I try to run command as other user in Ubuntu. But it cannot find the command.
$ sudo su - hbase -c "echo $JAVA_HOME"
/usr/local/jdk
$ sudo su - hbase -c "echo $PATH"
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/usr/local/jdk/bin
$ sudo su - hbase -c "java -version"
-su: java: command not found
$ sudo su - hbase -c "/usr/local/jdk/bin/java -version"
java version "1.8.0_91"
Java(TM) SE Runtime Environment (build 1.8.0_91-b14)
Java HotSpot(TM) 64-Bit Server VM (build 25.91-b14, mixed mode)
I tested in centos, there is no problem. I don't know why? And how can I run java in other user?
My JAVA_HOME is set in /etc/bash.bashrc, and Ubuntu version is ubuntu server 14.04.1.
Actually, I'm trying to start/stop hbase in hadoop user in
$ sudo su - hbase -c "/usr/local/hbase-1.1.5/bin/hbase-daemon.sh stop regionserver"
no regionserver to stop because no pid file /tmp/hbase-hbase-regionserver.pid
And this error is because it cannot get my environment export HBASE_PID_DIR="/data/hadoop/run/hbase", which I set in /etc/bash.bashrc.
I did more tests, first, I added export ENVTEST=hello to /etc/bash.bashrc, then, did the following tests.
$ echo $ENVTEST
$ sudo su - hbase -c "echo $ENVTEST"
$ source /etc/bash.bashrc
$ sudo su - hbase -c "echo $ENVTEST"
hello
It seems like, when you do sudo su - hbase -c "echo $ENVTEST", it is using the my user environment instead of hbase.
it looks like /usr/local/jdk/bin is not in hbase's PATH. add /usr/local/jdk/bin to PATH in /etc/bash.bashrc or /home/hbase/.bashrc.
because of the double-quotes, this test doesn't do what you might think:
sudo su - hbase -c "echo $PATH"
$PATH inside the double-quotes has its value substituted in before sudo su - hbase -c runs.
try these tests out:
sudo su - hbase -c "echo `whoami`"
sudo su - hbase -c 'echo `whoami`'
sudo su - hbase -c 'echo $JAVA_HOME'
sudo su - hbase -c 'echo $PATH'
Related
I've installed some software on a server that my gitlab runner SSH's to, and one of the commands needs to be run after doing sudo su. If I run it as a regular user, but with sudo in front of it - it doesn't work. I have to first completely switch to the sudo user first.
This works fine when I SSH into the server and do the commands manually. But when I try it from the pipeline (rough code below):
my_script:
stage: stage
script:
- ssh -o -i id_rsa -tt user#1.1.1.1 << EOF
- sudo su
- run_special_command <blah blah>
- exit
# above exits from the SSH. below should stop the pipeline
- exit 0
- EOF
I get very weird output like the below:
$ sudo su
[user#1.1.1.1 user]$ sudo su
echo $'\x1b[32;1m$ run_special_command <blah blah>\x1b[0;m'
run_special_command <blah blah>
echo $'\x1b[32;1m$ exit\x1b[0;m'
exit
echo $'\x1b[32;1m$ exit 0\x1b[0;m'
exit 0
echo $'\x1b[32;1m$ EOF\x1b[0;m'
And what I'm seeing is that it doesn't even run the command at all - and I can't figure out why.
In this case, you need to put your script as a multi-line string in your YAML. Alternatively, commit a shell script to repo and execute that.
and one of the commands needs to be run after doing sudo su. If I run it as a regular user, but with sudo in front of it - it doesn't work.
As a side note, you can probably use sudo -E instead of sudo su before the command. But what you have should also work with the multi-line script.
MyJob:
script: |
ssh -o -i id_rsa -tt user#host << EOF
sudo -E my_command
EOF
exit 0
Alternatively, write your script into a shell script committed to the repository (with executable permissions set) and run it from your job:
MyJob:
script: “my_script.sh”
I'm attempting to bootstrap my AWS EC2 ubuntu server with oh-my-zsh installed for the ubuntu user. I have a cloud-init script (more info here) that runs as the root user (with sudo). So, in my script I run the oh-my-zsh installation as the ubuntu user.
#cloud-config
runcmd:
# omitted other commands specific to my server, install zsh at the end
- apt-get install -y zsh
- su ubuntu -c 'sh -c "$(curl -fsSL https://raw.githubusercontent.com/coreycole/oh-my-zsh/master/tools/install.sh)"'
- chsh -s $(which zsh) ubuntu
# change the prompt to include the server hostname
- su ubuntu -c echo "echo export PROMPT=\''%{$fg[green]%}%n#%{$fg[green]%}%m%{$reset_color%} ${ret_status} %{$fg[cyan]%}%c%{$reset_color%} $(git_prompt_info)'\'" >> /home/ubuntu/.zshrc
# get environment variables defined above
- echo "source ~/.profile" >> /home/ubuntu/.zshrc
When the cloud-init finishes and I ssh into the colors are not working in the $PROMPT, I see [green] and [cyan]:
[green]ubuntu#[green]ip-172-31-27-24 [cyan]~
If I run the same PROMPT command as the ubuntu user after ssh'ing in, the colors work correctly:
The problem seems to be how the colors are evaulated when the cloud-init script runs the echo command vs how the colors are evaulated when the ubuntu user runs the echo command. Does anyone know how I might change the PROMPT so the colors are only evaulated once ~/.zshrc is evaulated by the ubuntu user?
I solved this thanks to jgshawkey's answer here. I used bash variables to escape the color codes & commands to postpone their evaluation:
- apt-get install -y zsh
- runuser -l ubuntu -c 'sh -c "$(curl -fsSL https://raw.githubusercontent.com/coreycole/oh-my-zsh/master/tools/install.sh)"'
- chsh -s $(which zsh) ubuntu
- fgGreen='%{$fg[green]%}'
- fgCyan='%{$fg[cyan]%}'
- fgReset='%{$reset_color%}'
- retStatus='${ret_status}'
- gitInfo='$(git_prompt_info)'
- runuser -l ubuntu -c "echo export PROMPT=\''${fgGreen}%n#%m${fgReset} ${retStatus} ${fgCyan}%c${fgReset} ${gitInfo}'\'" >> /home/ubuntu/.zshrc
- echo "source ~/.profile" >> /home/ubuntu/.zshrc
It ended up looking like this in my ~/.zshrc:
Since I am creating a new user/server, I made this way:
user=you user here
pass=you password here
apt install -y zsh curl wget # considering you currently are root
#creates a new user with password and zsh as default shell
useradd "$user" -m -p $(openssl passwd -1 "$pass") -s $(which zsh)
usermod -aG sudo "$user" # append to sudo and user group (optional)
# mind the command above, with the parameter --unattended which means "no questions" and "no set default to zsh"
runuser -l $user -c 'sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)" "" --unattended'
Worked fine for me.
I have created a Jenkins job today, what it does is the Jenkins user should log into another server and run two commands separated by &&:
ssh -i /creds/jenkins jenkins#servername.com "sh -c 'sudo su && lxc exec containername bash'"
The logging part works fine, then it runs the sudo su command and becomes root but it never runs the second command.
I even did this manually and from the Jenkins machine logged into the other server (servername). Then ran sh -c "sudo su && lxc exec containername bash" with no luck.
Try to execute the second command as a parameter for the sudo su command, like this:
ssh -i /creds/jenkins jenkins#servername.com "sh -c 'sudo su -c "lxc exec containername bash"'"
I have a kiosk that shuts down every day using rtcwake, and this uses root user. I've used && to execute the boot script after rtcwake completes, however it then starts the browser as root causing problems.
This is the command I use:
echo debian | sudo -S rtcwake -m mem -u -t $(date +%s -d '3 days 7:45') && sudo -u debian -i bash $HOME/kiosk/bin/startup.sh &.
The sudo command does work to some extent. It calls the debian user, and executes the correct script, however, it still screws up my chromium preferences.
Here is the startup script:
echo debian | sudo -S hwclock -w
export HOME=/home/debian
#log boot time
echo "Booting at" $(date) >> $HOME/kiosk/bin/logs/boot.log
#echo debian | sudo -S service connman restart
echo debian | sudo -S at 15:30 -f $HOME/kiosk/bin/shutdown.sh
crontab -u debian crontab.txt
bash $HOME/git.sh
#sudo -i -u debian
#start kiosk
export DISPLAY=:0
chromium-browser --kiosk --disable-gpu
http://localhost/kiosk/Client/main.html &
#update ip
bash /home/debian/git.sh &
I'm wondering what could be causing chrome to be executed as root. I have no idea what is going wrong.
If you execute a command with sudo it will not change environment variables like $HOME. Since per user settings are stored in $HOME, this affects the executed program if it needs such configuration files. Check this for example:
sudo -u debian bash -c 'echo $HOME'
It will print the home folder of the calling user, not the home folder of the user specified trough -u. The sudo command supports the -H command line option to handle this, however if it works depends on the security police in use.
As a solution you can use the su command instead of sudo in this case:
... && su debian -c chromium
Since su itself is executed by root you won't be asked for the password.
You must enter a password to log into a new user shell.
The command needs to be modified as follows:
echo debian | sudo -S rtcwake -m mem -u -t $(date +%s -d '3 days 7:45') && echo debian | sudo -S -u debian -i bash $HOME/kiosk/bin/startup.sh &
This avoids needing a password to log in as normal Debian user, and executes the script.
I found very strange behaviour when I build and run docker container. I would like to have container with cassandra and ssh.
In my Dockerfile I've got:
RUN echo "deb http://www.apache.org/dist/cassandra/debian 20x main" | sudo tee -a /etc/apt/sources.list
RUN echo "deb-src http://www.apache.org/dist/cassandra/debian 20x main" | sudo tee -a /etc/apt/sources.list
RUN gpg --keyserver pgp.mit.edu --recv-keys 4BD736A82B5C1B00
RUN apt-key add ~/.gnupg/pubring.gpg
RUN apt-get update
RUN apt-get -y install cassandra
And then for ssh
RUN apt-get install -y openssh-server
RUN mkdir /var/run/sshd
RUN echo '{{ docker_ssh_user }}:{{docker_ssh_password}}' | chpasswd
EXPOSE 22
And I added start script to run everything I want:
USER root
ADD start start
RUN chmod 777 start
CMD ["sh" ,"start"]
And here comes problem. When I have start like this below:
#!/bin/bash
/usr/sbin/sshd -D
/usr/sbin/cassandra -f
SSH is working well. I can do ssh root#172.17.0.x. After I log in container I try to run cqlsh to ensure that cassandra is working. But cassandra is not started for some reason and I can't access cqlsh. I've also checked /var/log/cassandra/ but it was empty.
In second scenario I change my start script to this:
#!/bin/bash
/usr/sbin/sshd -D & /usr/sbin/cassandra/ -f
And I again try to connect ssh root#172.17.0.x and then when I run cqlsh inside container I have connection to cqlsh.
So I was thinking that ampersand & is doing some voodoo that all works well ?
Why I can't run bash staring script with one command below another?
Or I'm missing something else??
Thanks for reading && helping.
Thanks to my friend linux guru we found the reason of error.
/usr/sbin/sshd -D means that -D : When this option is specified, sshd will not detach and does not become a deamon. This allows easy monitoring of sshd
So in the first script sshd -D was blocking next command to run.
In second script I've got & which let sshd -D go background and then cassandra could start.
Finally I've got this version of script:
#!/bin/bash
/usr/sbin/sshd
/usr/sbin/cassandra -f