Date: Thu, 19 Aug 2021 11:21:04 +0300 From: Andriy Gapon <avg@FreeBSD.org> To: ari@ish.com.au, freebsd-stable <freebsd-stable@freebsd.org> Subject: Re: Run script as root without sudo Message-ID: <50738b08-8179-46d6-24fe-b2674e4f6c67@FreeBSD.org> In-Reply-To: <a7d48318-6b21-231e-1042-2d2daad72c50@ish.com.au> References: <a7d48318-6b21-231e-1042-2d2daad72c50@ish.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2021-08-19 08:31, Aristedes Maniatis via freebsd-stable wrote:
> I've got some scripts which are intended to run on a new EC2 instance
> right after it is created. Since the script needs to install packages it
> need to run as root. But because I don't have sudo installed at this
> point (it is a brand new instance), I've only got 'su' to get root.
>
> The script itself is launched over SSH with the ec2-user account and
> there is no root password at this point in the startup.
>
> My first attempt was to put this inside the script itself:
>
> if ["$($whoami)" !="root" ];thenexec su -c"$0" exit1 fi
>
>
> But su complains that I'm not allowed to execute a command using the -c
> option as root.
-c option seems to be so confusing for some reason that it should bein
some FAQ document.
>From the man page:
-c class
Use the settings of the specified login class. The login class
must be defined in login.conf(5). Only allowed for the super-
user.
You surely though that it did something else, right?
>From the man page again:
If the optional args are provided on the command line, they are
passed to
the login shell of the target login. Note that all command line
arguments before the target login name are processed by su itself,
everything after the target login name gets passed to the login shell.
> How else can I get this script running as root remotely in a completely
> unattended way?
--
Andriy Gapon
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?50738b08-8179-46d6-24fe-b2674e4f6c67>