diff --git a/interface.json b/interface.json index c733f25..a96d1c2 100644 --- a/interface.json +++ b/interface.json @@ -35,6 +35,9 @@ }, "tempPath": { "type": "string" + }, + "interactiveSudo": { + "type": "boolean" } } }, diff --git a/src/cli.rs b/src/cli.rs index 672568e..af19b02 100644 --- a/src/cli.rs +++ b/src/cli.rs @@ -544,14 +544,16 @@ async fn run_deploy( let mut deploy_defs = deploy_data.defs()?; if node.generic_settings.interactive_sudo.unwrap_or(false) { - info!("Interactive sudo is enabled, you will be prompted for the sudo password for {}.", node.node_settings.hostname); + warn!("Interactive sudo is enabled! Using a sudo password is less secure than correctly configured SSH keys.\nPlease use keys in production environments."); + info!("You will now be prompted for the sudo password for {}.", node.node_settings.hostname); let sudo_password = rpassword::prompt_password(format!("(sudo for {}) Password: ", node.node_settings.hostname)).unwrap_or("".to_string()); deploy_defs.sudo_password = Some(sudo_password); - + + // this instructs sudo to hide the password prompt and accept input from stdin if let Some(original) = deploy_defs.sudo.clone() { if !original.contains("-S") { - deploy_defs.sudo = Some(format!("{} -S -p \"\"", original)); + deploy_defs.sudo = Some(format!("{} -S -p \"\"", original)); } } else { deploy_defs.sudo = Some("sudo -S -p \"\"".to_string()); diff --git a/src/lib.rs b/src/lib.rs index be283b2..61fac6a 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -451,6 +451,9 @@ pub fn make_deploy_data<'a, 's>( if let Some(activation_timeout) = cmd_overrides.activation_timeout { merged_settings.activation_timeout = Some(activation_timeout); } + if let Some(interactive_sudo) = cmd_overrides.interactive_sudo { + merged_settings.interactive_sudo = Some(interactive_sudo); + } DeployData { node_name,