I'm having a problem using pexpect with 'sudo' on Ubuntu 6.06 (Dapper). Here's the program:
#!/usr/bin/env python import pexpect import sys child = pexpect.spawn("sudo apt-get update") child.logfile = sys.stdout try: i = child.expect(["Password:", pexpect.EOF, pexpect.TIMEOUT]) if i == 0: print "****************************** sending password" child.sendline("XXX") # Not my real sudo password elif i == 1: print "EOF" elif i == 2: print "TIMEOUT" except Exception: print "Exception" The strange thing is that this script runs with no problems (downloads the repository updates), even though it should fail. It never prints the "****************************** sending password" line, and even if it did write the password to the process, it isn't the correct password. I've done this after a 'sudo -k' to clear the sudo password, and if I run 'sudo apt-get update' from the command line manually, it asks for the password every time. I I change the spawn to: child = pexpect.spawn("sudo -u <my user name here> apt-get update") it fails with: E: Could not open lock file /var/lib/apt/lists/lock - open (13 Permission denied) E: Unable to lock the list directory which is expected. If I'm not going crazy, this seems like a security hole that allows a user to run any system command without a superuser password. Any ideas? Thanks, Don -- http://mail.python.org/mailman/listinfo/python-list