Date: Sun, 22 Aug 2021 11:26:15 +1000 From: Aristedes Maniatis via freebsd-stable <freebsd-stable@freebsd.org> To: Jonathan Chen <jonc@chen.org.nz> Cc: freebsd-stable <freebsd-stable@freebsd.org> Subject: Re: Run script as root without sudo Message-ID: <c0876c22-a134-ecc2-698a-2a08c6264372@ish.com.au> In-Reply-To: <CAJuc1zMr9f8MvCgCUXeXPVTGt5fQbcnZP8VPQrCPU8SdJtneCw@mail.gmail.com> References: <a7d48318-6b21-231e-1042-2d2daad72c50@ish.com.au> <CAJuc1zP_xLCz-SP4yvr2_m4zKFWVxBdDfMXBtjXSpaD=N=O6WA@mail.gmail.com> <f163070a-03a8-7b37-e2e8-7e6c3d3169d8@ish.com.au> <CAJuc1zMr9f8MvCgCUXeXPVTGt5fQbcnZP8VPQrCPU8SdJtneCw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
My goal is to use standard AMI so that upgrading to new FreeBSD releases is easy without a manual process to build a new custom AMI each time. I've submitted a patch to saltstack which allows the bootstrap process to work without sudo on a clean FreeBSD AMI. On Linux the bootstrap script is run with sudo and obviously that doesn't work on a fresh FreeBSD install. https://github.com/saltstack/salt-bootstrap/pull/1581 Thanks for everyone's help, especially Andriy who pointed out that I was missing the fundamental difference between: $ su - -c bootstrap.sh $ su -l root -c bootstrap.sh The first one uses the fact that root is the default, but then -c is an su command which specifies the user class and so will fail. The second actually passes "-c bootstrap.sh" to the shell because an explicit username effectively ends the 'su' command and everything after passed to the shell. On Linux, the -c is an su command which passes the next param to the shell so the -c is never itself passed to the shell and so both variations work over there although inn fundamentally different ways. I just hope that in 5 years from now I can find this mailing list post when I completely forgot the whole thing and can't figure how to make it work... Ari On 19/8/21 4:34pm, Jonathan Chen wrote: > On Thu, 19 Aug 2021 at 18:25, Aristedes Maniatis <ari@ish.com.au> wrote: >> That would require root to put the file there and then to reboot the >> machine. > In which case, wouldn't it be simpler to just start a new instance, > install your packages by hand, and then take a snapshot of the volume > and convert it to a custom AMI instead? That way all new instances > from your custom AMI will be preconfigured with the required packages. > > Cheers.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?c0876c22-a134-ecc2-698a-2a08c6264372>