From nobody Thu Aug 19 08:35:54 2021 X-Original-To: freebsd-stable@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 308BE17687B9 for ; Thu, 19 Aug 2021 08:35:58 +0000 (UTC) (envelope-from avg@FreeBSD.org) Received: from relay2-d.mail.gandi.net (relay2-d.mail.gandi.net [217.70.183.194]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4Gqyld6R6Rz3th9 for ; Thu, 19 Aug 2021 08:35:57 +0000 (UTC) (envelope-from avg@FreeBSD.org) Received: (Authenticated sender: andriy.gapon@uabsd.com) by relay2-d.mail.gandi.net (Postfix) with ESMTPSA id A92E54000B; Thu, 19 Aug 2021 08:35:55 +0000 (UTC) Subject: Re: Run script as root without sudo To: Aristedes Maniatis , freebsd-stable References: <50738b08-8179-46d6-24fe-b2674e4f6c67@FreeBSD.org> From: Andriy Gapon Message-ID: Date: Thu, 19 Aug 2021 11:35:54 +0300 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0 Thunderbird/78.12.0 List-Id: Production branch of FreeBSD source code List-Archive: https://lists.freebsd.org/archives/freebsd-stable List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-stable@freebsd.org X-BeenThere: freebsd-stable@freebsd.org MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 4Gqyld6R6Rz3th9 X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[] X-ThisMailContainsUnwantedMimeParts: N On 2021-08-19 11:33, Aristedes Maniatis wrote: > The man page is very confusing. Yes, it says -c is class. But it also > has examples like this: > >  su -m operator -c 'shutdown -p now' > > > > In my testing, this works: > > $ su - root -c 'date' > Thu Aug 19 08:31:53 UTC 2021 > > and this does not: > > $ su - root 'date' > date: No such file or directory. > > > What is -c supposed to do? I thought that I answered that question, even before you asked, with the second quote from the manual page. > > On 19/8/21 6:21pm, Andriy Gapon wrote: >> On 2021-08-19 08:31, Aristedes Maniatis via freebsd-stable wrote: >>> I've got some scripts which are intended to run on a new EC2 instance >>> right after it is created. Since the script needs to install packages it >>> need to run as root. But because I don't have sudo installed at this >>> point (it is a brand new instance), I've only got 'su' to get root. >>> >>> The script itself is launched over SSH with the ec2-user account and >>> there is no root password at this point in the startup. >>> >>> My first attempt was to put this inside the script itself: >>> >>> if ["$($whoami)" !="root" ];thenexec su -c"$0" exit1 fi >>> >>> >>> But su complains that I'm not allowed to execute a command using the -c >>> option as root. >> -c option seems to be so confusing for some reason that it should bein >> some FAQ document. >> >>  From the man page: >>       -c class >>               Use the settings of the specified login class.  The >> login class >>               must be defined in login.conf(5).  Only allowed for the >> super- >>               user. >> >> You surely though that it did something else, right? >>  From the man page again: >>       If the optional args are provided on the command line, they are >> passed to >>       the login shell of the target login.  Note that all command line >>       arguments before the target login name are processed by su itself, >>       everything after the target login name gets passed to the login >> shell. >> >>> How else can I get this script running as root remotely in a completely >>> unattended way? >> > -- Andriy Gapon