Initial POC

Works fine so long as the GID of the sudo_user matches the GID of the user executing sudo -- i.e., the 'user' setting in the roster.
2025-04-17 10:10:20 +00:00 · 2016-08-05 02:33:01 +09:00 · 2016-08-05 02:33:01 +09:00 · ae04e7aaeb
commit ae04e7aaeb
parent 4967ed275f
3 changed files with 16 additions and 3 deletions
--- a/salt/client/ssh/init.py
+++ b/salt/client/ssh/init.py
@ -126,6 +126,9 @@ SUDO=""
 if [ -n "{{SUDO}}" ]
 then SUDO="sudo "
 fi
+if [ "$SUDO" ]
+then SUDO="sudo -u {{SUDO_USER}}"
+fi
 EX_PYTHON_INVALID={EX_THIN_PYTHON_INVALID}
 PYTHON_CMDS="python27 python2.7 python26 python2.6 python2 python"
 for py_cmd in $PYTHON_CMDS
@ -229,6 +232,10 @@ class SSH(object):
                'ssh_sudo',
                salt.config.DEFAULT_MASTER_OPTS['ssh_sudo']
            ),
+            'sudo_user': self.opts.get(
+                'ssh_sudo_user',
+                salt.config.DEFAULT_MASTER_OPTS['ssh_sudo_user']
+            ),
            'identities_only': self.opts.get(
                'ssh_identities_only',
                salt.config.DEFAULT_MASTER_OPTS['ssh_identities_only']
@ -609,6 +616,7 @@ class Single(object):
            mine=False,
            minion_opts=None,
            identities_only=False,
+            sudo_user=None,
            **kwargs):
        # Get mine setting and mine_functions if defined in kwargs (from roster)
        self.mine = mine
@ -656,7 +664,8 @@ class Single(object):
                'sudo': sudo,
                'tty': tty,
                'mods': self.mods,
-                'identities_only': identities_only}
+                'identities_only': identities_only,
+                'sudo_user': sudo_user}
        self.minion_opts = opts.get('ssh_minion_opts', {})
        if minion_opts is not None:
            self.minion_opts.update(minion_opts)
@ -889,6 +898,7 @@ class Single(object):
        Prepare the command string
        '''
        sudo = 'sudo' if self.target['sudo'] else ''
+        sudo_user = self.target['sudo_user']
        if '_caller_cachedir' in self.opts:
            cachedir = self.opts['_caller_cachedir']
        else:
@ -927,10 +937,10 @@ ARGS = {10}\n'''.format(self.minion_config,
                         self.argv)
        py_code = SSH_PY_SHIM.replace('#%%OPTS', arg_str)
        py_code_enc = py_code.encode('base64')
-
        cmd = SSH_SH_SHIM.format(
            DEBUG=debug,
            SUDO=sudo,
+            SUDO_USER=sudo_user,
            SSH_PY_CODE=py_code_enc,
            HOST_PY_MAJOR=sys.version_info[0],
        )
--- a/salt/client/ssh/shell.py
+++ b/salt/client/ssh/shell.py
@ -58,7 +58,8 @@ class Shell(object):
            sudo=False,
            tty=False,
            mods=None,
-            identities_only=False):
+            identities_only=False,
+            sudo_user=None):
        self.opts = opts
        self.host = host
        self.user = user
--- a/salt/config.py
+++ b/salt/config.py
@ -705,6 +705,7 @@ VALID_OPTS = {
    'ssh_passwd': str,
    'ssh_port': str,
    'ssh_sudo': bool,
+    'ssh_sudo_user': str,
    'ssh_timeout': float,
    'ssh_user': str,
    'ssh_scan_ports': str,
@ -1200,6 +1201,7 @@ DEFAULT_MASTER_OPTS = {
    'ssh_passwd': '',
    'ssh_port': '22',
    'ssh_sudo': False,
+    'ssh_sudo_user': '',
    'ssh_timeout': 60,
    'ssh_user': 'root',
    'ssh_scan_ports': '22',