I have a use case where I don't want the user executing the ansible commands to become root but I do want them to use sudo to do the commands.
probably not possible but i can't find anything that says one way or the other
sudo allows you to specify which commands a given user or group of users is allowed to run as root . For example, my backuppc account can only run two commands as root:
backuppc ALL=(root) /usr/bin/rsync,/sbin/e2label
Related
I have googling around for long time but couldn't actually find a reliable way.
This is what I want:
Use Bash script, check if user is actually root root, not the user with sudo command.
I have tried many ways , like id -u, $EUID, whoami, etc., but all of them return same value when run as root and using sudo.
You could check if there are some environment variables set by sudo:
set | grep SUDO
Output:
SUDO_COMMAND=/bin/bash
SUDO_GID=1000
SUDO_UID=1000
SUDO_USER=user1
I am writing an Ansible playbook to automate a series of sudo commands on various hosts. When I execute these commands individually in puTTY, I have no permission problems, as I have been granted proper access. However, when I attempt to create a playbook to do the same thing, I am told
user is not allowed to execute ... on host_name
For example, if I do $ sudo ls /root/, I have no problem, and, once I enter my password, can see the contents of /root/
In the case of my Ansible playbook ...
---
- host: servers
tasks:
- name: ls /root/
shell: ls /root/
become: true
become_method: sudo
...I then get the error mentioned above.
Any ideas why this would be the case? It seems to be telling me I don't have permission to run a command that I otherwise could run in an individual puTTY terminal.
[ ] automate a series of sudo commands on various hosts. When I execute these commands individually [ ]
Any ideas why this would be the case?
Sounds like you configured specific commands in the sudoers file (unfortunately you did not provide enough details, fortunately you asked for "ideas" not the real cause).
Ansible shell module does not run the command you specify prepended with sudo - it runs the whole shell session with sudo, so the command doesn't match what you configured in sudoers.
Either allow all commands to be run with elevated privileges for the Ansible user, or use raw module instead of shell.
So I have a user, userA on Ubuntu. When the machine starts I want to add a script to /etc/rc0.d called startService
From inside of this script it will start several services using three scripts
startServiceA.sh
startServiceB.sh
startServiceC.sh
I'd like those three scripts to be started from userA, not root. How would I achieve this?
You can use commands like: su, sudo, runuser
Be sure to check the man pages.
This site might be able to help you also
http://www.cyberciti.biz/open-source/command-line-hacks/linux-run-command-as-different-user/
You can run commands inside your startup script with:
sudo -u <username> ....
Note: you will need to to preface every command in the file that you want to run as another user. I'd recommend making a variable at the top of your script like so:
SUDO="sudo -u <username>"
Then just do: $SUDO <command>
If I am in the middle running a bash script, is there any way to switch over to root user, process a command, and then exit root mode? For example, I'd like to include these commands in the middle of a bash script:
sudo su
umount /home/user/myMount
exit
The problem is that after the first line runs, the shell goes into root mode, but then stops execution. Of course, I could create and execute a second script at this point, but this defeats the purpose of scripting since I could just type the commands myself.
The other obvious idea is to run the script from with the root user at the outset. However, some of the other commands in this script fail if I am the root user since they would expose security vulnerabilities with this much access.
So, I need a way to get into the root and then exit out of it.
Thanks.
Specify a Command
The sudo command can take a command and optional arguments. For example:
sudo umount /home/user/myMount
This will run only the specified command and its arguments as root. If you want to run the command as another user, you can use the -u flag. For example, to run umount as Fred, you could use:
sudo -u fred umount /home/user/myMount
While there are certainly other ways to address this issue, this is by far the simplest and most common.
In order to perform the umount as root, use
sudo umount /home/user/myMount
How to run some commands in my installations scripts of deb-package (preinst, postinst, prerm, postrm) not from root but from current user (user that invoked the installation)?
root is the current user. You should never expect that the installation of the package is performed by sudo
You can check the SUDO_USER environment variable for the user that may have invoked the script, if the installation was performed from the context of a simple sudo dpkg -i - sudo may not have been installed, so the installation may have been performed by su, which means that the environment variable will not be set.
If you want to invoke scripts as that user you just invert the sudo - viz:
sudo -u $SUDO_USER -c <command to invoke>
but you need to ensure that you properly know the user that invoked the script - i.e. SUDO_USER could be root!
Typically, though, because you can have an arbitrary number of users on a Linux system, you should not do something like this, as it will leave the system in a state where only one user can use the package. You should create state/configuration on first invocation as the ordinary user.
Finally, don't expect a GUI, don't expect a terminal on the installation if it's just being shipped as a dpkg.
You need to be root in order to install something. If you install per-user configurations, they should normally be installed for all users.
Having said that, look into real vs effective uid.