My system is setup to allow for a certain user to run sudo commands without password prompting. This has been working fine for ages. Now I come across a very unusual problem, where certain commands are prompting for a sudo password. I think this is because fabric is parsing the output and decides that a password is being requested on the far end.
But, actually, this is wrong! No password is being requested (I can run the same command just fine with ssh, no passwords prompted). I have at least identified the command ps -ef as problematic, I think because of the kind of output that is being produced.
In fact, the command ps -ef is also showing the command that fabric is using to run this command on the far end, and I think this is confusing fabric. It is probably thinking that a sudo in the output means password is needed. This is the part of the output which is blocking fabric to prompt for a password:
[aaaa#bbbb:22] out: aaaa 9917 9790 0 15:10 ? 00:00:00 sshd: aaaa#notty
[aaaa#bbbb:22] out: root 9918 9917 0 15:10 ? 00:00:00 sudo -S -p sudo password:
Is it possible to tell fabric no to parse the output at all, or at least not to prompt for a password?
try setting your shell to false before calling your command.
env.shell = False
Related
I am creating a Python script to install AUR packages but can't figure out how to detect yes/no and root password prompts.
So far what I have managed is to get rid of yes/no prompts using yes command, like this.
cmd = r'yes y | makepkg -si'
output = subprocess.Popen(cmd, stdout=subprocess.PIPE, shell=True, universal_newlines=True)
But still 2 problems persist:
Detect the password prompt: The password prompt appears mainly after makepkg enters in fakeroot. IDK how to detect that and supply the password from the script. There is no pattern actually. Some package evoke 1 y/n prompt while some prompt more than 1.
Enter actual password: Actually, I want to enter password through a GUI. So, basically, I want user to input password in a text box that I will create using Tkinter.
tkinter.simpledialog.askstring("Password", "Enter password:", show='*')
I am confused how to implement this. I looked up this problem already and some Stack Overflow posts demonstrate the use of pexpect but I am having hard time understanding it. But if it can be done using the standard libraries then it would be great.
Detect the password prompt: The password prompt appears mainly after makepkg enters in fakeroot. IDK how to detect that and supply the password from the script. There is no pattern actually. Some package evoke 1 y/n prompt while some prompt more than 1.
There is a pattern. An y/n prompt is shown when:
makepkg invokes pacman to install build dependencies (for the -s option);
makepkg invokes pacman to install the freshly built package (for the -i option);
makepkg invokes pacman to remove the build dependencies (for the -r option).
makepkg invokes pacman to...
In all cases, if makepkg is given the --noconfirm option, it will pass that to pacman as well.
Enter actual password: Actually, I want to enter password through a GUI. So, basically, I want user to input password in a text box that I will create using Tkinter.
The password prompt, if any, is shown by sudo. Sudo supports running external "askpass" tools through the SUDO_ASKPASS environment variable.
Write or install a program that shows the password prompt and outputs the password to stdout (e.g. ssh-askpass or zenity would do), then set the SUDO_ASKPASS environment variable to the program's path:
export SUDO_ASKPASS=/usr/local/bin/ssh-askpass
Finally, edit ~/.config/pacman/makepkg.conf to make makepkg run sudo -A for elevation, activating the "graphical askpass" feature:
PACMAN_AUTH=(sudo -A)
Please note, I'm NOT asking about the user running it but rather did he run it as sudo command or not
I have a python script, which I want to obligate the user to run it like this:
sudo python3 script.py
and not like this:
python3 script.py
How can I do verify in run time if it was run correctly or not (if so end program using sys.exit())?
Check out this topic:
What is the best way for checking if the user of a script has root-like privileges?
It has a bunch of solutions that you might find helpful.
I am trying to run this command sudo nmap -sP -n with python subprocess library, my goal is creating script when I run the command the script will read the password from a file and add it to the subprocess and execute the command. The problem is that I allways have to write password to execute the command.
I have tried this, but it did not work for me.
p = subprocess.Popen(["sudo", "nmap", "-sP", "-n", network], stdin=subprocess.PIPE, stdout=subprocess.PIPE)
p.stdin.write(bytes("Mypassword", "utf-8"))
I found some solutions here Use subprocess to send a password, I tried all of them but it did not work for me. Any idea how can I solve the problem?
The sudo man page specifies:
-S, --stdin
Write the prompt to the standard error and read the password from the stan‐
dard input instead of using the terminal device. The password must be fol‐
lowed by a newline character.
Running the following code should fix your issue:
p = subprocess.Popen(["sudo", "-S", "cmd"], stdin=subprocess.PIPE, stdout=subprocess.PIPE)
p.stdin.write("password\n")
Obviously, make sure you give the right password or this won't work. Also, don't forget to add \n at the end.
As an alternative, you can run nmap as an unprivileged user. This will allow you to use nmap --privileged ... which doesn't require a password. As specified in the link though, make sure you understand the security concerns to make sure it isn't an issue for your use case.
I am running my python in ubuntu and trying to make a script that communicates with the shell. My script is simple
import os
os.system('sudo su - xyz')
when I run the script and try to login xyz, it asks for the password in my shell. But how do I send the password via the python script and just login.? Is there a better way to do this ?
Piping a hardcoded password into stdin so that you don't have to input it for a command which requires sudoer privileges is overthinking it (in addition to being highly insecure).
Just assume in your Python script that you are root (i.e. don't execute commands with sudo).
import os
os.system('su - xyz')
Then launch your Python script with sudo.
$ sudo python foo.py
Unless you have some weird requirements, this is the most natural way to do it.
You can try piping the password into the commandline string.
NOTE: This is VERY insecure. Anyone has access to your python script will know your password and can get a hold of your system.
import os
password = 'ABCDEFG'
os.system('echo {} | sudo -S su - xyz'.format(password))
EDIT: Note adding echo and -S to sudo, so it can accept password from a pipe
I am making a python script that will not be running in the terminal and as it has to sudo multiple scripts I need to be able to enter the password from the script. What I mean is this: A program that I wrote and only I am going to use starts. It uses a gui box to ask for my sudo password. I give it to it, and then it enters it when needed. I get the textbox part downpath, but how do I enter the password into the sudo program from python?
I found my answer here: https://superuser.com/questions/67765/sudo-with-password-in-one-command-line
It works like this:
$echo <password> | sudo -S <command>