sshkit icon indicating copy to clipboard operation
sshkit copied to clipboard
verified publisher icon capistrano

ble`within` does not seem to respect `as`

Open cbowdon opened this issue 9 years ago • 3 comments

From the readme, within/as/with should be stackable. But this scenario, that does not work as expected:

require 'sshkit'
require 'sshkit/dsl'

include SSHKit::DSL

# Set up a directory that your user cannot enter
`sudo mkdir -p /tmp/only_root`
`sudo chmod og-rwx /tmp/only_root`

on :local do
  # But root should be able to enter it...
  as :root do
    within '/tmp/only_root' do
      execute :ls # --> Permission denied
    end
  end
end

It looks like within always runs as the user executing the script, which is unexpected. I would have thought that it's done as the user of the enclosing as. I've tried with the local and netssh backends and get the same results.

This is with SSHKit 1.11.3 and Ruby 2.3.1 on Centos 6.

cbowdon avatar Oct 06 '16 14:10 cbowdon

Thanks for the report. You're right, the within is always evaluated first. So if you need to become a different user to enter the directory, it will fail.

The reason for this is that the various DSL methods are executed in a fixed order:

within -> with -> as

This is always the order; the way that you nest them does not have any effect, which I agree is somewhat counterintuitive.

Changing SSHKit's behavior in this regard would be risky for us, because it would affect the commands that are executed for everyone that uses nesting. For now, I would encourage you to find a workaround.

I'll leave this issue open just in case it is something the maintainers want to tackle for a future backwards-incompatible version of SSHKit.

mattbrictson avatar Oct 06 '16 14:10 mattbrictson

Thanks for the prompt response and explanation. I misunderstood the README about them being nestable and stackable in any order as meaning they would also be evaluated in that order. I'm happy finding a workaround, but it would be nice to make the execution order explicit in the README. (Apologies if it is but I didn't find it.)

cbowdon avatar Oct 06 '16 21:10 cbowdon

FYI, the execution order in the code is specified here: https://github.com/capistrano/sshkit/blob/72a39a25302e320306f2d19d0397ad190a678260/lib/sshkit/command.rb#L191-L206

If someone wants to contribute a PR with an explanation for the README, please do!

mattbrictson avatar Oct 06 '16 21:10 mattbrictson