Gem VersionBuild Status Maintainability Test Coverage

Ruby Sudo

Give Ruby objects superuser privileges.

Based on dRuby and sudo.

Only tested with MRI.

Usage

Your user must be allowed, in /etc/sudoers, to run ruby and kill commands as root.

A password may be required from the console, depending on the NOPASSWD options in /etc/sudoers.

Spawns a sudo-ed Ruby process running a DRb server. Communication is done via a Unix socket (and, of course, permissions are set to 0600).

No long-running daemons involved, everything is created on demand.

Access control is entirely delegated to sudo.

Application Code

Let's start with a trivial example:

require 'my_gem/my_class'
require 'sudo'

obj   = MyGem::MyClass.new

# Now, create a Sudo::Wrapper object:
sudo  = Sudo::Wrapper.new

# 'mygem/myclass' will be automatically required in the
# sudo DRb server

# Start the sudo-ed Ruby process:
sudo.start!
sudo[obj].my_instance_method
sudo[MyClass].my_class_method

# Call stop! when finished, otherwise, that will be done
# when the `sudo` object gets garbage-collected.
sudo.stop!

A convienient utility for working with sudo is to use the run method and pass it a block. Run will automatically start and stop the ruby sudo process around the block.

require 'fileutils'
require 'sudo'

Sudo::Wrapper.run do |sudo|
  sudo[FileUtils].mkdir_p '/ONLY/ROOT/CAN/DO/THAT'
end
# Sockets and processes are closed automatically when the block exits

Both Sudo::Wrapper.run and Sudo::Wrapper.new take the same named arguments: ruby_opts (default: '' ) and load_gems (default: true).

If you'd like to pass options to the sudo-spawned ruby process, pass them as a string to ruby_opts.

If you'd like to prevent the loading of gems currently loaded from the calling program, pass false to load_gems. This will give your sudo process a unmodifed environment. The only things required via the sudo process are 'drb/drb', 'fileutils', and of course 'sudo'.

Todo

sudo has a -A option to accept password via an external program (maybe graphical): support this feature.

Credits

Guido De Rosa (@gderosa).

See LICENSE.

Contributors

Dale Stevens (@voltechs)

Robert M. Koch (@threadmetal)

Wolfgang Teuber (@wteuber)

Other aknowledgements

Thanks to Tony Arcieri and Brian Candler for suggestions on ruby-talk.

Initially developed by G. D. while working at @vemarsas.

Contributing

  1. Fork it ( https://github.com/gderosa/rubysu/fork )
  2. Create your feature branch (git checkout -b my-new-feature)
  3. Commit your changes (git commit -am 'Add some feature')
  4. Push to the branch (git push origin my-new-feature)
  5. Create a new Pull Request