From c8e24a55cf4dd62de174014ea2ef434c1bc4847c Mon Sep 17 00:00:00 2001
From: Lance Edgar <ledgar@techsupport.coop>
Date: Fri, 22 Feb 2019 15:28:06 -0600
Subject: [PATCH] Prevent default use of shell when running commands as
 postgres

so that our sudoers config can work as expected
---
 rattail_fabric/postgresql.py | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/rattail_fabric/postgresql.py b/rattail_fabric/postgresql.py
index 0c80a45..7214d5a 100644
--- a/rattail_fabric/postgresql.py
+++ b/rattail_fabric/postgresql.py
@@ -59,7 +59,7 @@ def sql(sql, database='', port=None):
     cmd = 'psql {port} --tuples-only --no-align --command="{sql}" {database}'.format(
         port='--port={}'.format(port) if port else '',
         sql=sql, database=database)
-    return sudo(cmd, user='postgres')
+    return sudo(cmd, user='postgres', shell=False)
 
 
 def script(path, database='', port=None, user=None, password=None):
@@ -75,7 +75,7 @@ def script(path, database='', port=None, user=None, password=None):
 
     else: # run as postgres
         kw = dict(port=port, path=path, db=database)
-        return sudo("psql {port} --file='{path}' {db}".format(**kw), user='postgres')
+        return sudo("psql {port} --file='{path}' {db}".format(**kw), user='postgres', shell=False)
 
 
 def user_exists(name, port=None):
@@ -95,7 +95,7 @@ def create_user(name, password=None, port=None, checkfirst=True, createdb=False)
             port='--port={}'.format(port) if port else '',
             createdb='--{}createdb'.format('' if createdb else 'no-'),
             name=name)
-        sudo(cmd, user='postgres')
+        sudo(cmd, user='postgres', shell=False)
         if password:
             set_user_password(name, password, port=port)
 
@@ -125,7 +125,7 @@ def create_db(name, owner=None, port=None, checkfirst=True):
             port='--port={}'.format(port) if port else '',
             owner='--owner={}'.format(owner) if owner else '',
             name=name)
-        sudo(cmd, user='postgres')
+        sudo(cmd, user='postgres', shell=False)
 
 
 def create_schema(name, dbname, owner='rattail', port=None):
@@ -141,7 +141,7 @@ def drop_db(name, checkfirst=True):
     Drop a PostgreSQL database.
     """
     if not checkfirst or db_exists(name):
-        sudo('dropdb {}'.format(name), user='postgres')
+        sudo('dropdb {}'.format(name), user='postgres', shell=False)
 
 
 def download_db(name, destination=None, port=None, exclude_tables=None):
@@ -156,7 +156,7 @@ def download_db(name, destination=None, port=None, exclude_tables=None):
         name=name,
         port='--port={}'.format(port) if port else '',
         exclude_tables='--exclude-table-data={}'.format(exclude_tables) if exclude_tables else '')
-    sudo(cmd, user='postgres')
+    sudo(cmd, user='postgres', shell=False)
     run('gzip --force {0}.sql'.format(name))
     get('{0}.sql.gz'.format(name), destination)
     run('rm {0}.sql.gz'.format(name))
@@ -193,5 +193,5 @@ def clone_db(name, owner, download, user='rattail', force=False, workdir=None):
 
     # restore database on target server
     run('gunzip --force {}.sql.gz'.format(name))
-    sudo('psql --echo-errors --file={0}.sql {0}'.format(name), user='postgres')
+    sudo('psql --echo-errors --file={0}.sql {0}'.format(name), user='postgres', shell=False)
     run('rm {}.sql'.format(name))