Running fabric scripts as root

Asked 27/2, 2013 at 13:48 Answered 6/1, 2017 at 12:44

I am trying to use fabric to automate some administrative work that I am doing on a couple of servers. The general flow is the following:

SSH with local user
run: sudo su - to become root (providing local user password again)
Do the work as root :)

Unfortunately using run('sudo su -') blocks execution of the scripts and allows user input. When I type exit or Ctrl+D the scipt resumes, but without root privileges.

I have seen a similar problem in Switching user in Fabric but I am restricted to sudo su - because I am not allowed to change the /etc/sudoers file which contains the following line:

localuser ALL = /usr/bin/su -

I browsed the source of fabric trying to find a workaround but with no success.

Barbie answered 27/2, 2013 at 13:48 Comment(3)

Take a look at docs.fabfile.org/en/1.4.2/usage/env.html#sudo-prefix and this example: #12642014 – Relevant 27/2, 2013 at 14:37

Using sudo_prefix='su - -c ' as described in that post requires the root password. If I use sudo_prefix='sudo su - -c ' I get this error message Sorry, user localuser is not allowed to execute '/usr/bin/su - -c /bin/bash -l -c pwd' as root on hostname. – Barbie 27/2, 2013 at 16:34

Setting shell=False seems to have no effect. Setting pty=False returns the error sudo: no tty present and no askpass program specified – Barbie 28/2, 2013 at 7:15

Having faced the same problem as yours, (only sudo su - user allowed by admin, sudo -u user -c cmd not allowed), here's my working solution with fabric:

from ilogue.fexpect import expect, expecting, run 

def sudosu(user, cmd):
    cmd += ' ;exit'
    prompts = []
    prompts += expect('bash', cmd)
    prompts += expect('assword:', env.password)

    with expecting(prompts):
        run('sudo su - ' + user)

def host_type():
    sudosu('root', 'uname -s')

Bicyclic answered 18/3, 2014 at 14:56 Comment(1)

This looks like a good solution, but it requires python to be on the remote machine. – Toting 18/5, 2015 at 18:52

There are several solutions for your issue. First, you want to run commands using sudo. You can use the fabric method sudo instead of run that runs a shell command on a remote host, with superuser privileges(sudo ref).

For example, these commands are executed using sudo :

sudo("~/install_script.py")
sudo("mkdir /var/www/new_docroot", user="www-data")
sudo("ls /home/jdoe", user=1001)
result = sudo("ls /tmp/")

Another idea is that you want to wrap a set of commands (that need to be sudoed). You can use Fabric context managers (ref) to do that. Particularly, you can use prefix or settings.

For example:

with settings(user='root'):
    run('do something')
    run('do another thing')

will ask you once the root password then execute commands as root. You can tweek settings to store the password.

Subotica answered 27/2, 2013 at 14:41 Comment(2)

Both the solutions do not work for me. I have tried the first one and the sudo('pwd') translates to sudo -S -p 'sudo password:' /bin/bash -l -c "pwd" and I get an error message Sorry, user localuser is not allowed to execute '/bin/bash -l -c pwd' as root on hostname. The second solutions implies that I have the root password which I don't. – Barbie 27/2, 2013 at 15:39

For the second solution, cant you use the password you would use normally to get superuser access? – Denni 9/8, 2016 at 19:20

There is one solution for the following problem Sorry, user localuser is not allowed to execute '/usr/bin/su - -c /bin/bash -l -c pwd' as root on hostname. You can try sudo('mkdir ~/test_fabric',shell=False). Using param shell to avoid the bash param -l.

Gile answered 6/1, 2017 at 12:44 Comment(0)

Recommended topics

Hot tags