Use Fabric to execute commands in a restricted shell

Question

I've the following fabfile:

from fabric.api import * 

env.hosts = ['samplehost']
env.user = 'foo'
env.password = 'bar'
env.shell = ''

def exec_ls():
    run('ls')
    run('ls -l')

and I get the following output:

[samplehost] Executing task 'exec_ls'
[samplehost] run: ls
[samplehost] out: sample.txt

[samplehost] run: ls -l
[samplehost] out: rbash: ls -l: command not found

Fatal error: run() encountered an error (return code 127) while executing 'ls -l'

Aborting.
Disconnecting from samplehost... done.

The login shell for user 'foo' is '/bin/rbash'.

It seems that if I execute a command with parameters it is treated as a single command (while 'ls' without parameters works perfectly).

Please note that I've put an empty shell because otherwise Fabric tries to use '/bin/bash' and that's not allowed by he restricted shell.

Is it possible to use Fabric in a restricted shell?

Answer 1

In my environment, using a restricted shell as part of a Pure array, it appears an option would be to pass the argument shell=False to the run function.

Answer 2

-Check the environment of the target-machine with

echo $SHELL

.Hypothetically you get this:

/bin/sh

-Then in your python fabfile.py:

from fabric.api import env

env.shell = "/bin/sh -c"

Answer 3

The problem isn't related to the fact that rbash is being used, but to the the empty value of env.shell. To fix that problem use:

env.shell = '/bin/rbash -l -c'

Note that:

• the default value for env.shell is /bin/bash -l -c, so using /bin/rbash -l -c makes sense
• when env.shell is set to the empty string, the command isn't executed through any shell
• the shell is the one that takes care of splitting long strings into commands and arguments, without the shell all the string is interpreted as a single command that isn't going to be found as it was happening