I have a centos7 base ami and have successfully changed the user name using the ec2-launch user data modified from an amazon-linux script
#!/bin/bash
groupadd ec2-user
usermod -d /home/ec2-user -m -g ec2-user -l ec2-user centos
echo "" | sudo tee -a /etc/sudoers
echo "Defaults:root !requiretty" | sudo tee -a /etc/sudoers
echo "ec2-user ALL=(ALL) NOPASSWD: ALL" | sudo tee -a /etc/sudoers
echo "Defaults:ec2-user !requiretty" | sudo tee -a /etc/sudoers
log in works as expected and home directory has been changed, however when I use sudo it still asks for a password. As I cannot get into the file to check format I wonder if I am using the correct syntax?
How do change the user and remove the sudo password requirement in a single script?
I believe your Cloudinit userdata script is failing because it's attempting to use sudo without a tty (and the !requiretty hasn't been added yet). Since that script runs as root anyways, this should work:
#!/bin/bash
groupadd ec2-user
usermod -d /home/ec2-user -m -g ec2-user -l ec2-user centos
echo "" | tee -a /etc/sudoers
echo "Defaults:root !requiretty" | tee -a /etc/sudoers
echo "ec2-user ALL=(ALL) NOPASSWD: ALL" | tee -a /etc/sudoers
echo "Defaults:ec2-user !requiretty" | tee -a /etc/sudoers
Related
I have a linux system running with several Docker containers. One of them is mosquitto container which runs from mosquitto 1.6.7 docker image.
I do not have control how the Mosquitto container is created as it is given by default from a supplier/client.
I need to make changes in the mosquitto/config/mosquitto.conf file. This is the output when I run ls -l
/mosquitto/config # ls -l
total 4
-rwxrwxr-x 1 nobody nobody 210 May 24 05:35 mosquitto.conf
I tried the codes below to add a comment in the mosquitto.conf, but I am not successful.
/mosquitto/config # echo '#test' | su nobody -c 'tee -a mosquitto.conf'
nologin: this account is not available
/mosquitto/config # echo '#test' | su nobody -s sh -c 'tee -a mosquitto.conf'
su: can't execute 'sh': No such file or directory
/mosquitto/config # echo '#test' | su nobody -s bin/sh -c 'tee -a mosquitto.conf'
su: can't execute 'bin/sh': No such file or directory
/mosquitto/config # echo '#test' | su nobody -s /bin/sh -c 'tee -a mosquitto.conf'
tee: mosquitto.conf: Permission denied
#test
Is it possible to change the mosquitto.conf?
If yes, how? Thanks.
You don't.
You make a copy of it on the host machine, edit there and then mount that edited copy into the container when you start it.
e.g.
docker run -d -v /path/to/local/mosquitto.conf:/mosquitto/config/mosquitto.conf mosquitto
I am running a simple shell script which creates a user and then switches to it so that I can run a bunch of commands as the new user. The script below is ran as the root on a Debian 9 (Stretch) amd64 host and is not showing what I would expect. This is just a test script for me to see what's going on.
#!/bin/sh
adduser karl --gecos "First Last, RoomNumber, WorkPhone, HomePhone" --disabled-password
adduser karl sudo
echo 'karl:password123' | chpasswd
echo 'karl ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers.d/karl
echo
sudo su - karl
whoami # prints root?
echo
echo
sudo -u karl /usr/bin/whoami # prints karl
echo
exit 0
I need to run the following command
xscreensaver -no-splash
as nobody, so I run
sudo -u nobody xscreensaver -no-splash
but I want to direct stdout and stderr to a file in /root
I want something like this
sudo (sudo -u nobody xscreensaver -no-splash) 2>&1 | tee /root/test.log
but that obviously doesn't work. What is the correct way to do this?
Simply run tee also with sudo but as user root:
sudo -u nobody xscreensaver -no-splash 2>&1 | sudo tee /root/test.log
I have a situation that I need to append several lines(ip and hosts) from a file to /etc/hosts.
If I execute the below command
sshpass -p password cat /tmp/hosts |sudo tee -a /etc/hosts
I am getting
sudo: no tty present and no askpass program specified.
Sorry, try again.
sudo: no tty present and no askpass program specified. Sorry, try again.
sudo: no tty present and no askpass program specified. Sorry, try again.
sudo: 3 incorrect password attempts
Any alternatives to this?
How about
sudo -S sh -c 'cat /tmp/hosts >> /etc/hosts' <<< "password"
It's best to contain redirections for sudo within a subshell so that the elevated permissions are applied to opening the destination file.
ref: See https://stackoverflow.com/a/4327123/7552
The error you face comes from the fact that sshpass tries to send the password to cat, not to sudo. Your command line should have, in theory, looked rather like this:
cat /tmp/hosts |sshpass -p password sudo tee -a /etc/hosts
but sshpass does not forward stdin to sudo so this is a dead end. (sudo does forward stdin though that is why something like sudo tee works)
You could do something like this
sshpass -p password sudo echo "Hello"
cat /tmp/hosts | sudo tee -a /etc/hosts
so that the second call to sudo does not require a password.
Another option is to embed the cat and the redirection in a shell script and then just
sshpass -p password sudo ./thescript.sh
Or you can, as #glennjackman wrote, embed the cat and the redirection in a subshell:
sshpass -p password sudo sh -c 'cat /tmp/hosts >> /etc/hosts'
And of course, you can configure sudo to not require passwords.
User x run a script. Now I want to change the user in the script to User y.
#!/bin/sh
whoami
echo password | su y
whoami
But I get this:
x
su: must be run from a terminal
x
Thanks for your help.
This is working for me inside a bash script:
whoami;
sudo su $user << BASH
whoami;
BASH
Su cannot be ran in a Bash script. You can use sudo -u <user> <command> && however.
you can do:
su - $USER -l -m -c $CMD
-l provide an environment similar to the login env
-m preserves the current environment
-c runs the command
e.g. I use this to run nohup commands also
su - $USER -l -m -c "nohup $RUN_CMD > "$LOG" 2>&1 >> /dev/null&"