Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow deeper control for sudo flags such as group, home etc #540

Open
bitprophet opened this issue Jun 19, 2018 · 2 comments
Open

Allow deeper control for sudo flags such as group, home etc #540

bitprophet opened this issue Jun 19, 2018 · 2 comments
Labels
Milestone

Comments

@bitprophet
Copy link
Member

@bitprophet bitprophet commented Jun 19, 2018

This started as "add support for the group flag", but this is a good time to rethink how we can enable users to flip arbitrary sudo flags without us having to be in-between all the time, which was a massive pain in the ass for everybody, historically.

@bitprophet bitprophet added the Feature label Jun 19, 2018
@bitprophet bitprophet changed the title Add group (as opposed to user) control to Context.sudo Allow deeper control for sudo flags such as group, home etc Jun 19, 2018
@bitprophet bitprophet added this to the 1.2 milestone Jun 28, 2018
@bitprophet
Copy link
Member Author

@bitprophet bitprophet commented Sep 6, 2018

See #572 - this should consider having -E as part of the default set, or if that feels too insecure, at least document it explicitly (perhaps also under the env arg somewhere, tho that's tough since it's currently only implicitly documented for sudo under the "it's justrun" clause).

@k-laus
Copy link

@k-laus k-laus commented Sep 8, 2019

To just set some essential environment variables, like SSH_AUTH_SOCK to allow re-using ssh-agent within Context.sudo() calls, for me it's sufficient right now to prefix VAR=VALUE in front of the to-be-executed command, e.g.

# get sanitized environment variable - just a filepath is allowed for SSH_AUTH_SOCK
m = re.fullmatch(r'[a-zA-Z\d\.\-\/]+', os.getenv('SSH_AUTH_SOCK'))
sudo_cmd = f"SSH_AUTH_SOCK={m.group(0)} {command}"
ctx.sudo(sudo_cmd, pty=True)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants
You can’t perform that action at this time.