sudo: no tty present and no askpass program specified
255 views
Skip to first unread message
Stefano Schiavi
Mar 31, 2016, 1:14:27 AM3/31/16
to Capistrano
First, thank you all for your help!
I am posting because I have yet to solve the sudo issue. I read several posts both here and stackoverflow and tried everything I read, but I still have yet to find something that works. I must be missing something in the server config... I believe.
Basically I have been unable to run commands that require sudo unless I set my deploy user in /etc/sudoers as:
At best I got sidekiq to stop without prompting anything but even if I typed the password nothing happened until I ctrl+c
Can anyone please share anything I should look at in terms of server config?
Thank you so much.
Versions:
I am posting because I have yet to solve the sudo issue. I read several posts both here and stackoverflow and tried everything I read, but I still have yet to find something that works. I must be missing something in the server config... I believe.
Basically I have been unable to run commands that require sudo unless I set my deploy user in /etc/sudoers as:
deploy ALL=(ALL) NOPASSWD: ALL
This isAmong other things I commented outobviouslynot at all ideal in terms of security...
#Defaults requiretty
in /etc/sudoers
At best I got sidekiq to stop without prompting anything but even if I typed the password nothing happened until I ctrl+c
Can anyone please share anything I should look at in terms of server config?
Thank you so much.
Versions:
- Ruby 2.3
- Capistrano 3.4
- Rake / Rails / etc 4.2.6
Platform:
- Working on.... MAC Yosemete
- Deploying to... Centos 5.9
- Please past logs (as completely as possible to a 3rd party pasting service such as pastie.org)
Files:
- Capfile
- deploy.rb
- Stage files (production.rb, staging.rb)
Lee Hambley
Mar 31, 2016, 5:43:02 AM3/31/16
to Capistrano
There ought to be no need to grant sudo access to ALL PROGRAMS for a user to restart a service. You can look at systemd user services, chown/setuid scripts/etc for init.d, and restrict the set of commands that SUDO can use without a password.
In any case, it's "onion security", if someone gets a shell on your machine, you're in unrecoverable trouble anyway.
--
You received this message because you are subscribed to the Google Groups "Capistrano" group.
To unsubscribe from this group and stop receiving emails from it, send an email to capistrano+...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/capistrano/61d23cef-e936-4016-971a-3fde805141bf%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages