You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This started as "add support for the group flag", but this is a good time to rethink how we can enable users to flip arbitrary sudo flags without us having to be in-between all the time, which was a massive pain in the ass for everybody, historically.
The text was updated successfully, but these errors were encountered:
bitprophet
changed the title
Add group (as opposed to user) control to Context.sudo
Allow deeper control for sudo flags such as group, home etc
Jun 19, 2018
See #572 - this should consider having -E as part of the default set, or if that feels too insecure, at least document it explicitly (perhaps also under the env arg somewhere, tho that's tough since it's currently only implicitly documented for sudo under the "it's justrun" clause).
To just set some essential environment variables, like SSH_AUTH_SOCK to allow re-using ssh-agent within Context.sudo() calls, for me it's sufficient right now to prefix VAR=VALUE in front of the to-be-executed command, e.g.
# get sanitized environment variable - just a filepath is allowed for SSH_AUTH_SOCK
m = re.fullmatch(r'[a-zA-Z\d\.\-\/]+', os.getenv('SSH_AUTH_SOCK'))
sudo_cmd = f"SSH_AUTH_SOCK={m.group(0)} {command}"
ctx.sudo(sudo_cmd, pty=True)
This started as "add support for the group flag", but this is a good time to rethink how we can enable users to flip arbitrary sudo flags without us having to be in-between all the time, which was a massive pain in the ass for everybody, historically.
The text was updated successfully, but these errors were encountered: