Question for the unix gurus out there.
I need to run a command as a non-root user. Should it be something like the following?
wait sudo - nonrootuser -c "command"
thanks in advance!
Question for the unix gurus out there.
I need to run a command as a non-root user. Should it be something like the following?
wait sudo - nonrootuser -c "command"
thanks in advance!
Have you considered leveraging the override
actionscript command with the RunAs=localuser
option?
https://developer.bigfix.com/action-script/reference/execution/override.html
I had not, actually. Does the localuser option provide a full shell?
The challenge I have is that I need to do a bit of setup as root, before handing it off to the non-root user to execute a command only available to that user, and then follow up with some cleanup.
I think he RunAs=localuser option is possible but there are some limitations.
“Note: On UNIX and Linux the environment variables are not applied with the exception of required Xauthority variables. On such platforms a call is made to setuid to the id of the user identified as the current user for the XBESClientUI. This is a very specific and platform dependent scenario which requires the user to be logged on at the local console and running X Windows.”
I am not sure how in-depth you need to get, but the blow should work just fine in an actionscript.
wait /usr/bin/sudo su - username -c “/usr/bin/echo test>/tmp/test”
Thanks @Aram I may come back to it, if I am unable to solve it using shell script commands. @mangan, are sudo
and su
both required?
If ran as you posted above, you would get this in return:
“sudo: nonrootuser: command not found”
wait sudo - nonrootuser -c “command”
how to debug its problems ?
wait “working command” - how to check that ?
first of all you should check that “working command” really works…
run this command under root (bigfix runs it like root in action)
when it will work, put it back to action script and cross fingers
because really there are doubts that your “sudo - nonrootuser …” is correct.
potentially you have thought about "su - nonrootuser -c ‘command’"
wait “su - nonrootuser -c ‘command’” - could have some sense
had success lately with “run runuser {(name of logged on user)}” command syntax on linux .
worked better then "su - localusaname -c " command .
in sum cases .
For a linux or UNIX™ OS, I’d recommend:
parameter "theName" = "THEUSERYOUNEED"
wait sudo -u {parameter "theName"} bash -c "{{ MULTIPLE; COMMANDS; IN; SEQUENCE} > /tmp/REDIRECTIFNEEDED "
wait
runs everything after this inside of BESAgent.
sudo -u {parameter "theName"}
runs everything after this as the named user.
bash -c "OTHERSTUFF"
runs everything inside the doublequotes within the same command context, and waits for it to finish.
{{ MULTIPLE; COMMANDS}
uses bash sequencing to capture everything inside the same execution context.
{
escapes the second one, so that it is not evaluated as relevance.)&&
instead of ;
).|
as needed.)> /temp/REDIRECTIFNEEDED
redirects the output of the command sequence to an output file. Can be removed if not needed.
For macOS, I’d recommend
parameter "theID" = "{id of user of current user}"
parameter "theName" = "{name of user of current user}"
wait launchctl asuser {parameter "theID"} sudo -u {parameter "theName"} bash -c "{{ whoami; } > /tmp/foo "
This solution is largely the same as the above for linux/UNIX. The macOS-distinguishing bit is launchctl
.
launchctl asuser {parameter "theID"}
harnesses macOS launchctl
to execute within the ID of the need user. (Yes, including the sudo.)
Note: BESAgent uses the root user’s default shell, which on macOS is is /bin/sh
. Thus, if you want a different shell you need to specify it.