Ruby Sudo
Give Ruby objects superuser privileges.
Only tested with MRI.
Usage
Your user must be allowed, in /etc/sudoers
, to run ruby
and kill
commands as root.
A password may be required from the console, depending on the
NOPASSWD
options in /etc/sudoers
.
Spawns a sudo-ed Ruby process running a
DRb server. Communication is
done via a Unix socket (and, of course, permissions are set to 0600
).
No long-running daemons involved, everything is created on demand.
Access control is entirely delegated to sudo
.
Application Code
Let's start with a trivial example:
require 'my_gem/my_class'
require 'sudo'
obj = MyGem::MyClass.new
# Now, create a Sudo::Wrapper object:
sudo = Sudo::Wrapper.new
# 'mygem/myclass' will be automatically required in the
# sudo DRb server
# Start the sudo-ed Ruby process:
sudo.start!
sudo[obj].my_instance_method
sudo[MyClass].my_class_method
# Call stop! when finished, otherwise, that will be done
# when the `sudo` object gets garbage-collected.
sudo.stop!
A convienient utility for working with sudo is to use the run
method and pass it a block.
Run will automatically start and stop the ruby sudo process around the block.
require 'fileutils'
require 'sudo'
Sudo::Wrapper.run do |sudo|
sudo[FileUtils].mkdir_p '/ONLY/ROOT/CAN/DO/THAT'
end
# Sockets and processes are closed automatically when the block exits
Both Sudo::Wrapper.run
and Sudo::Wrapper.new
take the same named arguments: ruby_opts
(default: ''
) and load_gems
(default: true
).
If you'd like to pass options to the sudo-spawned ruby process, pass them as a string to ruby_opts
.
If you'd like to prevent the loading of gems
currently loaded from the calling program, pass false
to load_gems
. This will give your sudo process a unmodifed environment. The only things required via the sudo process are 'drb/drb'
, 'fileutils'
, and of course 'sudo'
.
Todo
sudo
has a -A
option to accept password via an external program (maybe
graphical): support this feature.
Credits
Author and Copyright
Guido De Rosa (@gderosa).
See LICENSE.
Contributors
Dale Stevens (@voltechs)
Robert M. Koch (@threadmetal)
Wolfgang Teuber (@wteuber)
Other aknowledgements
Thanks to Tony Arcieri and Brian Candler for suggestions on ruby-talk.
Initially developed by G. D. while working at @vemarsas.
Contributing
- Fork it ( https://github.com/gderosa/rubysu/fork )
- Create your feature branch (
git checkout -b my-new-feature
) - Commit your changes (
git commit -am 'Add some feature'
) - Push to the branch (
git push origin my-new-feature
) - Create a new Pull Request