问题
I want connect to my Ubuntu server using a service account but perform file transfer operations on behalf of another user. My sshd_config has the following content (among other stuff):
PubKeyAuthentication yes
PasswordAuthentication yes
Subsystem sftp /usr/lib/openssh/sftp-server
I have tried the following code but without any success:
t = paramiko.Transport(('<address>', <port>))
t.connect(username='serviceAccount', password='<password>')
channel = t.open_session()
channel.exec_command('sudo su -l <other user> -c /usr/lib/openssh/sftp-server')
sftp = t.open_sftp_client()
file = sftp.file("<some path>", "w", bufsize=...)
file.write(...)
file.close()
sftp.close()
channel.close()
t.close()
This is the error I see when I run this code:
IOError: [Errno 13] Permission denied
回答1:
First, automating su or sudo is not the correct solution.
The correct solution is to login directly with the account you need to use.
Anyway, open_sftp_client and exec_command run on two different SSH channels. So your code cannot work, as the sftp operates on non-elevated session, that's not affected by the exec_command at all.
There's no explicit support for running SFTP with su in Paramiko (as that approach is wrong and hardly standardized).
You would have to implement an alternative to SFTPClient.from_transport that will call your exec_command instead of invoke_subsystem.
来源:https://stackoverflow.com/questions/50035927/running-an-sftp-operation-as-a-different-user-via-python-paramiko