从 Python 运行的 bash 脚本达到 sudo 超时
[英]bash script that is run from Python reaches sudo timeout
问题描述
This is a long bash script (400+ lines ) that is originally invoked from a django app like so -
这是一个很长的 bash 脚本(400+ 行),最初是从 django 应用程序调用的,如下所示 -
os.system('./bash_script.sh &> bash_log.log')
It stops on a random command in the script.它在脚本中的随机命令上停止。 If the order of commands is changed, it hangs on another command in approx.如果命令的顺序发生变化,它会挂在大约另一个命令上。 the same location.同一个位置。
ssh ing to the machine that runs the django app, and running sudo./bash_script.sh , asks for a password and then runs all the way. ssh连接到运行 django 应用程序并运行sudo./bash_script.sh的机器,要求输入密码,然后一直运行。
I can't see the message it presents when it hangs in the log file, couldn't make it redirect there.当它挂在日志文件中时,我看不到它显示的消息,无法让它重定向到那里。 I assume it's a sudo password request.我认为这是一个 sudo 密码请求。
Tried -试过 -
-
sudo -vin the script - didn't help.脚本中的sudo -v- 没有帮助。 -
sshto the machine and manually extend the sudo timeout in/etc/sudoers- didnt help, I think since the django app is already in the air and uses the previos timeout.ssh到机器并手动延长/etc/sudoers中的 sudo 超时 - 没有帮助,我认为因为 django 应用程序已经在空中并使用 previos 超时。 - splitting the script in two, and running one in separate thread, like so -将脚本一分为二,并在单独的线程中运行一个,就像这样 -
def basher(command, log_path):
with open(log_path) as log:
Popen(command, stdout=log, stderr=log).wait()
script_thread = Thread(target=basher, args=('bash_script_pt1.sh', 'bash_log_pt1.log'))
script_thread.start()
os.system('./bash_script_pt2.sh &> bash_log_pt2.log') # I know it's deprecated, not sure if maybe it's better in this case
script_thread.join()
The logs showed that part 1 ended ok, but part 2 still hangs, albeit later in the code than when they were together.日志显示第 1 部分结束正常,但第 2 部分仍然挂起,尽管在代码中比它们在一起时晚。
I thought to edit /etc/sudoers from inside the Python code, and then re-login via su - user .我想从 Python 代码中编辑/etc/sudoers ,然后通过su - user重新登录。 There are snippets of how to pass the password using pty , however I don't understand the mechanics of it and could not get it to work.有一些关于如何使用pty传递密码的片段,但是我不了解它的机制,也无法让它工作。
I also noted that ps aux | grep bash_script.sh我还注意到ps aux | grep bash_script.sh ps aux | grep bash_script.sh shows that the script is being run twice. ps aux | grep bash_script.sh显示脚本正在运行两次。 As -作为 -
/bin/bash bash_script.sh
and as并作为
sh -c bash_script.sh . sh -c bash_script.sh 。
I assume os.system has an internal shell=True going on.我假设os.system有一个内部shell=True正在进行。
I don't understand the Linux entities/mechanics in play to figure out what's happening.我不明白 Linux 实体/机制在起作用以弄清楚发生了什么。
1 个解决方案
解决方案1
0 2022-08-15 20:19:53
My guess is that the django app has different and more limited permissions, than the script itself does, and the script is inheriting said restrictions because it is being executed by it.我的猜测是 django 应用程序与脚本本身相比具有不同且更有限的权限,并且脚本继承了上述限制,因为它正在由它执行。
You need to find out what permissions the script has when you run it just from bash, and what it has when you run it via django, and then figure out what the difference is.您需要找出仅从 bash 运行脚本时的权限,以及通过 django 运行时的权限,然后弄清楚有什么区别。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.