I have created a Jenkins job today, what it does is the Jenkins user should log into another server and run two commands seperated by &&:
ssh -i /creds/jenkins jenkins#servername.com "sh -c 'sudo su && df'"
The loging part works fine, then it runs the sudo su command and becomes root but it never runs the second command (i.e. df).
I even did this manually and from the Jenkins machine logged into the other server (servername). Then ran sh -c "sudo su && df" with no luck.
Can you please help?
Thanks in advance
If you are trying to run the df command as root, you should instead do sudo df.
This is because with sudo su && df, you are basically executing sudo su first and then df.
Also make sure, your jenkins user can be sudo without password.
The sudo su launches a second shell, and the command containing the && df is waiting to be executed in the non-root shell, just after the sudo su shell exits successfully.
This could be what you're looking for:
sh -c 'sudo su - root -c "df"'
Edit: please note that I don't normally use or advocate the use of sudo su - root -c type of constructions. However, I have seen rare cases in which a program doesn't work properly when called via sudo/gksudo, but does work properly when called via su/gksu -- in such cases, a given user should try to use sudo -i first, and if that does not work, one might have to resort to sudo su - root -c or similar, as a workaround of sorts to deal with a "misbehaving" program. Since the OP used some similar syntax on his post, I assumed that his case could be such a workaround case, so I maintained the sudo su - root -c type of structure on my answer.
when you did sudo su && df , sudo su will start a child process immediately without waiting for the && df part of the command to execute , when you hit Ctrl + D it exits the child process and enters the parent shell , that's when your && df will execute. You should do this using here strings, it might not be the best option but it works and it does not start a new child process
sh -c "sudo su" <<<df
note: don't surround <<< df with any quotes
Related
I'm trying to run a single command on server X, to have that SSH into server Y and run another command
I'm doing this like the below:
sshpass -p 'my_password' ssh -t test-admin#my_ip "sudo su c command_must_be_run_root --arguments"
So to break it down:
I'm using "sshpass" to pass a password into my ssh command
I'm SSH'ing into the new server as the "test-admin" user
once in the server, I am running the command "sudo su command_must_be_run_root --arguments
This "command_must_be_run_root" is a command that has to be run as root only
It also has arguments I have to pass in. However I'm seeing that when I pass in the arguments, it is passing these arguments into the "su" command, and not passing them into the new command I want to run
Any ideas on how to fix this?
For what ever reason when you have a command with arguments you need to actually tell sudo su to login as root. Without logging in first it will run the first part of the command, even with all of it in single quotes, but not the args. (I guess it thinks that is the end of the command or it's only 1 command per sudo su -c, and that is why the persistent login works?). After adding sudo su -l root then you can continue with -c and everything that follows needs single quotes.
Should look like this:
sshpass -p 'my_password' ssh -t test-admin#my_ip "sudo su -l root -c 'command_ran_as_root --arguments'"
I don't think that su command is valid in any case. The syntax of su is su <someuser> [arguments...], so what you've written is going to try running command_must_be_run_root as user c.
I suspect that c is supposed to be -c, in which case you need to quote the arguments to -c, which would solve the problem you're asking about:
sshpass -p 'my_password' ssh -t test-admin#my_ip "sudo su -c 'command_must_be_run_root --arguments'"
But the next question is, if you already have sudo access, why are you bothering with su? You could just write instead:
sshpass -p 'my_password' ssh -t test-admin#my_ip sudo command_must_be_run_root --arguments
SO I have this script that will ssh you onto a new system, switch into a new user, and then I need it to execute three more commands while under that user. This is how I have it setup right now.
ssh -t $7 'cd /home/install/ ; su -c bash install ; tar -xvf [tarball] ; cd [directory] ; ./execute install ; bash'
What it will do is switch my user to the install user, but once there it doesn't execute any of the following commands. Only after I exit out of the install and back into the root user will those final commands run.
So for a tldr; I need a way to run those last three commands as the install user.
Thank you for your time! :)
You have two problems:
1. Your quotes are getting interpreted away
2. You're not using su correctly
If you want su to execute commands as that user, you have to provide them in STDIN, e.g. echo 'cd; ls' | su user. However, to do that, you're going to need to escape some stuff.
If the command you want to run as the user install is:
cmd1; cmd2; cmd3
Therefore, you provide it to su like so:
echo 'cmd1; cmd2; cmd3' | su install
However, you also want to execute it over ssh, which means you have to escape the quotes in the first sequence:
ssh user#host 'echo \'cmd1; cmd2; cmd3\' | su install'
Use sudo instead of su, that is what you need really.
I am at beginner level and I need to use sudo su - and pwd in one command line in script for two different users. (I'm using pwd as an example; the specific command is not important.)
And I am using command sudo su - user -c pwd. This command works when switching to one user, but not when switching to another.
For example:-
$ sudo su - ora -c pwd
/oracle/
$ sudo su - adm -c pwd
Sorry, user myuser is not allowed to execute '/usr/bin/su - adm -c pwd' as root on server.
$
How can I make it work for 'adm' user too?
sudo is used to run a command as somebody else.
By default it runs a command as root.
You can also supply the -u option to run a command as another user.
You really shouldn't need to use sudo and su together as they do similar jobs.
Sudo does this job in a much more controlled and configurable fashion.
Sudo can be configured to control:
Who can use it.
What commands they can run.
Who they can run them as.
Whether they need to supply their password when doing so.
You can only run one command at a time, so if you need to do several things together you will need to write a script. Alternatively you can chain them together in a one liner. Or finally you can run a shell as the user you require. e.g.:
sudo bash
I think in your case you probably want to use:
sudo -u adm anycommand
this is probably a really simple question. I apologize if it is a duplicate.
I want to know how to remove sudo permissions for one particular command. I've created a script that installs a bunch of .deb packages and it needs sudo to do that, but one command in it needs to run without sudo permissions, so how would I do that? I'm using Ubuntu and this is a bash script.
I'm calling my script: ROS_install
Here is part of the script:
sudo dpkg -i /home/forklift/Desktop/ROS/ros-hydro-laser-proc_0.1.3-0precise-20131015-2054-+0000_amd64.deb
sudo dpkg -i /home/forklift/Desktop/ROS/ros-hydro-urg-c_1.0.403-0precise-20131010-0128-+0000_amd64.deb
sudo rosdep init
sleep 2
rosdep update
The command "rosdep update" needs to be run without sudo permissions. I assumed that it was already, but I get a warning every time I run the script, and thus get locked out of the command after installation.
Rather than give the entire script elevated privileges, just give them to the actual commands that need them. That is, rather than
$ sudo my_script
modify my_script to use sudo only on those commands that need it. For instance, if this is your script:
command1
command2
command3
command4
command5
and command3 is the non-sudo command, modify your script to read
sudo command1
sudo command2
command3
sudo command4
sudo command5
In the process, think about whether command1 actually needs to run with sudo, or it it can run just as well without. In that way, you should be able to greatly reduce the number of commands that actually need to be run with sudo in your script.
If your command is running with full privileges, it also has the privilege to demote its own privileges, for good or for the duration of one command, by running su.
touch /privileged
su -c 'cp /privileged /tmp/not' nobody
I assume you are calling your script like:
sudo script.sh
And you do not want all of the commands within the script to run as root.
If your script is like:
apt-get install perl
apt-get install python
mv trash /home/user/
And you only want to run the first two commands as root you can specify a specific user for the third like:
su -c "mv trash /home/user/" user
Where user is the username you want to run the command as.
This will allow you to make a single sudo call at the parent level when you call the script.
If you don't want the username hardcoded, you can use a command like logname to get the username of the user that you are logged in as.
Just adding to the other answers, you can do this:
su -c "command" $SUDO_USER
Which will execute the command as the actual user who typed the sudo command
That's very useful when you are making scripts that require sudo to install something and write something in the user's $HOME
I have a shell script which needs non-root user account to run certain commands and then change the user to root to run the rest of the script. I am using SUSE11.
I have used expect to automate the password prompt. But when I use
spawn su -
and the command gets executed, the prompt comes back with root and the rest of the script does not execute.
Eg.
< non-root commands>
spawn su -
<root commands>
But after su - the prompt returns back with user as root.
How to execute the remaining of the script.
The sudo -S option does not help as it does not run sudo -S ifconfig command which I need to find the IP address of the machine.
I have already gone through these links but could not find a solution:
Change script directory to user's homedir in a shell script
Changing unix user in a shell script
sudo will work here but you need to change your script a little bit:
$ cat 1.sh
id
sudo -s <<EOF
echo Now i am root
id
echo "yes!"
EOF
$ bash 1.sh
uid=1000(igor) gid=1000(igor) groups=1000(igor),29(audio),44(video),124(fuse)
Now i am root
uid=0(root) gid=0(root) groups=0(root)
yes!
You need to run your command in <<EOF block and give the block to sudo.
If you want, you can use su, of course. But you need to run it using expect/pexpect that will enter password for you.
But even in case you could manage to enter the password automatically (or switch it off) this construction would not work:
user-command
su
root-command
In this case root-command will be executed with user, not with root privileges, because it will be executed after su will be finished (su opens a new shell, not changes uid of the current shell). You can use the same trick here of course:
su -c 'sh -s' <<EOF
# list of root commands
EOF
But now you have the same as with sudo.
There is an easy way to do it without a second script. Just put this at the start of your file:
if [ "$(whoami)" != "root" ]
then
sudo su -s "$0"
exit
fi
Then it will automatically run itself as root. Of course, this assumes that you can sudo su without having to provide a password - but that's out of scope of this answer; see one of the other questions about using sudo in shell scripts for how to do that.
Short version: create a block to enclose all commands to be run as root.
For example, I created a script to run a command from a root subdirectory, the segment goes like this:
sudo su - <<EOF
cd rootSubFolder/subfolder
./commandtoRun
EOF
Also, note that if you are changing to "root" user inside a shell script like below one, few Linux utilities like awk for data extraction or defining even a simple shell variable etc will behave weirdly.
To resolve this simply quote the whole document by using <<'EOF' in place of EOF.
sudo -i <<'EOF'
ls
echo "I am root now"
EOF
The easiest way to do that would be to create a least two scripts.
The first one should call the second one with root privileges. So every command you execute in the second script would be executed as root.
For example:
runasroot.sh
sudo su-c'./scriptname.sh'
scriptname.sh
apt-get install mysql-server-5.5
or whatever you need.