Copy a file from local to remote root-only folder (/usr/local/bin) using Paramiko?

Issue

I need to copy a file from local to remote /usr/local/bin. I am already using paramiko for some other copy actions.

I saw some solutions online on how to avoid the permission error:

All these solutions:

  • changing who owns the directory
  • adding a user to the group of the directory
  • creating a new group and changing the group on the directory
  • changing the owner
  • Changing the r/w permissions of owner,group, or public.

Don’t feel right when working with /user/local/bin.

I also have the option to just copy the file to ~/file to later on move it using an ansible script (which is executed on the remote anyway), but splitting the copying process feels wrong, too.

Directly logging into sudo would be possible since I can enable remote root login, but that sounds like a security issue.

Solution

You need to login with the root to have access to folders that require the root access.

For a general discussion on this topic (and why direct root login is not such security problem as commonly believed), see
Allowing automatic command execution as root on Linux using SSH


If your server does not allow direct root login (and you did try to make it happen), you have to find some workaround. Paramiko won’t (cannot) help you anyhow with bypassing server’s security mechanisms.

Some options:

  • Upload the files to a folder you have a wrote access too, and then automate shell commands (via sudo/su) to copy the files to the final root-only destination.
  • Run Paramiko SFTP via sudo/su. You would have to implement an alternative to SFTPClient.from_transport that will call something like chan.exec_command('sudo su -c /bin/sftp-server') instead of chan.invoke_subsystem("sftp").

Answered By – Martin Prikryl

This Answer collected from stackoverflow, is licensed under cc by-sa 2.5 , cc by-sa 3.0 and cc by-sa 4.0

Leave a Reply

(*) Required, Your email will not be published