So I have a user, userA on Ubuntu. When the machine starts I want to add a script to /etc/rc0.d called startService
From inside of this script it will start several services using three scripts
startServiceA.sh
startServiceB.sh
startServiceC.sh
I'd like those three scripts to be started from userA, not root. How would I achieve this?
You can use commands like: su, sudo, runuser
Be sure to check the man pages.
This site might be able to help you also
http://www.cyberciti.biz/open-source/command-line-hacks/linux-run-command-as-different-user/
You can run commands inside your startup script with:
sudo -u <username> ....
Note: you will need to to preface every command in the file that you want to run as another user. I'd recommend making a variable at the top of your script like so:
SUDO="sudo -u <username>"
Then just do: $SUDO <command>
Related
I have a use case where I don't want the user executing the ansible commands to become root but I do want them to use sudo to do the commands.
probably not possible but i can't find anything that says one way or the other
sudo allows you to specify which commands a given user or group of users is allowed to run as root . For example, my backuppc account can only run two commands as root:
backuppc ALL=(root) /usr/bin/rsync,/sbin/e2label
Using the Linux terminal, I run bash scripts (.sh files) containing sequences of commands I want to execute.
The issue is that I am unable to run a Docker command from within my shell script. I can run this Docker command when it's typed directly at the terminal with root privileges but not when I include it in the shell script file.
My script executed as a general user from command line, looks like this:
#!/usr/bin/env bash
cd /home/user/docker_backup
# remove /home/user/docker_backup/data
rm -rf data
# Switch to root privileges. my system is set to only run Docker as root
su
# Copy a folder from Docker container to host OS
docker cp <container-name>:/home/user/data /home/user/docker_backup
# More general user commands
cd ..
My code only runs until the su line above. After i enter the root password, nothing happens. if i type exit, i get permission errors, meaning the docker cp command failed.
**
This is my desired solution
**After thorough research, as I wanted to run my script as a general user, and only run certain commands as Root when necessary, I came up with a solution that works.
My script now looks like this (run with
$ sh script_name.sh):
#!/usr/bin/env bash
cd /home/user/docker_backup
# remove /home/user/docker_backup/data
rm -rf data
# Switch to root privileges. my system is set to only run Docker as root
su - root -c "docker cp <container-name>:/home/user/data /home/user/docker_backup"
# More general user commands
cd ..
Run shell script as general user. For commands that require root privileges, I use su - root -c "<command>". Terminal prompts for root password and executes command in quotes as root, then shell proceeds as general user.
Actually posting this as an answer:
You switch your current user to root during the script, but the script was executed by your own user.
So the docker cp command will also be executed as your own user, but you will be logged into the root account.
This results in you not seeing the output of docker cp (which might give you insight to not working - I think insufficient privilege).
A solution to this is either using sudo before docker cp, starting the script as root or adding your user to the group "docker", which authorizes your user to use the docker commands
I had the similar issue where the docker commands were running fine on the Terminal but the same commands were not running when I compiled them into a bash script and the issue was basically because of two reasons.
The docker commands need to be run with uplifted privileges that is with the sudo command ( Eg: sudo docker ps works but docker ps won't work). One could add the current user to docker group so that we need not use sudo with each docker command. Please visit this link and follow the section 2 to do the same.
Run the script in the correct way
One should have #! bin/bash at the starting of the script. It is a shebang that is required by each script.
One should save the file without .sh extension
One should provide the execution permission to the script by giving command chmod 777 script_name
run the script with bash script_name
I have a user, who's a passwordless sudoer. I need to execute shell script file with him, and make him execute one block as sudo. E.g:
su root <<"AS_ROOT"
# do something with my linux
AS_ROOT
But nothing works. I tried:
su - root <<...
sudo -s -- <<...
It barks back at me. I'm on ubuntu 16.04 lts.
Thank you.
As Cyrus points out, su is a different utility to which sudo's configuration doesn't apply.
It sounds like you're looking for something like this:
sudo -s <<'AS_ROOT'
echo "Hi from $USER."
AS_ROOT
This should output Hi from root.
Note that -s is needed to tell sudo to create a shell in order to interpret the commands passed via stdin (the here-doc). That shell is the current user's default shell, as reflected in environment variable $SHELL.
I need use execute a command inside of a script in a Run Script build phase in Xcode 4 using sudo. However, the compiler complains:
sudo: no tty present and no askpass program specified
Anyone have a clever solution for this problem?
One solution is to place the sudo password in an executable shell script like the following:
#!/bin/bash
echo thesudopassword
This shell script might be called password.sh
Then, setup the environment variable SUDO_ASKPASS=password.sh
Once this is setup, the -A option can be passed to sudo. This option uses the ASKPASS program to obtain the sudo password. The ASKPASS program need only write the password to stdout.
So, for example,
sudo -A ditto -V /tmp/testserver.dst /
This is obviously a rather insecure solution, but it does work.
Two ideas that haven't been suggested yet, both of which are probably better/safer than the currently accepted answer:
First option would be to put the part of the script that needs to be run as root in a script file (.sh or something), and then make it setuid as root: chmod go-w,+sx scriptfile, sudo chown root scriptfile. This means that script will automatically run as root, which avoids you needing to authenticate to run it (just to change it). As long as its operation isn't subject to user input, this should be quite safe. (Of course, if you make a script that takes an input argument and deletes it or runs it, or does most anything else with it, that would not be safe.)
Second option would be to use applescript (possibly via osascript). Applescript allows you to do shell script "sudo command goes here" with administrator privileges, which will pop up a graphical dialog asking for a password.
The first of these options would be good for an automated environment, though it might not deal well with (for example) being checked into an SCM, or being sent to another user. The second option would work better with that, but requires a password input every time, so doesn't work as well for an automated build script.
Another solution to this problem is to modify sudoers file and add your account to it and state that you should never be asked for the sudo password. To accomplish this is fairly straightforward:
run:
sudo visudo
In the User privilege specification section add a line that looks like
youraccountname ALL=(ALL) NOPASSWD: ALL
Of course, this can be a dangerous thing to do, so be careful. I would suggest reading the man page for sudoers and visudo before going this route.
After much searching I found the following solution.
https://forum.juce.com/t/build-script-for-automatically-moving-built-aus-into-components-folder-xcode/13112
Summary
Create a keychain and store your admin password in the keychain
Create a script which uses /usr/bin/security to access the password In your run script,
Set the ASK_PASS env variable and use the -A option with sudo
You can either run commands directly as a administrator with the following (changing echo YourCommandHere > /tmp/hello to your command):
osascript -e 'do shell script "sudo echo YourCommandHere > /tmp/hello " with administrator privileges'
Or run a script in your source directory using:
osascript -e 'do shell script "bash -x $SOURCE_ROOT/MyAdminScript.sh 1>/tmp/build-log 2>/tmp/build-log.err" with administrator privileges'
This runs the script and logs it output to /tmp/build-log and /tmp/build-log.err
For useful variables in the script see https://help.apple.com/xcode/mac/8.0/#/itcaec37c2a6
You can also execute XCode giving it the project as parameter from the Terminal using sudo like this:
sudo /Developer/Applications/Xcode.app/Contents/MacOS/Xcode /path/to/your/project.xcodeproj
This is the easiest solution I could think of, but there may be some drawbacks, since you would be executing XCode as root.
No need to write your sudo password anywhere. Just open a terminal window and type
$ sudo echo "hello"
Once you've typed your password, it will be good for a while - not sure how long - and the shell spawned by Xcode will inherit this permission.
If you get the "no tty present" message again later, just repeat the procedure
I'm currently using Capistrano to deploy my web application which works like a charm.
In my new project I must execute a command from sudo /bin/bash shell.
Is it possible for Capistrano to login to the machine as user X, run sudo /bin/bash,
enter the password and then execute a command in the sudo shell? If yes, could you
please provived me with an example.
With regards
jakob
Is there a specific reason you need to be in a root shell rather than executing the command with sudo? If executing a command with sudo, you can simply sudo 'command' instead of run 'command'.
I did a little experimentation to try to get a root shell with capistrano without logging into the server directly as root, and wasn't able to make much progress.
If running with sudo won't work, please update your question to let us know why and maybe we can help you find a workaround for it.
Update:
After playing around a little more, I found that you can execute an individual command (or string of commands) in a root shell by doing something like sudo '/bin/bash -c "whoami"'. It's getting an interactive root shell that's tricky.