cap is entering (wrong) sudo password instead of prompting for it
270 views
Skip to first unread message
Rebecca Blyth
Mar 14, 2008, 11:22:38 AM3/14/08
to Capistrano
Hi,
I have 1 command that I have to run as sudo. Capistrano isn't
prompting for the root password, but appears to be attempting to fill
it in itself, wrongly, since it doesn't actually know the root
password. The output produced is (names/paths removed):
* executing "sudo -p 'sudo password: ' ln -s <snip>/current/config/
mongrel_cluster.yml /etc/mongrel_cluster/<snip>.yml"
servers: ["192.168.0.200"]
[192.168.0.200] executing command
*** [err :: 192.168.0.200]
*** [err :: 192.168.0.200] Sorry, try again.
*** [err :: 192.168.0.200]
*** [err :: 192.168.0.200] Sorry, try again.
*** [err :: 192.168.0.200]
*** [err :: 192.168.0.200] Sorry, try again.
*** [err :: 192.168.0.200] sudo: 3 incorrect password attempts
command finished
command "sudo -p 'sudo password: ' ln -s <snip>/current/config/
mongrel_cluster.yml /etc/mongrel_cluster/<snip>.yml" failed on
192.168.0.200
I've tried with default_run_options[:pty] = true and without. The only
way I can get it to give me a prompt is if I don't specify the SSH
user's password in the capistrano config. It then prompts for the SSH
user's password at the start of the task, and prompts for the _second_
attempt at the sudo password:
* executing "sudo -p 'sudo password: ' ln -s <snip>/current/config/
mongrel_cluster.yml /etc/mongrel_cluster/awayco_database.yml"
servers: ["192.168.0.200"]
[192.168.0.200] executing command
*** [err :: 192.168.0.200]
*** [err :: 192.168.0.200] Sorry, try again.
Password:
*** [err :: 192.168.0.200]
command finished
The method call in my task is:
sudo "ln -s #{current_path}/config/mongrel_cluster.yml /etc/
mongrel_cluster/#{application}.yml"
I am using capistrano 2.2.0 on ubuntu, and my server is running SuSE
Enterprise Server 10.
Has anyone got any ideas what might be going wrong?
Thanks,
Rebecca
I have 1 command that I have to run as sudo. Capistrano isn't
prompting for the root password, but appears to be attempting to fill
it in itself, wrongly, since it doesn't actually know the root
password. The output produced is (names/paths removed):
* executing "sudo -p 'sudo password: ' ln -s <snip>/current/config/
mongrel_cluster.yml /etc/mongrel_cluster/<snip>.yml"
servers: ["192.168.0.200"]
[192.168.0.200] executing command
*** [err :: 192.168.0.200]
*** [err :: 192.168.0.200] Sorry, try again.
*** [err :: 192.168.0.200]
*** [err :: 192.168.0.200] Sorry, try again.
*** [err :: 192.168.0.200]
*** [err :: 192.168.0.200] Sorry, try again.
*** [err :: 192.168.0.200] sudo: 3 incorrect password attempts
command finished
command "sudo -p 'sudo password: ' ln -s <snip>/current/config/
mongrel_cluster.yml /etc/mongrel_cluster/<snip>.yml" failed on
192.168.0.200
I've tried with default_run_options[:pty] = true and without. The only
way I can get it to give me a prompt is if I don't specify the SSH
user's password in the capistrano config. It then prompts for the SSH
user's password at the start of the task, and prompts for the _second_
attempt at the sudo password:
* executing "sudo -p 'sudo password: ' ln -s <snip>/current/config/
mongrel_cluster.yml /etc/mongrel_cluster/awayco_database.yml"
servers: ["192.168.0.200"]
[192.168.0.200] executing command
*** [err :: 192.168.0.200]
*** [err :: 192.168.0.200] Sorry, try again.
Password:
*** [err :: 192.168.0.200]
command finished
The method call in my task is:
sudo "ln -s #{current_path}/config/mongrel_cluster.yml /etc/
mongrel_cluster/#{application}.yml"
I am using capistrano 2.2.0 on ubuntu, and my server is running SuSE
Enterprise Server 10.
Has anyone got any ideas what might be going wrong?
Thanks,
Rebecca
Ken Collins
Mar 14, 2008, 11:44:45 AM3/14/08
to Capistrano
Have you tried specifying the :as => user option to the sudo command?
Jamis Buck
Mar 14, 2008, 1:53:05 PM3/14/08
to capis...@googlegroups.com
Rebecca,
Note that sudo doesn't prompt for the root user's password--it prompts
for the password of the user that is currently logged in, and requires
that that user be configured correctly with sudo permissions. It could
be that the user in question is not set up with sudo permissions.
- Jamis
> --~--~---------~--~----~------------~-------~--~----~
> To unsubscribe from this group, send email to capistrano-...@googlegroups.com
> For more options, visit this group at http://groups.google.com/group/capistrano
> -~----------~----~----~----~------~----~------~--~---
>
Rebecca Blyth
Mar 14, 2008, 2:01:04 PM3/14/08
to Capistrano
Thanks, but it doesn't make any difference. That adds "-u root" to the
sudo command, but capistrano still seems to want to put in the root
password itself rather than prompting me to put it in.
I think I've found where it's doing it: in lib/capistrano/
configuration/actions/invocation.rb in the capistrano gem, I have:
def sudo(command, options={}, &block)
block ||= self.class.default_io_proc
options = options.dup
as = options.delete(:as)
user = as && "-u #{as}"
command = [fetch(:sudo, "sudo"), "-p '#{sudo_prompt}'",
user, command].compact.join(" ")
run(command, options, &sudo_behavior_callback(block))
end
def sudo_behavior_callback(fallback) #:nodoc:
# in order to prevent _each host_ from prompting when the
password
# was wrong, let's track which host prompted first and only
allow
# subsequent prompts from that host.
prompt_host = nil
Proc.new do |ch, stream, out|
if out =~ /^#{Regexp.escape(sudo_prompt)}/
ch.send_data "#{self[:password]}\n"
elsif out =~ /try again/
if prompt_host.nil? || prompt_host == ch[:server]
prompt_host = ch[:server]
logger.important out, "#{stream} :: #{ch[:server]}"
reset! :password
end
else
fallback.call(ch, stream, out)
end
end
end
This code appears to be putting in the password for the SSH user,
rather than prompting for the root password. Obviously I don't want to
have my server's root password sitting in a config file somewhere, so
I need this to prompt.
I think the issue is that sudo is set up on my server to want the
password of the target user, rather than that of the current user.
Thus I can run any command I want as root, as long as I know the root
password. Capistrano seems to be assuming that sudo wants the current
user's password rather than the target user's password.
R
sudo command, but capistrano still seems to want to put in the root
password itself rather than prompting me to put it in.
I think I've found where it's doing it: in lib/capistrano/
configuration/actions/invocation.rb in the capistrano gem, I have:
def sudo(command, options={}, &block)
block ||= self.class.default_io_proc
options = options.dup
as = options.delete(:as)
user = as && "-u #{as}"
command = [fetch(:sudo, "sudo"), "-p '#{sudo_prompt}'",
user, command].compact.join(" ")
run(command, options, &sudo_behavior_callback(block))
end
def sudo_behavior_callback(fallback) #:nodoc:
# in order to prevent _each host_ from prompting when the
password
# was wrong, let's track which host prompted first and only
allow
# subsequent prompts from that host.
prompt_host = nil
Proc.new do |ch, stream, out|
if out =~ /^#{Regexp.escape(sudo_prompt)}/
ch.send_data "#{self[:password]}\n"
elsif out =~ /try again/
if prompt_host.nil? || prompt_host == ch[:server]
prompt_host = ch[:server]
logger.important out, "#{stream} :: #{ch[:server]}"
reset! :password
end
else
fallback.call(ch, stream, out)
end
end
end
This code appears to be putting in the password for the SSH user,
rather than prompting for the root password. Obviously I don't want to
have my server's root password sitting in a config file somewhere, so
I need this to prompt.
I think the issue is that sudo is set up on my server to want the
password of the target user, rather than that of the current user.
Thus I can run any command I want as root, as long as I know the root
password. Capistrano seems to be assuming that sudo wants the current
user's password rather than the target user's password.
R
Rebecca Blyth
Mar 14, 2008, 2:02:51 PM3/14/08
to Capistrano
Cross-posting...
Yes, the user can sudo to root, but needs to give root's password not
its own.
Rebecca
> smime.p7s
> 3KDownload
Yes, the user can sudo to root, but needs to give root's password not
its own.
Rebecca
> 3KDownload
Reply all
Reply to author
Forward
0 new messages