[gull] ssh -> sudo

Cédric BRINER ced at infomaniak.com
Fri Dec 2 20:42:19 CET 2022


Salut à tous,

Je m'étais permis de contacter directement l'auteur de la vidéo et du 
document d'usage de Bash.

Et aussi incroyable qu'il le paraît, il s'est fendu d'une belle réponse 
en anglais que je vous mets ci-dessus.

Bonne lecture.

cED

-- %< -- %< -- %< -- %< -- %< -- %< -- %< -- %< -- %< -- %< -- %< --

Salut Cédric,

I usually like to wrap everything in functions and use declare to bring 
functions and parameters into a new session, especially for anything 
non-trivial.  Your solution of using bash -c with single quotes inside a 
double quote does indeed allow for expansion and for the function to be 
defined inside the root shell, however, it may break if you have single 
quoted elements inside your function or elsewhere in the code you need 
to run.  A safer / more generally applicable method is to do almost the 
same thing but using declare again for each level of session nesting:

ssh external_node "$(declare -f my_function); sudo bash -c "'"$(declare 
-f my_function); my_function"'

Notice the sequence of moving from locally double quoted to locally 
single quoted for the argument to SSH (with no spaces between different 
quoted elements, they all are glued together as one argument), then we 
still need to double quote inside the local single quotes so that 
remotely sudo bash -c gets run with a double quoted argument with the 
declare expansion.  This works, but is a little bit difficult to look 
at; a more elegant solution is to wrap all the remote sudo stuff in its 
own function and just call that:

my_sudo_function () { sudo bash -c "$(declare -f my_function); 
my_function"; }

ssh external_node "$(declare -f my_function my_sudo_function); 
my_sudo_function"

This should produce the same result as above, but looks nicer and is 
more robust / extendable for more complex situations.  Notice that you 
need to make sure both functions are declared in the remote session, so 
that the my_function can be re-declared from the remote user session 
into the remote sudo session.

In my experience, at least so far, double quoted command substitutions 
with declare -f/-p have always faithfully reproduced my functions and 
parameters, no matter the characters and quoting I've used inside them; 
I don't think I would have enough hair to pull out from the frustration 
that would ensue from trying to manually double / single / ansi c quote 
($') complex, nested elements.

Hope that helps!  Thanks for your kind words about my talk, I always 
enjoyed presenting and hoped others would appreciate my focus on the 
Bash shell itself, as I found many other Bash presentations to focus 
primarily on general *nix command line utilities rather than making the 
most of the shell once you are already familiar with the command line in 
general.

If you haven't come across it already, https://youtu.be/BJ0uHhBkzOQ is a 
longer / slightly revised version of the same talk, though longer 
doesn't necessarily mean better, everyone has their own preference. 
Also, I often use bash looping and job control with "session 
portability" to run complex functions across lots of servers in parallel 
and capture the output in a relatively organized manner - if that 
interests you, take a look at http://git.jpnc.info/parssh/tree/pars.sh 
and the README.md in the same dir.  That's all for my shameless plug 😄

James Pannacciulli


More information about the gull mailing list