I am running a python command that generates some code and checks out some commits using git. However an exception is raised when it tries to create the file .git/index.lock. Root owns the directory so I can't create any file without sudo.
I have tried running the command with sudo (sudo ./run.py ). This also didn't work because then it can't find my ssh key. Can I get around this without changing the ownership of .git, and without creating a root ssh key? Both of these things I do not want. I have seen similar questions like these but none of those answers works here.
fatal: Unable to create '/path/.git/index.lock': Permission denied
Traceback (most recent call last):
File "./run.py", line 155 in <module>
...
...
File "/usr/lib/python3.6/subprocess.py", line 418 in run
output=stdout, stderr=stderr)
subprocess.CalledProcessError: Command '['git', 'reset', '--hard', <hash>]' returned non-zero exist status 128.
You won't be able to perform any Git checkouts without permissions to write to the repository. However, if you want to use your SSH key, you can try running with sudo -E instead of plain sudo. That will ask sudo to preserve your home directory and any agent variables, which will let you use your SSH key.
Note that on some systems, the ability to preserve the environment is disabled or restricted, and consequently this won't work in those cases. In such an environment, you'd need to edit /etc/sudoers or use some other technique for credentials (such as a root-owned credential store and HTTPS).
Your have to clone git repository using http or https.
And execute below command:
git config —global credential.helper wincred
git fetch
First time it will ask for password and save it.
Next execution of git fetch it will not ask password.
Note: In case of password change you have to do same thing.
Related
I am working on a microservice for which have written the following script for a user, which wants to ssh into an remote environment and git clone a repo. I have specified the GIT_SSH and GIT_PYTHON_GIT_EXECUTABLE for the environment and then run git clone.
def clone_if_local_repo_absent(local_repo_path, remote_repo_url):
GIT_SSH = '...'
GIT_PYTHON_GIT_EXECUTABLE = '/usr/bin/git'
my_env = os.environ.copy()
my_env["GIT_SSH"] = GIT_SSH
my_env["GIT_PYTHON_GIT_EXECUTABLE"] = GIT_PYTHON_GIT_EXECUTABLE
# Clones to directory specified
exe_command = shlex.split('git clone {remote_repo_url} {repo_name}'.format(remote_repo_url=remote_repo_url, repo_name=local_repo_path))
subprocess.check_call(exe_command, env=my_env, shell=True)
On running the script, I get the error: Command '['git', 'clone', remote_repo_url, 'LOCAL']' returned non-zero exit status 127.
How can I fix this error?
As mentioned in Git ProBook:
GIT_SSH, if specified, is a program that is invoked instead of ssh when Git tries to connect to an SSH host.
It is invoked like $GIT_SSH [username#]host [-p <port>] <command>.
Note that this isn’t the easiest way to customize how ssh is invoked; it won’t support extra command-line parameters, so you’d have to write a wrapper script and set GIT_SSH to point to it.
It’s probably easier just to use the ~/.ssh/config file for that.
SO this is not executed on the remote side at all. It is executed to connect to the remote server.
If Git is not installed on the remote environment, any git clone executed from the ssh session would not work.
I'm trying to execute the following command in Python:
shutil.rmtree('/var/www')
but that gives me the following error:
PermissionError: [Errno 13] Permission denied: '/var/www'
I've tried executing this command before that command to change permissions on the directory
subprocess.call(['sudo', 'chmod', '-R', '777', '/var/www'])
Which I guess is working because it asks me for my sudo password and doesn't throw an error, however when I then reach the rmtree command it still throws a
Permission denied: '/var/www'
What am I doing wrong? Also I need this to work without asking for my sudo password during execution. Is there a way to put my password into the Python script?
Thanks
You need to check the group ownership of that directory, make sure that your username is added to this group which has write permissions to all files in the path:
chmod -R g+w /var/www/
As for the second pat of your question, sudo can read the password from the standard input using the -S flag which can be included in your script. Here's an example:
$ echo "password" | sudo -S <command>
A quick look at the man sudo page:
-S, --stdin
Write the prompt to the standard error and read the password from the
standard input instead of using the terminal device. The password must
be followed by a newline character.
Another way of doing that (which needs to be added to your script as well):
sudo -S <<< "password" command
Another approach is to disable password prompt by editing the sudoers file using the visudo command and add the following line:
username ALL=(ALL) NOPASSWD: ALL
The above line will allow username to run all commands (the last ALL) under any users without prompting for a password.
A secure and more restricted way of doing that is to use:
username ALL=(ALL) NOPASSWD: /usr/bin/python myscript.py
This time, we have limited the username for that type of execution but for a single command /usr/bin/python myscript.py.
I'd also prefer checking the permissions carefully and testing these commands directly from the shell before using it in your python script. It could save you a lot of time of troubleshooting.
I had to push an .exe file to heroku to be able to create invoice pdfs. It works localy without any problems but on heroku I get an error:
OSError: [Errno 13] Permission denied
Probably because I am not allowed to execute .exe files. So I need somehow to create a rule that this file is allowed to execute.
I pushed wkhtmltopdf.exe to heroku and I access this file in my method to create a pdf:
MYDIR = os.path.dirname(__file__)
path_wkthmltopdf = os.path.join(MYDIR + "/static/executables/", "wkhtmltopdf.exe")
config = pdfkit.configuration(wkhtmltopdf=path_wkthmltopdf)
Was not able to find a solution yet.
EDIT:
Tryed giving permission with chmod through heroku bash and also adding a linux executable but still the same error:
~/static/executables $ chmod a+x wkhtmltopdf-linux.exe
~ $ chmod a+x static/executables/wkhtmltopdf-linux.exe
Using sudo gave me:
bash: sudo: command not found
I'm not very familiar with heroku, but if you can somehow get access to terminal of environment of your application (for example ssh to your server), you need to change permissions of that file so it can be executed. To do that, you need to run in that terminal:
sudo chmod a+x /path/to/file/FILENAME
Also,i'm pretty sure your app on Heroku runs on Linux, specifically on Ubuntu, since it's the default (link)
It means there might be difficulties with running Windows executables.
Okay I managed to fix this with a buildpack. In addition wkhtmltopdf-pack must be installed and added to the requirements.txt.
Then you have to set a config var in heroku for the wkhtmltopdf executable which will be generated from the files provided in the buildpack. Do not search for an .exe file.
heroku config:set WKHTMLTOPDF_BINARY=wkhtmltopdf-pack
You can see all your config vars also in the heroku dashboard under settings, you can also create it there and not use the CLI.
Then you have to tell the pdfkit configuration where to find the WKHTMLTOPDF_BINARY:
In my config.py:
import subprocess
WKHTMLTOPDF_CMD = subprocess.Popen(
['which', os.environ.get('WKHTMLTOPDF_BINARY', 'wkhtmltopdf')], # Note we default to 'wkhtmltopdf' as the binary name
stdout=subprocess.PIPE).communicate()[0].strip()
For the pdfkit configuration:
config = pdfkit.configuration(wkhtmltopdf=app.config['WKHTMLTOPDF_CMD'])
Now you should be able to create the pdf, example:
the_pdf = pdfkit.from_string("something", False, configuration=config)
Credit to this tutorial:
https://artandlogic.com/2016/12/generating-pdfs-wkhtmltopdf-heroku/
my server having a python script file whose user and group is root and i want this file to be executed by all user as sudo without password.
for this i have added this is in /etc/sudoers
username ALL=(ALL) NOPASSWD: /path/to/file.py
but when execute from other user accept root still prompt for password
i execute file like this
sudo python /path/to/file.py
please help me
In sudoers, the command /path/to/file.py is specified, not python.
Execute the command as follow:
sudo /path/to/file.py
NOTE: Make sure the /path/to/file.py is an executable (have proper permission set, containing shebang line (#!/usr/bin/python ...))
I'm trying to prefill env.password using --initial-password-prompt, but remote is throwing back some strangeness. Let's say that I'm trying to cat a root-owned file as testuser, with 600 permissions on the file. I'm calling sudo('cat /home/testuser/test.txt'), and getting this back:
[testuser#testserver] sudo: cat /home/testuser/test.txt
[testuser#testserver] out: cat: /home/testuser/test.txt: Permission denied
[testuser#testserver] out:
Fatal error: sudo() received nonzero return code 1 while executing!
Requested: cat /home/testuser/test.txt
Executed: sudo -S -p 'sudo password:' -u "testuser" /bin/bash -l -c "cat /home/testuser/test.txt"
Is that piping the prompt right back into the input? I tried using sudo() with pty=False to see if it was an issue with the pseudoterminal, but to no avail.
Here's the weird part: calling run('sudo cat /home/testuser/test.txt') and invoking fab without --initial-password-prompt passes back a password prompt from remote, and on entering the password, everything works fine.
Naturally, running ssh -t testuser#testserver 'sudo cat /home/user/test.txt' prompts for a password and returns the contents of the file correctly. Do I have an issue with my server's shell config, or is the issue with how I'm using sudo()?
Down the line, I'm likely to set up a deploy user with no-password sudo and restricted commands. That'll probably moot the issue, but I'd like to figure this one out if possible. I'm running an Ubuntu 14.10 VPS, in case that's relevant.
Oh, my mistake. I had foolishly set env.sudo_user to my deploy user testuser, thinking that it was specifying the invoking user on remote. In fact, it was specifying the target user, and I was attempting to sudo into myself. Whoops.