host.privilege¶
Posix privilege-elevation mixin.
Shared by the posix-shell hosts (UnixHost,
LocalHost,
DockerContainerHost). Implements the
_elevate hook (run(sudo=True)) plus switch_user / as_user.
sudo auto-answers the password prompt through the
Expect channel (run(expects=[...])) — the
response is written directly by the session machinery and is never logged.
su (and any other registered login proxy) sends its password via
send(..., log=LogMode.NEVER) so it is delivered to stdin without being
emitted to any sink (console, console.log, or verbose.log).
switch_user/as_user route through
perform_switch(), which recursively resolves
via-chains and drives whichever proxy the target cred names (defaulting
to the built-in "su").
The mixin carries no fields and declares __slots__ = () so it composes with
the @dataclass(slots=True) hosts. Password sourcing is host-specific:
_sudo_password defaults to None (passwordless) and
UnixHost overrides it from creds.
_switch_creds defaults to self.creds (or [] when the host has no
creds field), so switch_user/as_user targets resolve against the
same cred list _sudo_password does.
- class otto.host.privilege.PosixPrivilege¶
Bases:
objectMixin:
sudo/suelevation for posix-shell hosts.-
async switch_user(user: str =
'', password: str | None =None) None¶ suthe persistent (default) session to user (default root).Performs the real switch (recursively hopping through any
viachain viaperform_switch()) and then records the new user socurrent_userreflects it. Mutates session state — affects subsequentruncalls until the user exits back.
-
as_user(user: str =
'root', password: str | None =None) AsyncIterator[PosixPrivilege]¶ Run a block as user, returning to the original user on exit.
- async with host.as_user(“root”):
await host.run(“systemctl restart foo”)
Tracks
current_useracross the switch and restores the prior user when the block exits, undoing each applied hop in reverse (innermost first) so a multi-hopviachain unwinds correctly.
-
async switch_user(user: str =