Re: Run script as root without sudo

Reply: Aristedes Maniatis via freebsd-stable : "Re: Run script as root without sudo"
In reply to: Aristedes Maniatis via freebsd-stable : "Re: Run script as root without sudo"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Andriy Gapon <avg_at_FreeBSD.org>
Date: Thu, 19 Aug 2021 08:35:54 UTC

On 2021-08-19 11:33, Aristedes Maniatis wrote:
> The man page is very confusing. Yes, it says -c is class. But it also
> has examples like this:
> 
>  su -m operator -c 'shutdown -p now'
> 
> 
> 
> In my testing, this works:
> 
> $ su - root -c 'date'
> Thu Aug 19 08:31:53 UTC 2021
> 
> and this does not:
> 
> $ su - root 'date'
> date: No such file or directory.
> 
> 
> What is -c supposed to do?

I thought that I answered that question, even before you asked, with the
second quote from the manual page.

> 
> On 19/8/21 6:21pm, Andriy Gapon wrote:
>> On 2021-08-19 08:31, Aristedes Maniatis via freebsd-stable wrote:
>>> I've got some scripts which are intended to run on a new EC2 instance
>>> right after it is created. Since the script needs to install packages it
>>> need to run as root. But because I don't have sudo installed at this
>>> point (it is a brand new instance), I've only got 'su' to get root.
>>>
>>> The script itself is launched over SSH with the ec2-user account and
>>> there is no root password at this point in the startup.
>>>
>>> My first attempt was to put this inside the script itself:
>>>
>>> if ["$($whoami)" !="root" ];thenexec su -c"$0" exit1 fi
>>>
>>>
>>> But su complains that I'm not allowed to execute a command using the -c
>>> option as root.
>> -c option seems to be so confusing for some reason that it should bein
>> some FAQ document.
>>
>>  From the man page:
>>       -c class
>>               Use the settings of the specified login class.  The
>> login class
>>               must be defined in login.conf(5).  Only allowed for the
>> super-
>>               user.
>>
>> You surely though that it did something else, right?
>>  From the man page again:
>>       If the optional args are provided on the command line, they are
>> passed to
>>       the login shell of the target login.  Note that all command line
>>       arguments before the target login name are processed by su itself,
>>       everything after the target login name gets passed to the login
>> shell.
>>
>>> How else can I get this script running as root remotely in a completely
>>> unattended way?
>>
> 


-- 
Andriy Gapon