You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@ant.apache.org by Tom Robinson <ya...@gmail.com> on 2008/11/12 09:23:21 UTC
ant and sudo
I need to run an "exec" task with superuser privileges but I've run
into two problems with two different approaches:
1) Running "sudo ant" doesn't give me access to my user environment
variables.
2) If I do <exec executable = "sudo" ><arg value = "actual_command" /
></exec> it works, but only if I've entered my password for sudo
recently... I can't enter the password for sudo through ant (I have to
hit enter twice, then it says "Sorry, try again", at which point if I
enter it again it *sometimes* works).
Resolving #1 would be ideal, and negate the need for resolving #2. I'm
on Mac OS X (Leopard), if that matters.
Thanks in advance.
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@ant.apache.org
For additional commands, e-mail: user-help@ant.apache.org
Re: ant and sudo
Posted by Steve Loughran <st...@apache.org>.
Hendrik Maryns wrote:
> Steve Loughran schreef:
>> The way we do root level access is to ssh in to localhost and run stuff
>> as root there. you can either set up the <ssh> command with the relevant
>> (property driven) password,
>
> How would I do that? I need something similar for <signjar>. Right now
> I use a plain password in the task, but that is just a temporary
> solution, of course.
>
1. you have a property file in a subdirectory that only you can read; it
is not under SCM. If you have an OS that can encrypt bits of the
filesystem, encrypt that file.
Call it something like servers/ with the name of a specific server
underneath, ideally the hostname: here is chamonix.properties
#property settings to upload to chamonix steve's desktop
ssh.enabled=true
ssh.server=chamonix
ssh.user=stevel
ssh.dir=public_html
ssh.keyfile=${user.home}/.ssh/chamonix.private
ssh.passphrase=
ssh.verbose=true
ssh.trust=true
2. You have a target that takes the server name as a property, and loads
the given file
<target name="load-server-settings" depends="init">
<fail unless="server">
Failed.
Set the "server" property to the name of a server
whose connection settings are in a property file under
${server.dir}.
</fail>
<property name="ssh.propfile"
location="${server.dir}/${server}.properties"/>
<loadproperties srcfile="${ssh.propfile}"/>
<echo>
SCP target is ${ssh.server}
User is ${ssh.user}
trust=${ssh.trust}
keyfile=${ssh.keyfile}
</echo>
<presetdef name="ssh-remote">
<sshexec host="${ssh.server}"
username="${ssh.user}"
passphrase="${ssh.passphrase}"
trust="${ssh.trust}"
timeout="6000000"
keyfile="${ssh.keyfile}"
/>
</presetdef>
</target>
You can then use the scp command to upload files
<scp remoteToDir="${ssh.path}"
passphrase="${ssh.passphrase}"
keyfile="${ssh.keyfile}"
trust="${ssh.trust}"
verbose="${ssh.verbose}">
<fileset refid="upload.fileset"/>
</scp>
or the <ssh-remote> presetdef to issue remote commands
<target name="ssh-ls" depends="load-server-settings">
<ssh-remote command="ls"/>
</target>
To run against a server,
ant ssh-ls -Dserver=chamonix
What you must not do is stick passwords on the command line, as anyone
else on a unix system can see those arguments via the ps command.
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@ant.apache.org
For additional commands, e-mail: user-help@ant.apache.org
Re: ant and sudo
Posted by Hendrik Maryns <qw...@sneakemail.com>.
Steve Loughran schreef:
> The way we do root level access is to ssh in to localhost and run stuff
> as root there. you can either set up the <ssh> command with the relevant
> (property driven) password,
How would I do that? I need something similar for <signjar>. Right now
I use a plain password in the task, but that is just a temporary
solution, of course.
H.
--
Hendrik Maryns
http://tcl.sfs.uni-tuebingen.de/~hendrik/
==================
Ask smart questions, get good answers:
http://www.catb.org/~esr/faqs/smart-questions.html
Re: ant and sudo
Posted by Steve Loughran <st...@apache.org>.
Tom Robinson wrote:
> I need to run an "exec" task with superuser privileges but I've run into
> two problems with two different approaches:
>
> 1) Running "sudo ant" doesn't give me access to my user environment
> variables.
>
> 2) If I do <exec executable = "sudo" ><arg value = "actual_command"
> /></exec> it works, but only if I've entered my password for sudo
> recently... I can't enter the password for sudo through ant (I have to
> hit enter twice, then it says "Sorry, try again", at which point if I
> enter it again it *sometimes* works).
>
> Resolving #1 would be ideal, and negate the need for resolving #2. I'm
> on Mac OS X (Leopard), if that matters.
The way we do root level access is to ssh in to localhost and run stuff
as root there. you can either set up the <ssh> command with the relevant
(property driven) password, or set up the ssh keys so that you can ssh
in to root@localhost using keys alone.
--
Steve Loughran http://www.1060.org/blogxter/publish/5
Author: Ant in Action http://antbook.org/
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@ant.apache.org
For additional commands, e-mail: user-help@ant.apache.org