- 论坛徽章:
- 0
|
本帖最后由 angle4 于 2011-08-03 12:26 编辑
通过mount nfs服务器上的tools目录,adb, fastboot可以以root权限运行.
但,mount, apt-get 等命令必须要uid == 0才行.
现在的方案:
adb, fastboot等命令放到nfs上,$ chmod 4755 *, 修改客户端/etc/fstab.
其他命令还是/etc/sudoers.
为了批量操作,写个脚本.
$ git clone git://github.com/wallunit/ssh4py
$ cd ssh4py && python setup.py build && sudo python setup.py install
- #!/usr/bin/env python
- # -*- coding: utf-8 -*-
- import sys
- import socket
- import libssh2
- def get_channel(session):
- try:
- channel = session.channel()
- except libssh2.Error, e:
- if e.errno == libssh2.ERROR_EAGAIN:
- return None
- raise
- return channel
- def channel_execute(channel, command):
- try:
- channel.execute(command)
- except libssh2.Error, e:
- if e.errno == libssh2.ERROR_EAGAIN:
- return True
- raise
- return False
- def channel_read_to_end(channel):
- stdout = ''
- stderr = ''
- while not channel.eof:
- # Read a chunk of up to 1024 bytes from stdout.
- try:
- data = channel.read(1024)
- if data:
- stdout = stdout + data
- except libssh2.Error, e:
- if e.errno == libssh2.ERROR_EAGAIN:
- return None
- raise
- # Read a chunk of up to 1024 bytes from stderr.
- try:
- data = channel.read(1024, libssh2.STDERR)
- if data:
- stderr = stderr + data
- except libssh2.Error, e:
- if e.errno == libssh2.ERROR_EAGAIN:
- return None
- raise
- out = { 'stdout' : stdout, 'stderr' : stderr }
- return out
- def get_execute_output(channel, s):
- data = channel_read_to_end(channel)
- if channel.get_exit_status() == 0:
- print data['stdout']
- print '\tchanged ' + s + ' done.'
- else:
- print data['stderr']
- print '\tfailed in changing ' + s
- channel.wait_closed()
- def change_apt_sources(session):
- # change /etc/apt/sources.list
- my_cmd = "echo '" + my_sourceslist + "' > /etc/apt/sources.lis"
- channel = get_channel(session)
- channel_execute(channel, my_cmd)
- get_execute_output(channel, '/etc/apt/sources.list')
- def change_sudoers(session):
- my_cmd = "echo '" + my_sudoers + "' > /etc/sudoers"
- channel = get_channel(session)
- channel_execute(channel, my_cmd)
- get_execute_output(channel, '/etc/sudoers')
- def change_password(session, user, passwd):
- my_cmd = 'echo "' + user + ':' + passwd + '"' + ' | chpasswd'
- channel = get_channel(session)
- channel_execute(channel, my_cmd)
- get_execute_output(channel, 'change password for' + user)
-
- # changed /etc/sudoers
- my_sudoers = '''# /etc/sudoers
- #
- # This file MUST be edited with the 'visudo' command as root.
- #
- # See the man page for details on how to write a sudoers file.
- #
- Defaults env_reset
- # Host alias specification
- # User alias specification
- # Cmnd alias specification
- Cmnd_Alias KILL = /bin/kill
- Cmnd_Alias PKG = /usr/bin/apt-get, /usr/bin/dpkg
- Cmnd_Alias SHUTDOWN = /sbin/shutdown, /sbin/reboot, /sbin/halt
- Cmnd_Alias NETOP = /sbin/ifconfig, /usr/sbin/tcpdump
- Cmnd_Alias MOUNT = /bin/mount, /bin/umount
- # configuration edit by vim
- Cmnd_Alias VIMAPT = /usr/bin/vim /etc/apt/sources.list
- Cmnd_Alias VIMHOSTS = /usr/bin/vim /etc/hosts
- Cmnd_Alias VIMRESOLV = /usr/bin/vim /etc/resolv.conf
- Cmnd_Alias VIMUDEV = /usr/bin/vim /etc/udev/rules.d/51-android.rules
- Cmnd_Alias VIMFSTAB = /usr/bin/vim /etc/fstab
- Cmnd_Alias VIMXIM = /usr/bin/vim /usr/lib/gtk-2.0/2.10.0/immodule-files.d/libgtk2.0-0.immodules
- # configuration edit by gedit
- Cmnd_Alias GEDITAPT = /usr/bin/gedit /etc/apt/sources.list
- Cmnd_Alias GEDITHOSTS = /usr/bin/gedit /etc/hosts
- Cmnd_Alias GEDITRESOLV = /usr/bin/gedit /etc/resolv.conf
- Cmnd_Alias GEDITUDEV = /usr/bin/gedit /etc/udev/rules.d/51-android.rules
- Cmnd_Alias GEDITFSTAB = /usr/bin/gedit /etc/fstab
- Cmnd_Alias GEDITXIM = /usr/bin/gedit /usr/lib/gtk-2.0/2.10.0/immodule-files.d/libgtk2.0-0.immodules
- # command list
- Cmnd_Alias EXECCMDLIST = KILL, PKG, SHUTDOWN, NETOP, MOUNT
- Cmnd_Alias NOEXECCMDLIST = VIMAPT, VIMHOSTS, VIMRESOLV, VIMUDEV, VIMFSTAB, \
- GEDITAPT, GEDITHOSTS, GEDITRESOLV, GEDITUDEV, GEDITFSTAB
- # User privilege specification
- root ALL=(ALL) ALL
- # Allow members of group sudo to execute any command after they have
- # provided their password
- # (Note that later entries override this, so you might need to move
- # it further down)
- %sudo ALL=(ALL) ALL
- #
- #includedir /etc/sudoers.d
- # Members of the admin group may gain root privileges
- %admin ALL=(ALL) ALL
- %cdgroup ALL = EXECCMDLIST, NOEXEC: NOEXECCMDLIST'''
- my_sourceslist = '''# our local repository
- deb http://company-mirror/ubuntu lucid main restricted universe multiverse
- deb-src http://company-mirror/ubuntu lucid main restricted universe multiverse
- deb http://company-mirror/ubuntu lucid-updates main restricted universe multiverse
- deb-src http://company-mirror/ubuntu lucid-updates main restricted universe multiverse
- deb http://company-mirror/ubuntu lucid-security main restricted universe multiverse
- deb-src http://company-mirror/ubuntu lucid-security main restricted universe multiverse'''
- # get ip list
- NETWORK = '172.x.x.'
- IP_START = x
- IP_END = x
- IP_LIST = []
- USER = 'root'
- PASS = 'secret'
- DONE_LIST = []
- for x in range(IP_START, IP_END+1):
- IP_LIST.append(NETWORK + str(x))
- for x in IP_LIST:
- print 'login ' + x
- # connect to each machine
- try:
- sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
- sock.connect((x, 22))
- except:
- continue
- session = libssh2.Session()
- session.startup(sock)
- # login
- session.userauth_password(USER, PASS)
- # change root's passwd
- change_password(session, 'root', 'newpasswd')
- # change others ...
- print x + ' done.'
- DONE_LIST.append(x)
- print DONE_LIST
复制代码 |
|