rubysu's Introduction

Ruby Sudo

Give Ruby objects superuser privileges.

Based on dRuby and sudo.

Only tested with MRI.

Usage

Your user must be allowed, in /etc/sudoers, to run ruby and kill commands as root.

A password may be required from the console, depending on the NOPASSWD options in /etc/sudoers.

Spawns a sudo-ed Ruby process running a DRb server. Communication is done via a Unix socket (and, of course, permissions are set to 0600).

No long-running daemons involved, everything is created on demand.

Access control is entirely delegated to sudo.

Application Code

Let's start with a trivial example:

require 'my_gem/my_class'
require 'sudo'

obj   = MyGem::MyClass.new

# Now, create a Sudo::Wrapper object:
sudo  = Sudo::Wrapper.new

# 'mygem/myclass' will be automatically required in the
# sudo DRb server

# Start the sudo-ed Ruby process:
sudo.start!
sudo[obj].my_instance_method
sudo[MyClass].my_class_method

# Call stop! when finished, otherwise, that will be done
# when the `sudo` object gets garbage-collected.
sudo.stop!

A convienient utility for working with sudo is to use the run method and pass it a block. Run will automatically start and stop the ruby sudo process around the block.

require 'fileutils'
require 'sudo'

Sudo::Wrapper.run do |sudo|
  sudo[FileUtils].mkdir_p '/ONLY/ROOT/CAN/DO/THAT'
end
# Sockets and processes are closed automatically when the block exits

Both Sudo::Wrapper.run and Sudo::Wrapper.new take the same named arguments: ruby_opts (default: '' ) and load_gems (default: true).

If you'd like to pass options to the sudo-spawned ruby process, pass them as a string to ruby_opts.

If you'd like to prevent the loading of gems currently loaded from the calling program, pass false to load_gems. This will give your sudo process a unmodifed environment. The only things required via the sudo process are 'drb/drb', 'fileutils', and of course 'sudo'.

Todo

sudo has a -A option to accept password via an external program (maybe graphical): support this feature.

Credits

Author and Copyright

Guido De Rosa (@gderosa).

See LICENSE.

Contributors

Dale Stevens (@voltechs)

Robert M. Koch (@threadmetal)

Wolfgang Teuber (@wteuber)

Other aknowledgements

Thanks to Tony Arcieri and Brian Candler for suggestions on ruby-talk.

Initially developed by G. D. while working at @vemarsas.

Contributing

Fork it ( https://github.com/gderosa/rubysu/fork )
Create your feature branch (git checkout -b my-new-feature)
Commit your changes (git commit -am 'Add some feature')
Push to the branch (git push origin my-new-feature)
Create a new Pull Request

rubysu's People

Contributors

Stargazers

Watchers

rubysu's Issues

Introduce `develop` branch

@gderosa how do you feel about introducing a develop branch to the repo?

dsl is utterly fragile

Net::HTTP inherited loading bug

When the parent script loads the net/http library, the Sudo::Wrapper appears to improperly inherit this dependency, and throws the following error upon start!:

(drbunix:/tmp/rubysu-26896-76952480) /usr/lib/ruby/2.3.0/net/http/requests.rb:8:in `<top (required)>': uninitialized constant Net::HTTP (NameError)
Did you mean?  Net::HTTPNotImplemented
               Net::HTTPMultipleChoice
[... lots more ...]
               Net::HTTP [Ironically]
	from (drbunix:/tmp/rubysu-26896-76952480) ~/.gem/ruby/2.3.0/gems/sudo-0.1.1/lib/sudo/proxy.rb:17:in `require'
	from (drbunix:/tmp/rubysu-26896-76952480) ~/.gem/ruby/2.3.0/gems/sudo-0.1.1/lib/sudo/proxy.rb:17:in `proxy'
	from (drbunix:/tmp/rubysu-26896-76952480) /usr/lib/ruby/2.3.0/drb/drb.rb:1624:in `perform_without_block'
	from (drbunix:/tmp/rubysu-26896-76952480) /usr/lib/ruby/2.3.0/drb/drb.rb:1584:in `perform'
	from (drbunix:/tmp/rubysu-26896-76952480) /usr/lib/ruby/2.3.0/drb/drb.rb:1657:in `block (2 levels) in main_loop'
	from (drbunix:/tmp/rubysu-26896-76952480) /usr/lib/ruby/2.3.0/drb/drb.rb:1653:in `loop'
	from (drbunix:/tmp/rubysu-26896-76952480) /usr/lib/ruby/2.3.0/drb/drb.rb:1653:in `block in main_loop'
	from ~/.gem/ruby/2.3.0/gems/sudo-0.1.1/lib/sudo/wrapper.rb:90:in `block in load_features'
	from ~/.gem/ruby/2.3.0/gems/sudo-0.1.1/lib/sudo/wrapper.rb:89:in `each'
	from ~/.gem/ruby/2.3.0/gems/sudo-0.1.1/lib/sudo/wrapper.rb:89:in `load_features'
	from ~/.gem/ruby/2.3.0/gems/sudo-0.1.1/lib/sudo/wrapper.rb:79:in `start!'

A workaround is to explicitly load net/http like this:

Sudo::Wrapper.run('-rnet/http')

It appears that the problem is because Sudo is loading net/http/requests.rb before net/http.rb.

Recommend Projects

twilightcoders / rubysu Goto Github PK

rubysu's Introduction

Ruby Sudo

Usage

Application Code

Todo

Credits

Author and Copyright

Contributors

Other aknowledgements

Contributing

rubysu's People

Contributors

Stargazers

Watchers

Forkers

rubysu's Issues

Recommend Projects

Recommend Topics

Recommend Org