You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@ant.apache.org by Tom Robinson <ya...@gmail.com> on 2008/11/12 09:23:21 UTC

ant and sudo

I need to run an "exec" task with superuser privileges but I've run  
into two problems with two different approaches:

1) Running "sudo ant" doesn't give me access to my user environment  
variables.

2) If I do <exec executable = "sudo" ><arg value = "actual_command" / 
 ></exec> it works, but only if I've entered my password for sudo  
recently... I can't enter the password for sudo through ant (I have to  
hit enter twice, then it says "Sorry, try again", at which point if I  
enter it again it *sometimes* works).

Resolving #1 would be ideal, and negate the need for resolving #2. I'm  
on Mac OS X (Leopard), if that matters.

Thanks in advance.

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@ant.apache.org
For additional commands, e-mail: user-help@ant.apache.org

Re: ant and sudo

Posted by Steve Loughran <st...@apache.org>.

Hendrik Maryns wrote:
> Steve Loughran schreef:
>> The way we do root level access is to ssh in to localhost and run stuff
>> as root there. you can either set up the <ssh> command with the relevant
>> (property driven) password, 
> 
> How would I do that?  I need something similar for <signjar>.  Right now
> I use a plain password in the task, but that is just a temporary
> solution, of course.
> 

1. you have a property file in a subdirectory that only you can read; it 
is not under SCM. If you have an OS that can encrypt bits of the 
filesystem, encrypt that file.

Call it something like servers/ with the name of a specific server 
underneath, ideally the hostname: here is chamonix.properties

#property settings to upload to chamonix steve's desktop
ssh.enabled=true
ssh.server=chamonix
ssh.user=stevel
ssh.dir=public_html
ssh.keyfile=${user.home}/.ssh/chamonix.private
ssh.passphrase=
ssh.verbose=true
ssh.trust=true

2. You have a target that takes the server name as a property, and loads 
the given file

  <target name="load-server-settings" depends="init">
     <fail unless="server">
       Failed.
       Set the "server" property to the name of a server
       whose connection settings are in a property file under
       ${server.dir}.
     </fail>
     <property name="ssh.propfile"
         location="${server.dir}/${server}.properties"/>
     <loadproperties srcfile="${ssh.propfile}"/>
     <echo>
       SCP target is ${ssh.server}
       User is ${ssh.user}
       trust=${ssh.trust}
       keyfile=${ssh.keyfile}
     </echo>
     <presetdef name="ssh-remote">
       <sshexec host="${ssh.server}"
           username="${ssh.user}"
           passphrase="${ssh.passphrase}"
           trust="${ssh.trust}"
           timeout="6000000"
           keyfile="${ssh.keyfile}"
           />
     </presetdef>
   </target>

You can then use the scp command to upload files



     <scp remoteToDir="${ssh.path}"
         passphrase="${ssh.passphrase}"
         keyfile="${ssh.keyfile}"
         trust="${ssh.trust}"
         verbose="${ssh.verbose}">
       <fileset refid="upload.fileset"/>
     </scp>

or the <ssh-remote> presetdef to issue remote commands

   <target name="ssh-ls" depends="load-server-settings">
     <ssh-remote command="ls"/>
   </target>

To run against a server,

ant ssh-ls -Dserver=chamonix

What you must not do is stick passwords on the command line, as anyone 
else on a unix system can see those arguments via the ps command.

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@ant.apache.org
For additional commands, e-mail: user-help@ant.apache.org

Re: ant and sudo

Posted by Hendrik Maryns <qw...@sneakemail.com>.

Steve Loughran schreef:
> The way we do root level access is to ssh in to localhost and run stuff
> as root there. you can either set up the <ssh> command with the relevant
> (property driven) password, 

How would I do that?  I need something similar for <signjar>.  Right now
I use a plain password in the task, but that is just a temporary
solution, of course.

H.
-- 
Hendrik Maryns
http://tcl.sfs.uni-tuebingen.de/~hendrik/
==================
Ask smart questions, get good answers:
http://www.catb.org/~esr/faqs/smart-questions.html

Re: ant and sudo

Posted by Steve Loughran <st...@apache.org>.

Tom Robinson wrote:
> I need to run an "exec" task with superuser privileges but I've run into 
> two problems with two different approaches:
> 
> 1) Running "sudo ant" doesn't give me access to my user environment 
> variables.
> 
> 2) If I do <exec executable = "sudo" ><arg value = "actual_command" 
> /></exec> it works, but only if I've entered my password for sudo 
> recently... I can't enter the password for sudo through ant (I have to 
> hit enter twice, then it says "Sorry, try again", at which point if I 
> enter it again it *sometimes* works).
> 
> Resolving #1 would be ideal, and negate the need for resolving #2. I'm 
> on Mac OS X (Leopard), if that matters.

The way we do root level access is to ssh in to localhost and run stuff 
as root there. you can either set up the <ssh> command with the relevant 
(property driven) password, or set up the ssh keys so that you can ssh 
in to root@localhost using keys alone.

-- 
Steve Loughran                  http://www.1060.org/blogxter/publish/5
Author: Ant in Action           http://antbook.org/

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@ant.apache.org
For additional commands, e-mail: user-help@ant.apache.org