Date: Thu, 19 Aug 2021 11:35:54 +0300 From: Andriy Gapon <avg@FreeBSD.org> To: Aristedes Maniatis <ari@ish.com.au>, freebsd-stable <freebsd-stable@freebsd.org> Subject: Re: Run script as root without sudo Message-ID: <c4ba9ddf-bf65-be5f-ca80-981b9aa16029@FreeBSD.org> In-Reply-To: <a8ad228c-2123-1409-3b68-843eb6a79980@ish.com.au> References: <a7d48318-6b21-231e-1042-2d2daad72c50@ish.com.au> <50738b08-8179-46d6-24fe-b2674e4f6c67@FreeBSD.org> <a8ad228c-2123-1409-3b68-843eb6a79980@ish.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2021-08-19 11:33, Aristedes Maniatis wrote: > The man page is very confusing. Yes, it says -c is class. But it also > has examples like this: > > su -m operator -c 'shutdown -p now' > > > > In my testing, this works: > > $ su - root -c 'date' > Thu Aug 19 08:31:53 UTC 2021 > > and this does not: > > $ su - root 'date' > date: No such file or directory. > > > What is -c supposed to do? I thought that I answered that question, even before you asked, with the second quote from the manual page. > > On 19/8/21 6:21pm, Andriy Gapon wrote: >> On 2021-08-19 08:31, Aristedes Maniatis via freebsd-stable wrote: >>> I've got some scripts which are intended to run on a new EC2 instance >>> right after it is created. Since the script needs to install packages it >>> need to run as root. But because I don't have sudo installed at this >>> point (it is a brand new instance), I've only got 'su' to get root. >>> >>> The script itself is launched over SSH with the ec2-user account and >>> there is no root password at this point in the startup. >>> >>> My first attempt was to put this inside the script itself: >>> >>> if ["$($whoami)" !="root" ];thenexec su -c"$0" exit1 fi >>> >>> >>> But su complains that I'm not allowed to execute a command using the -c >>> option as root. >> -c option seems to be so confusing for some reason that it should bein >> some FAQ document. >> >> From the man page: >> -c class >> Use the settings of the specified login class. The >> login class >> must be defined in login.conf(5). Only allowed for the >> super- >> user. >> >> You surely though that it did something else, right? >> From the man page again: >> If the optional args are provided on the command line, they are >> passed to >> the login shell of the target login. Note that all command line >> arguments before the target login name are processed by su itself, >> everything after the target login name gets passed to the login >> shell. >> >>> How else can I get this script running as root remotely in a completely >>> unattended way? >> > -- Andriy Gapon
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?c4ba9ddf-bf65-be5f-ca80-981b9aa16029>