Discussion:
[Fab-user] fabric cannot get root readonly directory with sudo
cruxpot
2016-02-09 20:34:33 UTC
Permalink
This is with fabric 1.10.2-1 on a debian linux platform. When I do a get
operation a sudo user with root privs, I can get a single file that is root
read-only such as /etc/shadow. I can also get world-readable directories
that are world readable. However, if I try to retrieve an entire directory
that is root read-only, I get a null result returned from get.

Here is the line of code that causes the issue. I have tried this with both
temp_dir set to a /tmp/subdir and not setting temp_dir at all.

getresult = get(remote_path=self.getfile,
local_path=os.path.join(self.output_path, subdir), use_sudo=True,
temp_dir=self.dirname)

values:
localpath: './folder' , remotepath: '/root', temp_dir: '/tmp/DkoK8aMM'

returned getresult value: '[]'

If I retrieve folder /root/* with the glob instead, I get this error:
Fatal error: get() encountered an exception while downloading '/root/*'

Underlying exception:
Permission denied

This only happens on root read-only directories and I am positive my sudo
is set up correctly as I can run remote commands such as 'id' and I see it
is as root. user is in the wheel group. and like I said I can get root
read-only single files without an issue; only directories are problematic.


Is this a bug? I suppose I could do a workaround by copying files manually
to a tmp directory and then doing a chown and getting them but I thought
the temp_dir option was supposed to do this for me.
Robin Kåveland Hansen
2016-02-10 07:37:14 UTC
Permalink
I’m pretty sure this must be a bug, yeah. I looked quickly over the code, it looks like the glob is causing a `listdir` call to be run without sufficient priveleges which is probably why you’re getting the permission denied. I’d guess this is also what happens when you try to `get` the directory itself (this is swallowed by fabric inside a `ftp.walk` function).

I’ll comment what I found on your github issue. For now, I suggest you try the workaround as I don’t know when this can be investigated further in fabric.
On 9 February 2016 at 21:34:41, cruxpot (***@gmail.com) wrote:

This is with fabric 1.10.2-1 on a debian linux platform. When I do a get operation a sudo user with root privs, I can get a single file that is root read-only such as /etc/shadow. I can also get world-readable directories that are world readable. However, if I try to retrieve an entire directory that is root read-only, I get a null result returned from get.

Here is the line of code that causes the issue. I have tried this with both temp_dir set to a /tmp/subdir and not setting temp_dir at all.

getresult = get(remote_path=self.getfile, local_path=os.path.join(self.output_path, subdir), use_sudo=True, temp_dir=self.dirname)

values:
localpath: './folder' , remotepath: '/root', temp_dir: '/tmp/DkoK8aMM'

returned getresult value: '[]'

If I retrieve folder /root/* with the glob instead, I get this error:
Fatal error: get() encountered an exception while downloading '/root/*'

Underlying exception:
Permission denied

This only happens on root read-only directories and I am positive my sudo is set up correctly as I can run remote commands such as 'id' and I see it is as root. user is in the wheel group. and like I said I can get root read-only single files without an issue; only directories are problematic. 

Is this a bug? I suppose I could do a workaround by copying files manually to a tmp directory and then doing a chown and getting them but I thought the temp_dir option was supposed to do this for me.
_______________________________________________
Fab-user mailing list
Fab-***@nongnu.org
https://lists.nongnu.org/mailman/listinfo/fab-user
-- 
Vennlig hilsen,
Robin KÃ¥veland Hansen
cruxpot
2016-02-10 15:11:36 UTC
Permalink
Thanks for confirming. I will proceed with a workaround. Do you have an
expected 2.0 release date?
Post by Robin KÃ¥veland Hansen
I’m pretty sure this must be a bug, yeah. I looked quickly over the code,
it looks like the glob is causing a `listdir` call to be run without
sufficient priveleges which is probably why you’re getting the permission
denied. I’d guess this is also what happens when you try to `get` the
directory itself (this is swallowed by fabric inside a `ftp.walk` function).
I’ll comment what I found on your github issue. For now, I suggest you try
the workaround as I don’t know when this can be investigated further in
fabric.
This is with fabric 1.10.2-1 on a debian linux platform. When I do a get
operation a sudo user with root privs, I can get a single file that is root
read-only such as /etc/shadow. I can also get world-readable directories
that are world readable. However, if I try to retrieve an entire directory
that is root read-only, I get a null result returned from get.
Here is the line of code that causes the issue. I have tried this with
both temp_dir set to a /tmp/subdir and not setting temp_dir at all.
getresult = get(remote_path=self.getfile,
local_path=os.path.join(self.output_path, subdir), use_sudo=True,
temp_dir=self.dirname)
localpath: './folder' , remotepath: '/root', temp_dir: '/tmp/DkoK8aMM'
returned getresult value: '[]'
Fatal error: get() encountered an exception while downloading '/root/*'
Permission denied
This only happens on root read-only directories and I am positive my sudo
is set up correctly as I can run remote commands such as 'id' and I see it
is as root. user is in the wheel group. and like I said I can get root
read-only single files without an issue; only directories are problematic.
Is this a bug? I suppose I could do a workaround by copying files manually
to a tmp directory and then doing a chown and getting them but I thought
the temp_dir option was supposed to do this for me.
_______________________________________________
Fab-user mailing list
https://lists.nongnu.org/mailman/listinfo/fab-user
--
Vennlig hilsen,
Robin KÃ¥veland Hansen
Robin Kåveland Hansen
2016-02-10 19:59:13 UTC
Permalink
I don’t know when 2.0 hits the street — bitprophet (the maintainer) is currently focusing on making invoke ready to support fabric 2.0.

--
Kind regards,
Robin KÃ¥veland Hansen
Thanks for confirming. I will proceed with a workaround. Do you have an expected 2.0 release date?
Post by Robin KÃ¥veland Hansen
I’m pretty sure this must be a bug, yeah. I looked quickly over the code, it looks like the glob is causing a `listdir` call to be run without sufficient priveleges which is probably why you’re getting the permission denied. I’d guess this is also what happens when you try to `get` the directory itself (this is swallowed by fabric inside a `ftp.walk` function).
I’ll comment what I found on your github issue. For now, I suggest you try the workaround as I don’t know when this can be investigated further in fabric.
Post by Robin KÃ¥veland Hansen
This is with fabric 1.10.2-1 on a debian linux platform. When I do a get operation a sudo user with root privs, I can get a single file that is root read-only such as /etc/shadow. I can also get world-readable directories that are world readable. However, if I try to retrieve an entire directory that is root read-only, I get a null result returned from get.
Here is the line of code that causes the issue. I have tried this with both temp_dir set to a /tmp/subdir and not setting temp_dir at all.
getresult = get(remote_path=self.getfile, local_path=os.path.join(self.output_path, subdir), use_sudo=True, temp_dir=self.dirname)
localpath: './folder' , remotepath: '/root', temp_dir: '/tmp/DkoK8aMM'
returned getresult value: '[]'
Fatal error: get() encountered an exception while downloading '/root/*'
Permission denied
This only happens on root read-only directories and I am positive my sudo is set up correctly as I can run remote commands such as 'id' and I see it is as root. user is in the wheel group. and like I said I can get root read-only single files without an issue; only directories are problematic.
Is this a bug? I suppose I could do a workaround by copying files manually to a tmp directory and then doing a chown and getting them but I thought the temp_dir option was supposed to do this for me.
_______________________________________________
Fab-user mailing list
https://lists.nongnu.org/mailman/listinfo/fab-user
--
Vennlig hilsen,
Robin KÃ¥veland Hansen
cruxpot
2016-02-11 05:59:27 UTC
Permalink
You guys who have developed fabric have done an outstanding job. I love the
library and it has greatly improved automating important operations. Hope
2.0 is released in the near future. I am looking forward to it.
Post by Robin KÃ¥veland Hansen
I don’t know when 2.0 hits the street — bitprophet (the maintainer) is
currently focusing on making invoke ready to support fabric 2.0.
--
Kind regards,
Robin KÃ¥veland Hansen
Thanks for confirming. I will proceed with a workaround. Do you have an
expected 2.0 release date?
I’m pretty sure this must be a bug, yeah. I looked quickly over the code,
it looks like the glob is causing a `listdir` call to be run without
sufficient priveleges which is probably why you’re getting the permission
denied. I’d guess this is also what happens when you try to `get` the
directory itself (this is swallowed by fabric inside a `ftp.walk` function).
I’ll comment what I found on your github issue. For now, I suggest you try
the workaround as I don’t know when this can be investigated further in
fabric.
This is with fabric 1.10.2-1 on a debian linux platform. When I do a get
operation a sudo user with root privs, I can get a single file that is root
read-only such as /etc/shadow. I can also get world-readable directories
that are world readable. However, if I try to retrieve an entire directory
that is root read-only, I get a null result returned from get.
Here is the line of code that causes the issue. I have tried this with
both temp_dir set to a /tmp/subdir and not setting temp_dir at all.
getresult = get(remote_path=self.getfile,
local_path=os.path.join(self.output_path, subdir), use_sudo=True,
temp_dir=self.dirname)
localpath: './folder' , remotepath: '/root', temp_dir: '/tmp/DkoK8aMM'
returned getresult value: '[]'
Fatal error: get() encountered an exception while downloading '/root/*'
Permission denied
This only happens on root read-only directories and I am positive my sudo
is set up correctly as I can run remote commands such as 'id' and I see it
is as root. user is in the wheel group. and like I said I can get root
read-only single files without an issue; only directories are problematic.
Is this a bug? I suppose I could do a workaround by copying files manually
to a tmp directory and then doing a chown and getting them but I thought
the temp_dir option was supposed to do this for me.
_______________________________________________
Fab-user mailing list
https://lists.nongnu.org/mailman/listinfo/fab-user
--
Vennlig hilsen,
Robin KÃ¥veland Hansen
Loading...