- From: Mike Mazur <
>
- To:
- Subject: [chef] Re: Re: Re: Execute resource - keeping SSH_AUTH_SOCK environment variable
- Date: Wed, 5 Jan 2011 07:48:15 +0800
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type:content-transfer-encoding; b=FpEsC3P8lsnRkxNmq7/D1Qr8WRqdCOZ5IrWVm5nhFDjqQ6kmVmC+2Vzhv3aeAUUkBF UnWjJnZL8bYhUkvEDmUaFmhPJbu59OlcEg0yRPLB5Z2WGQ1BQo6g0Ko4rBXJE/LRlg1g zCu2YYVYrzpDlnPWTAlH1ETCoO+Sv3nSI3Ays=
Hi,
On Wed, Jan 5, 2011 at 07:35, Joe Van Dyk
<
>
wrote:
>
On Tue, Jan 4, 2011 at 3:40 AM, Mike Mazur
>
<
>
>
wrote:
>
> On Tue, Jan 4, 2011 at 17:33, Joe Van Dyk
>
> <
>
>
> wrote:
>
>> If I'm logged on as user1 with my SSH_AUTH_SOCK environment variable
>
>> set, and I run chef-solo which runs a command as user2, how can I have
>
>> user2's command be able to access the SSH_AUTH_SOCK?
>
>
>
> The execute resource has an environment attribute:
>
>
>
> http://wiki.opscode.com/display/chef/Resources#Resources-Execute
>
>
>
> You could use it like this:
>
>
>
> execute "/path/to/some/command" do
>
> user "user2"
>
> environment ({"SSH_AUTH_SOCK" => ENV['SSH_AUTH_SOCK']})
>
> end
>
>
That doesn't seem to fix the permissions though, you'd have to have
>
that user have access to both the directory the file is in and the
>
file itself.
Ah yes, re-reading your email I realize you need access to the socket,
not just the value in the environment variable.
>
Does ENV['SSH_AUTH_SOCK'] get evaluated when the recipe is actually
>
running then?
I think you're right on that, too.
>
I worked around it by chowning everything in "/tmp/ssh-*" to the user
>
running the command, but that really is terrible.
How are you running this command as user2, with the "user 'user2'"
attribute in the execute resource? I wonder if prefixing your command
with 'sudo -u user2' would work better?
Mike
Archive powered by MHonArc 2.6.16.