run script as another user from a root script with no tty stdin

Posted by viktor tron on Server Fault See other posts from Server Fault or by viktor tron
Published on 2012-06-08T19:17:34Z Indexed on 2012/06/09 4:42 UTC
Read the original article Hit count: 651

Filed under:
|
|
|
|

Using CentOs, I want to run a script as user 'training' as a system service. I use daemontools to monitor the process, which needs a launcher script that is run as root and has no tty standard in.

Below I give my four different attempts which all fail.

  1. :

    #!/bin/bash
    exec >> /var/log/training_service.log 2>&1
    setuidgid training training_command
    

    This last line is not good enough since for training_command, we need environment for trqaining user to be set.

  2. :

    su - training -c 'training_command' 
    

    This looks like it (http://serverfault.com/questions/44400/run-a-shell-script-as-a-different-user) but gives 'standard in must be tty' as su making sure tty is present to potentially accept password. I know I could make this disappear by modifying /etc/sudoers (a la http://superuser.com/questions/119376/bash-su-script-giving-an-error-standard-in-must-be-a-tty) but i am reluctant and unsure of consequences.

  3. :

    runuser - training -c 'training_command'  
    

    This one gives runuser: cannot set groups: Connection refused. I found no sense or resolution to this error.

  4. :

    ssh -p100 training@localhost 'source $HOME/.bashrc; training_command'
    

    This one is more of a joke to show desparation. Even this one fails with Host key verification failed. (the host key IS in known_hosts, etc).

Note: all of 2,3,4 work as they should if I run the wrapper script from a root shell. problems only occur if the system service monitor (daemontools) launches it (no tty terminal I guess).

I am stuck. Is this something so hard to achieve?

I appreciate all insight and guidance to best practice.

(this has also been posted on superuser: http://superuser.com/questions/434235/script-calling-script-as-other-user)

© Server Fault or respective owner

Related posts about linux

Related posts about centos