Re: [Fab-user] remote sudo permissions

[Jeff Forcier]

On Tue, Sep 8, 2009 at 3:06 PM, Alan Hawrylyshen<address@hidden> wrote:

> Actually, it sounds like Tom has specifically cranked down the access for
> sudo.
>
> Lots of administrators will do this. It is generally a good practice.

Certainly; however, the default is typically for sudo to be wide open
for some subset of users, so I was grouping a "specifically modified
to be locked down" sudoers in with "oddball". Not knowing Tom I have
to make assumptions, and many/most users seem to be coming from
relatively default-ish setups :)

>        Can fabric be configured to dispense with the shell wrapper?

Yes, this is in fact the real question at hand (especially given Tom's
response.) The answer is "yes", just specify shell=False (the argument
exists for both run and sudo.)

I honestly am not 100% sure why we default to wrapping in the shell,
however. In that regard I've just been following the precedent laid
down by Christian and Capistrano. If I had to guess, I'd say that the
invocation used by the SSH layer is not "bash-like", i.e. it's more
like an exec(), and thus command strings like "foo | bar > biz.baz"
would then not work.

However, again, I'm not positive about this and now I'm curious (the
Paramiko API docs are not clear on the matter) so I'll take a look
sometime soon -- if Christian doesn't remember and is watching this,
that is :)

But again -- sudo('command', shell=False) should do the trick.

Best,
Jef