2
import os, sys, time

servers = ['dev','admin','db1']
for s in servers:
    cmd = 'scp /etc/hosts regular_user@%s:/etc/hosts' % s
    print cmd
    os.system(cmd)

I have written this script to copy my current HOSTS file to all my other servers. However, I would like to do this from a regular user, not ROOT.

Since over-writing /etc/hosts takes root privelages, I would like to do SUDO. How can I put sudo inside that script?

This won't work, because it is permission denied to change /etc/hosts file.

cmd = 'sudo scp /etc/hosts regular_user@%s:/etc/hosts' % s
Alex
  • 8,471
  • 26
  • 75
  • 99

5 Answers5

6

cat /etc/hosts | ssh otherhost "sudo sh -c 'cat >/etc/hosts'" will do the trick.

Jim Zajkowski
  • 1,604
  • 12
  • 11
  • `< /etc/hosts ssh otherhost "sudo tee /etc/hosts > /dev/null"` - otherwise you get the "Useless use of `sh` award" – user1686 Nov 01 '09 at 11:51
  • At least I'll understand my command line when I read it again in six months. Using `tee` to avoid a call to `sh` is certainly a candidate for "Obfuscated Command Line" or "Confusing Use of Side Effect." `tee` was made to watch the output of a command while logging the results, not as a replacement for redirection. – Jim Zajkowski Nov 01 '09 at 21:40
1

You need to do the sudo on the remote host instead of locally. Obviously for this to work, your account on the remote host will need sudo permissions to run the relevant copy command. It would look something like this:

cmd = 'scp /etc/hosts regular_user@%s:/tmp/hosts' % s
os.system(cmd)
cmd = 'ssh regular_user@%s sudo cp /tmp/hosts /etc/hosts' % s
os.system(cmd)

You might find using a framework like fabric or a configuration management system like cfengine or puppet to be a better long term choice...

easel
  • 2,239
  • 2
  • 12
  • 4
1

This is easily done using Paramiko (the native Python SSH client) rather than calling the ssh command.

  • Use Paramiko to scp the file to /tmp on the remoteserver
  • Use Paramiko to run 'sudo cp /tmp/hosts /etc/hosts' on the remove server.

There are many examples of Paramiko being used for scp, and to run commands with sudo, available on the web.

mikemaccana
  • 3,370
  • 5
  • 25
  • 29
0

What you probably want to do is turn on the suid bit on this file which should be owned by root. Then whenever a non-privileged user runs the script it will be running as superuser

ennuikiller
  • 838
  • 8
  • 8
0

The trouble here is that you are trying to copy a file to a remote server as a non-privileged user (using your login credentials with the scp command).

In order to take advantage of sudo on the remote computer, you'd have to execute a command there to initiate the transfer. It might look something like this:

ssh regular_user@remote.computer sudo scp myuser@local.computer:/etc/hosts /etc/hosts

This essentially logs you into the remote computer as a regular user, then issues the sudo command to copy the file from your local computer to the remote one. The scp logic will look a little backwards, since it is being executed form the perspective of the remote host.

You might have to do some work to get ssh to accept passwords form your script, though. Especially since you are logging into a remote computer and telling it to log back into your local computer.

jheddings
  • 131
  • 3