From nobody Thu Aug 19 08:21:04 2021 X-Original-To: freebsd-stable@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 7AD98175E375 for ; Thu, 19 Aug 2021 08:21:14 +0000 (UTC) (envelope-from avg@FreeBSD.org) Received: from relay1-d.mail.gandi.net (relay1-d.mail.gandi.net [217.70.183.193]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4GqyQf2490z3qxg for ; Thu, 19 Aug 2021 08:21:14 +0000 (UTC) (envelope-from avg@FreeBSD.org) Received: (Authenticated sender: andriy.gapon@uabsd.com) by relay1-d.mail.gandi.net (Postfix) with ESMTPSA id 61DA9240009; Thu, 19 Aug 2021 08:21:06 +0000 (UTC) Subject: Re: Run script as root without sudo To: ari@ish.com.au, freebsd-stable References: From: Andriy Gapon Message-ID: <50738b08-8179-46d6-24fe-b2674e4f6c67@FreeBSD.org> Date: Thu, 19 Aug 2021 11:21:04 +0300 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0 Thunderbird/78.12.0 List-Id: Production branch of FreeBSD source code List-Archive: https://lists.freebsd.org/archives/freebsd-stable List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-stable@freebsd.org X-BeenThere: freebsd-stable@freebsd.org MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 4GqyQf2490z3qxg X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[] X-ThisMailContainsUnwantedMimeParts: N On 2021-08-19 08:31, Aristedes Maniatis via freebsd-stable wrote: > I've got some scripts which are intended to run on a new EC2 instance > right after it is created. Since the script needs to install packages it > need to run as root. But because I don't have sudo installed at this > point (it is a brand new instance), I've only got 'su' to get root. > > The script itself is launched over SSH with the ec2-user account and > there is no root password at this point in the startup. > > My first attempt was to put this inside the script itself: > > if ["$($whoami)" !="root" ];thenexec su -c"$0" exit1 fi > > > But su complains that I'm not allowed to execute a command using the -c > option as root. -c option seems to be so confusing for some reason that it should bein some FAQ document. >From the man page: -c class Use the settings of the specified login class. The login class must be defined in login.conf(5). Only allowed for the super- user. You surely though that it did something else, right? >From the man page again: If the optional args are provided on the command line, they are passed to the login shell of the target login. Note that all command line arguments before the target login name are processed by su itself, everything after the target login name gets passed to the login shell. > How else can I get this script running as root remotely in a completely > unattended way? -- Andriy Gapon