I know Jeff :(
I don't own the system and can't change sudo, even at 50% I use Fabric
extensively.
And I regret to not be able to use it more.
I just ask myself about append
fabric.contrib.files.append(*filename*, *text*, *use_sudo=False*, *
partial=False*, *escape=True*, *shell=False*)
Even using shell=True bash is still requiered.
Thank you Jeff for Fabric.
On Thu, Sep 26, 2013 at 12:51 PM, Jeff Forcier <j...@bitprophet.org> wrote:
> Hi Julien,
>
> Unfortunately one can't have both a locked-down sudoers configuration
> *and* allow bash as a sudo command - doesn't make sense.
>
> If you own the system and can change the sudoers config, then that
> tradeoff is up to you. If policy prevents you from doing so, then
> you're mostly stuck using "non-shell" commands, as you mentioned.
>
> -Jeff
>
>
> On Thu, Sep 26, 2013 at 9:19 AM, julien silverston
> <julien.silvers...@gmail.com> wrote:
> > Hello Ronan,
> >
> > You're right, works fine.
> >
> > But without bash I'm losing Fabric killer features :
> >
> > I mean, can't use anymore :
> >
> > "with cd"
> > sudo('command xx | command yy')
> > sudo('echo xxx > /etc/X.conf')
> > or fabric.contrib llike append despite using shell=False
> >
> > Do you know any workaround ?
> >
> > Thnak you
> >
> > Julien
> >
> >
> > On Thu, Aug 22, 2013 at 11:11 AM, Ronan Amicel <ronan.ami...@gmail.com>
> > wrote:
> >>
> >> Hi Julien,
> >>
> >> Have you tried using the "shell" argument to disable shell wrapping?
> e.g.
> >>
> >> sudo('uptime', shell=False)
> >>
> >> See
> >>
> http://docs.fabfile.org/en/1.7/api/core/operations.html#fabric.operations.run
> >>
> >> Regards,
> >>
> >> Ronan Amicel
> >>
> >>
> >> On Thu, Aug 22, 2013 at 12:34 AM, julien silverston
> >> <julien.silvers...@gmail.com> wrote:
> >>>
> >>> Hello,
> >>>
> >>> I'm very please with Fabric and I use it with a lot success to manage
> my
> >>> servers.
> >>> Even convinced my collegues to use it.
> >>> But actually for security reason, mostly to avoid shell escape I can't
> >>> use it.
> >>>
> >>> As exemple I do with sudo :
> >>>
> >>> @task
> >>> def host_type():
> >>> run('sudo su -c "uname -a"')
> >>> sudo('uptime')
> >>>
> >>>
> >>> [serverX] Executing task 'host_type'
> >>> [serverX] run: sudo su -c "uname -a"
> >>> [serverX] Login password for 'me':
> >>> [serverX] out: [sudo] password for me:
> >>> [serverX] out: Sorry, user me is not allowed to execute '/bin/su -c
> uname
> >>> -a' as root on serverX.
> >>> [serverX] out:
> >>>
> >>> Warning: run() received nonzero return code 1 while executing 'sudo su
> -c
> >>> "uname -a"'!
> >>>
> >>> [serverX] sudo: uptime
> >>> [serverX] out: sudo password:
> >>> [serverX] out: Sorry, user me is not allowed to execute '/bin/bash -l
> -c
> >>> uptime' as root on serverX.
> >>> [serverX] out:
> >>>
> >>>
> >>> Warning: sudo() received nonzero return code 1 while executing
> 'uptime'!
> >>>
> >>> I know how to setup sudoers, but for company policies I can't change
> it.
> >>>
> >>> sudoers contains :
> >>> !/bin/bash,!/bin/su
> >>>
> >>> I tried to use env.shell = "" , pty=False but with no success.
> >>>
> >>> How I can update Fabric and others framework, like cuisine to continue
> to
> >>> use Fabric despite this rule that I can't change.
> >>>
> >>> I can change all sudo command for run('sudo xxx') but will ask my
> >>> password each time and I can use cuisine anymore.
> >>>
> >>> Thank you,
> >>>
> >>> Julien
> >>>
> >>> _______________________________________________
> >>> Fab-user mailing list
> >>> Fab-user@nongnu.org
> >>> https://lists.nongnu.org/mailman/listinfo/fab-user
> >>>
> >>
> >
> >
> > _______________________________________________
> > Fab-user mailing list
> > Fab-user@nongnu.org
> > https://lists.nongnu.org/mailman/listinfo/fab-user
> >
>
>
>
> --
> Jeff Forcier
> Unix sysadmin; Python/Ruby engineer
> http://bitprophet.org
>
_______________________________________________
Fab-user mailing list
Fab-user@nongnu.org
https://lists.nongnu.org/mailman/listinfo/fab-user
