$.sudo
$.sudo starts an interactive sudo session for a with block. It handles the password prompt and leaves the elevated console when the block finishes.
Run commands as root
from getpass import getpass
password = getpass("sudo password: ")
with $.sudo(password=password):
$whoami
assert $.stdout.strip() == "root"
$systemctl restart nginx
For an account allowed to run the required commands without a password:
with $.sudo():
$id -u
The host’s sudoers policy controls the result. SSHScript cannot bypass that policy.
Run as a named account
with $.sudo(password=password, username="www-data"):
$whoami
$touch /var/www/example/cache-warmed
The password, if requested, is normally that of the current account, not the target account.
Remote use
from getpass import getpass
with $.connect("ops@example.net"):
password = getpass("sudo password on example.net: ")
with $.sudo(password=password):
$systemctl status nginx
$journalctl -u nginx -n 20
The inner block returns to the remote login account; the outer block then returns to the local session.
Options
$.sudo(password=None, username=None, expect=None, initials=None, shell=True, login=True, get_pty=True)
| Option | Purpose |
|---|---|
password | Value sent when sudo prompts. |
username | Permitted target account. |
expect | Prompt text for a non-standard sudo prompt. |
initials | Initial input to send after entering the console. |
login | Request login-style account handling; default True. |
shell | Use the normal interactive shell; default True. |
get_pty | Request a pseudo-terminal; default True. |
Interactive privilege systems often require a pseudo-terminal. It is enabled by default; retain get_pty=True if the host enforces a TTY requirement. Use expect= only for customised prompts.
Combine with su
with $.su("deploy", password=deploy_password):
with $.sudo(password=deploy_password):
$whoami
Here sudo authenticates as deploy, because it is the active account. See $.su for changing identity before elevation.
Security
Never hard-code production passwords. Prefer narrowly scoped sudoers rules, SSH keys, and a secret manager or getpass for interactive use.