-
Notifications
You must be signed in to change notification settings - Fork 61
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
files.append with sudo failed #30
Comments
any update on this? I've faced the same error, it quite renders the whole patchwork lib unusable - we rarely use fabric for sys admin stuff without needing sudo. |
For people starting with fabric, I've put together the following workaround which works ok for the simple use case (default value for path is etc but can be changed or removed of course:
|
@TmCTux Thanks for the workaround. I was doing some experimentation and found another way that might be slightly easier and require less shenanigans with bash. I discovered that setting the For those of you who are struggling with any of the helper functions in Code exampleimport fabric
import patchwork
from getpass import getpass
config = fabric.Config(
overrides={
'sudo': {'password': getpass('Sudo Password: ')} # This will prevent sudo from prompting for a password
}
)
ssh = fabric.Connection('sudouser@localhost:22', config=config)
print(patchwork.files.exists(ssh, path='/etc/hostname', sudo=True))
>>> True Class-based approachI have been writing a much bigger library that relies on fabric + patchwork, so it became necessary to classify all of this stuff, so I found this much easier to work with... Here is the class, its class SSHManager:
def __init__(self, host, port=22, username='root', require_sudo=False, **connect_options):
self._host = self._pinghost(host)
self._user = username
self._userpass = getpass(prompt='User/Sudo Password: ')
try:
self._agent = paramiko.agent.Agent()
if len(self._agent.get_keys()) > 0:
self._passphrase = None
else:
LOG.info("SSH Agent does not contain any private keys. Checking manually.")
self._passphrase = getpass(prompt="SSH Private Key Passphrase")
except paramiko.SSHException as ex:
LOG.warning("Connection to SSH Agent could not be established. Trying to retrieve SSH Keys manually.")
self._agent = None
self._passphrase = getpass(prompt="SSH Private Key Passphrase: ")
config = fabric.Config(
overrides={'passphrase': self._passphrase,
'sudo': {'password': self._userpass},
**connect_options
}
)
LOG.info(f"Establishing SSH session to {username}@{host}:{port} ...")
self._ssh = fabric.Connection(host=host, user=username, port=port, config=config)
del config # Remember to destroy your configuration when done with it, since it is storing plaintext passwords
if not self._getsudo() and require_sudo:
LOG.error(f"Unable to proceed. Insufficient sudo permissions for user {self._user}")
self.__exit__()
self._home = self._ssh.run('pwd', hide=True).stdout.strip()
def __exit__(self):
del self._userpass
self._ssh.close()
del self._ssh This class-based approach has a lot of advantages:
The beauty of this approach was that it makes all calls to the Rant for how this should be fixedThe main problem is the extremely awkward and unspecific syntax required to enter the sudo user's password into the configuration, which is NOT well documented or clearly stated. Considering how frequently users need sudo privileges for the actions they are performing with fabric, I would love to see a dedicated parameter in the Even better, it would be great to have a dedicated I understand the desire for the A simple helper function like the following would be awesome: def _setsudopass(self, password):
self._ssh.config['sudo']['password'] = password
del password I also feel that fabric needs to do a better job of cleaning up password from memory. It should not be up to the user to do this. Python is well-known to leave behind artifacts in memory, and the library should be very careful to destroy its context managers every time they are closed or call exit() on their class. That's just my opinion as a paranoid security professional. /rant |
Trying to use
file.append
withsudo
option:The underneath cmd looks like:
and giving err msg:
bash: /home/foo/.profile: Permission denied
Also tried with
runner_method='sudo'
orrunner=ctx.sudo
and facing same issueFound something might related
https://unix.stackexchange.com/questions/4335/how-to-insert-text-into-a-root-owned-file-using-sudo
The text was updated successfully, but these errors were encountered: