Question for the unix gurus out there.
I need to run a command as a non-root user. Should it be something like the following?
wait sudo - nonrootuser -c "command"
thanks in advance!
1 Like
Have you considered leveraging the override actionscript command with the RunAs=localuser option?
https://developer.bigfix.com/action-script/reference/execution/override.html
I had not, actually. Does the localuser option provide a full shell?
The challenge I have is that I need to do a bit of setup as root, before handing it off to the non-root user to execute a command only available to that user, and then follow up with some cleanup.
I think he RunAs=localuser option is possible but there are some limitations.
“Note: On UNIX and Linux the environment variables are not applied with the exception of required Xauthority variables. On such platforms a call is made to setuid to the id of the user identified as the current user for the XBESClientUI. This is a very specific and platform dependent scenario which requires the user to be logged on at the local console and running X Windows.”
I am not sure how in-depth you need to get, but the blow should work just fine in an actionscript.
wait /usr/bin/sudo su - username -c “/usr/bin/echo test>/tmp/test”
Thanks @Aram I may come back to it, if I am unable to solve it using shell script commands. @mangan, are sudo and su both required?
If ran as you posted above, you would get this in return:
“sudo: nonrootuser: command not found”
wait sudo - nonrootuser -c “command”
how to debug its problems ?
wait “working command” - how to check that ?
first of all you should check that “working command” really works…
run this command under root (bigfix runs it like root in action)
when it will work, put it back to action script and cross fingers 
because really there are doubts that your “sudo - nonrootuser …” is correct.
potentially you have thought about "su - nonrootuser -c ‘command’"
wait “su - nonrootuser -c ‘command’” - could have some sense
had success lately with “run runuser {(name of logged on user)}” command syntax on linux .
worked better then "su - localusaname -c " command .
in sum cases .
1 Like
For a linux or UNIX™ OS, I’d recommend:
parameter "theName" = "THEUSERYOUNEED"
wait sudo -u {parameter "theName"} bash -c "{{ MULTIPLE; COMMANDS; IN; SEQUENCE} > /tmp/REDIRECTIFNEEDED "
wait runs everything after this inside of BESAgent.
sudo -u {parameter "theName"} runs everything after this as the named user.
bash -c "OTHERSTUFF" runs everything inside the doublequotes within the same command context, and waits for it to finish.
{{ MULTIPLE; COMMANDS} uses bash sequencing to capture everything inside the same execution context.
- (The first
{escapes the second one, so that it is not evaluated as relevance.) - (If you want the sequence to continue ONLY if the prior command was exit=0, then use
&&instead of;). - (If you want to pipe output between commands, use
|as needed.)
> /temp/REDIRECTIFNEEDED redirects the output of the command sequence to an output file. Can be removed if not needed.
1 Like
For macOS, I’d recommend
parameter "theID" = "{id of user of current user}"
parameter "theName" = "{name of user of current user}"
wait launchctl asuser {parameter "theID"} sudo -u {parameter "theName"} bash -c "{{ whoami; } > /tmp/foo "
This solution is largely the same as the above for linux/UNIX. The macOS-distinguishing bit is launchctl.
launchctl asuser {parameter "theID"} harnesses macOS launchctl to execute within the ID of the need user. (Yes, including the sudo.)
Note: BESAgent uses the root user’s default shell, which on macOS is is /bin/sh. Thus, if you want a different shell you need to specify it.
1 Like