By default, most distros will require the user to provide a password when executing a command with the security privileges of another user. This behavior takes place typically when a user wishes to execute some command as the superuser or root by using the
By its very nature, the scripts run by the Octopus Deploy run in the background without any opportunity for a password prompt and so executing an innocuous sudo command such as
sudo echo "I HAVE THE POWER"
will result in the script failing with
exit code 1 and the message to stderr:
sudo: no tty present and no askpass program specified
in Ubuntu, and:
sudo: sorry you must have a tty to run sudo
in Red Hat
Enabling sudo command
The recommended way to enable these commands to be run is to disable the password prompt for the user account used for deployments.
Disable password prompt
Running the following command (from a shell with interactive mode so you can enter any required passwords) adds a file that is read conjunction with the sudoers file to configure valid sudo policies.
sudo visudo -f /etc/sudoers.d/octopus
add the following line to this file, substituting
<username> with the appropriate user used by the Octopus Deploy.
<username> ALL=(ALL) NOPASSWD:ALL
further information regarding how this file is used and how to make the configuration more precise can be found at the following links.
If you are using a distro such as Ubuntu, you should now be able to utilize the sudo command throughout your scripts.
Some distros however, such as Centos and its derivatives, require the following further steps to be taken.
Although the sudo may no longer require a password, some distros are configured by default to still require interactive input, or tty, when running sudo.
To disable this, edit your
/etc/sudoers file and change the line
Alternatively you can make this configuration more precise by targeting specific users or groups as outlined at How to disable requiretty for a single command in sudoers. (By default the Ubuntu does not contain this configuration and this modification should not be required)
Be Selective with Permissions
Ideally your Octopus Deploy ssh endpoint should be configured with a special user solely for the purposes of running deployments. In this case you should consider configuring just that user's sudo capabilities to be limited to those commands needed to execute the deployment scripts.
Different Distributions use Different Conventions
While the above instructions should work on common platforms like Ubuntu or RedHat, you may need to double check the details for specific instructions relating to ssh authentication on target operating system. There are many different Linux based distributions some of which have their own unique way of doing things. For this reason we cannot guarantee that these instructions will work in every case.
Need support? We're here to help.