0] : Permission denied > > > > When I SSH into the box, get root, and run the statement, I can see the > file (which is indeed owned by root). Am I doing something wrong? I thought > any statement inside the "as [blah]" section would execute as the given > user. The result of the first capture statement tends to confirm that it's > working as expected, but the second capture statement failing is mysterious > to me. > > Incidentally, the "run as a different user" example on the sshkit example > page shows this: > > on hosts do |host| > as 'www-data' do > puts capture(:whoami) > end > end > > > But when I try to use the "on hosts do |host|" bit, I get an error like > this: > > [00:04:12.138] ** Invoke diagnostics:check-dependencies > (first_time)[00:04:12.138] ** Execute > diagnostics:check-dependencies[00:04:12.138] cap aborted![00:04:12.139] > undefined local variable or method `hosts' for main:Object > > > So I reverted to use "on roles(:all)". I wonder if I'm not understanding > something fundamental. Am I? > > Roy > > -- > You received this message because you are subscribed to the Google Groups > "Capistrano" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to capistrano+unsubscr...@googlegroups.com. > To view this discussion on the web, visit > https://groups.google.com/d/msgid/capistrano/050e418a-1073-4dd7-b138-0199c3108705%40googlegroups.com<https://groups.google.com/d/msgid/capistrano/050e418a-1073-4dd7-b138-0199c3108705%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Capistrano" group. To unsubscribe from this group and stop receiving emails from it, send an email to capistrano+unsubscr...@googlegroups.com. To view this discussion on the web, visit https://groups.google.com/d/msgid/capistrano/CAN_%2BVLUpuhkckay%3Ds4%3D3Sx%3DnNZbF%2BCcWUBU7mnEzxeUwqc%2BKOg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.