Using as and sudo with NOPASSD and !requiretty
#420
Comments
|
Hi David, First best guess is to direct you at the tests for SSHkit, there
you'll find DSL tests that assert against the string representation of the
various things.
I'm in Europe, and can look more thoroughly during working times tomorrow.
Sent from my phone from underway.
…On Sun, 4 Mar 2018, 20:17 David Raison, ***@***.***> wrote:
I'm having a lot of trouble using the as syntax. I realize this is more
of a support request than a bug report, but the results of this might go
into the documentation.
What doesn't work:
task :clear_cache do
on roles :app do
as :web1 do
within shared_path do
execute :rm, '-rf', 'src/cache/twig'
end
end
end
end
However, this works:
task :clear_cache do
on roles :app do
within shared_path do
execute :sudo, '-u', 'web1', :rm, '-rf', 'src/cache/twig'
end
end
end
My sudoers file looks like this:
Cmnd_Alias CLEAR_CACHE = /usr/bin/whoami, /bin/rm -rf src/cache/twig
Defaults!CLEAR_CACHE !requiretty
david ALL=(web1) NOPASSWD: CLEAR_CACHE
I've been trying to use the debug log level in both capistrano and sshkit
to figure out what the difference is between these two, more specifically
how the as syntax executes the command, but all I ever got was:
** Invoke clear_cache (first_time)
** Execute clear_cache
00:00 clear_cache
01 rm -rf src/cache/twig
01 sudo: no tty present and no askpass program specified
cap aborted!
SSHKit::Runner::ExecuteError: Exception while executing as ***@***.***: rm exit status: 1
rm stdout: Nothing written
rm stderr: sudo: no tty present and no askpass program specified
/home/kwisatz/1024/projects/a_project/.vendor/bundle/ruby/2.4.0/gems/sshkit-1.13.1/lib/sshkit/runners/parallel.rb:15:in `rescue in block (2 levels) in execute'
/home/kwisatz/1024/projects/a_project/.vendor/bundle/ruby/2.4.0/gems/sshkit-1.13.1/lib/sshkit/runners/parallel.rb:11:in `block (2 levels) in execute'
SSHKit::Command::Failed: rm exit status: 1
rm stdout: Nothing written
rm stderr: sudo: no tty present and no askpass program specified
/home/kwisatz/1024/projects/a_project/.vendor/bundle/ruby/2.4.0/gems/sshkit-1.13.1/lib/sshkit/command.rb:100:in `exit_status='
/home/kwisatz/1024/projects/a_project/.vendor/bundle/ruby/2.4.0/gems/sshkit-1.13.1/lib/sshkit/backends/netssh.rb:165:in `execute_command'
/home/kwisatz/1024/projects/a_project/.vendor/bundle/ruby/2.4.0/gems/sshkit-1.13.1/lib/sshkit/backends/abstract.rb:141:in `block in create_command_and_execute'
/home/kwisatz/1024/projects/a_project/.vendor/bundle/ruby/2.4.0/gems/sshkit-1.13.1/lib/sshkit/backends/abstract.rb:141:in `tap'
/home/kwisatz/1024/projects/a_project/.vendor/bundle/ruby/2.4.0/gems/sshkit-1.13.1/lib/sshkit/backends/abstract.rb:141:in `create_command_and_execute'
/home/kwisatz/1024/projects/a_project/.vendor/bundle/ruby/2.4.0/gems/sshkit-1.13.1/lib/sshkit/backends/abstract.rb:74:in `execute'
/home/kwisatz/1024/projects/a_project/Capfile:35:in `block (4 levels) in <top (required)>'
/home/kwisatz/1024/projects/a_project/.vendor/bundle/ruby/2.4.0/gems/sshkit-1.13.1/lib/sshkit/backends/abstract.rb:85:in `within'
/home/kwisatz/1024/projects/a_project/Capfile:34:in `block (3 levels) in <top (required)>'
/home/kwisatz/1024/projects/a_project/.vendor/bundle/ruby/2.4.0/gems/sshkit-1.13.1/lib/sshkit/backends/abstract.rb:112:in `as'
/home/kwisatz/1024/projects/a_project/Capfile:33:in `block (2 levels) in <top (required)>'
/home/kwisatz/1024/projects/a_project/.vendor/bundle/ruby/2.4.0/gems/sshkit-1.13.1/lib/sshkit/backends/abstract.rb:29:in `instance_exec'
/home/kwisatz/1024/projects/a_project/.vendor/bundle/ruby/2.4.0/gems/sshkit-1.13.1/lib/sshkit/backends/abstract.rb:29:in `run'
/home/kwisatz/1024/projects/a_project/.vendor/bundle/ruby/2.4.0/gems/sshkit-1.13.1/lib/sshkit/runners/parallel.rb:12:in `block (2 levels) in execute'
Tasks: TOP => clear_cache
How can I see what *exact* command sshkit is running when using as ? I'd
presume that it doesn't correspond to what I allowed in the sudoers file.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#420>, or mute the thread
<https://github.com/notifications/unsubscribe-auth/AABKCMXaEWpYjeTEI0KNSwW4H7qbNd_Iks5tbD29gaJpZM4SbdRk>
.
|
|
You can see the actual command being generated here: Line 170 in c0f99e4 Which is something like: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I'm having a lot of trouble using the
assyntax. I realize this is more of a support request than a bug report, but the results of this might go into the documentation.What doesn't work:
However, this works:
My sudoers file looks like this:
I've been trying to use the debug log level in both capistrano and sshkit to figure out what the difference is between these two, more specifically how the
assyntax executes the command, but all I ever got was:How can I see what exact command sshkit is running when using
as? I'd presume that it doesn't correspond to what I allowed in the sudoers file.The text was updated successfully, but these errors were encountered: