Using Capistrano to sudo su as another user
475 views
Skip to first unread message
David Adams
Dec 7, 2007, 1:45:02 PM12/7/07
to Capistrano
I love the idea of Capistrano, but it's not working for me in my
environment. I hope there's something simple I'm missing, but I'm not
sure. Here's the situation:
I don't have root on the app servers I need to automate. For each
application, we have a Unix user for which I don't have the password,
but which owns all the appropriate application files. To administer an
app, I log in with my personal account, and then I "sudo su - svcuser"
to become the service account, run whatever commands I need, then
logout twice.
Unfortunately, my limited understanding of Capistrano has failed me at
this point. eg:
task :sudo_test do
sudo "su - svcuser"
run "whoami"
end
I get prompted for my password, but then I get the shell prompt of the
svcuser's shell as output and everything hangs.
Any ideas? Let me know if you need more information. I appreciate the
help.
David Adams
environment. I hope there's something simple I'm missing, but I'm not
sure. Here's the situation:
I don't have root on the app servers I need to automate. For each
application, we have a Unix user for which I don't have the password,
but which owns all the appropriate application files. To administer an
app, I log in with my personal account, and then I "sudo su - svcuser"
to become the service account, run whatever commands I need, then
logout twice.
Unfortunately, my limited understanding of Capistrano has failed me at
this point. eg:
task :sudo_test do
sudo "su - svcuser"
run "whoami"
end
I get prompted for my password, but then I get the shell prompt of the
svcuser's shell as output and everything hangs.
Any ideas? Let me know if you need more information. I appreciate the
help.
David Adams
Tony Davis
Dec 18, 2007, 3:17:16 PM12/18/07
to Capistrano
I have the same problem, any solutions?
Paul Dowman
Dec 18, 2007, 3:30:40 PM12/18/07
to capis...@googlegroups.com
I think the problem might be that the line sudo "su - svcuser" will
result in an interactive shell, it's waiting for an input, and
capistrano is waiting for it to exit before it runs the next command
("whoami").
result in an interactive shell, it's waiting for an input, and
capistrano is waiting for it to exit before it runs the next command
("whoami").
BTW, you shouldn't need to combine su and sudo, they both do roughly
the same thing. Instead of using su, you could just use sudo to run
the command, su is redundant in this case. I think what you want might
be:
run "sudo -u svcuser whoami"
This will run the command whoami as the user svcuser. Ensure that
/etc/sudoers allows the whoami command to run.
Paul
John Ward
Dec 18, 2007, 4:08:59 PM12/18/07
to capis...@googlegroups.com
Seen Jamis posting this technique to add a prompt to a remote call, you
could tailor to your needs.
# channel: the SSH channel object used for this response
# stream: either :err or :out, for stderr or stdout responses
# output: the text that the server is sending, might be in chunks
run "apt-get update" do |channel, stream, output|
if output =~ /Are you sure?/
answer = Capistrano::CLI.ui.ask("Are you sure: ")
channel.send_data(answer + "\n")
else
# allow the default callback to be processed
Capistrano::Configuration.default_io_proc.call[channel, stream, output]
end
end
John George
Dec 18, 2007, 7:22:19 PM12/18/07
to Capistrano
I was able to work around a similar issue by running the sudo command,
and in the /etc/sudoers file making sure that no password is prompted
for the executable
Hope this helps,
John George
> > David Adams- Hide quoted text -
>
> - Show quoted text -
and in the /etc/sudoers file making sure that no password is prompted
for the executable
Hope this helps,
John George
>
> - Show quoted text -
Reply all
Reply to author
Forward
0 new messages