How do I run a command as a different user from a root cronjob?
Solution 1
su --shell=/bin/bash --session-command="/path/to/command -argument=something" username &
Works for me (CentOS)
Solution 2
Use su
instead of sudo
:
su -c "rsync ..." apache
Solution 3
By default on RHEL, sudo
isn't allowed for processes without a terminal (tty). That's set in /etc/sudoers
.
You can allow tty-less sudo
for particular users with these instructions:
https://serverfault.com/questions/111064/sudoers-how-to-disable-requiretty-per-user
Solution 4
If you want to permanently enable you to fiddle around as apache:
chsh apache
this allows you to change the shell for the user
Solution 5
place it in /etc/crontab and specify apache instead of root in the user field
Related videos on Youtube
rob
Updated on July 09, 2022Comments
-
rob almost 2 years
I seem to be stuck between an NFS limitation and a Cron limitation.
So I've got root cron (on RHEL5) running a shell script that, among other things, needs to rsync some files over an NFS mount. And the files on the NFS mount are owned by the apache user with mode 700, so only the apache user can run the rsync command -- running as root yields a permission error (NFS being a rare case, apparently, where the root user is not all-powerful?)
When I just want to run the rsync by hand, I can use "sudo -u apache rsync ..." But sudo no workie in cron -- it says "sudo: sorry, you must have a tty to run sudo".
I don't want to run the whole script as apache (i.e. from apache's crontab) because other parts of the script do require root -- it's just that one command that needs to run as apache. And I would really prefer not to change the mode on the files, as that will involve significant changes to other applications.
There's gotta be a way to accomplish "sudo -u apache" from cron??
thanks! rob
-
Robert Deml almost 15 yearsMight be better served by moving this to SuperUser.com.
-
BryKKan over 6 yearsThis is an old question, but still found it pretty high in search ranks, and none of the answers address why root permissions didn't apply to the NFS mount. For anyone else stumbling on this, the reason is root_squash. This blog has a pretty decent explanation for why that option is necessary and usually set by default. fullyautolinux.blogspot.com/2015/11/…
-
-
rob almost 15 yearsYes! But no. The apache user does not have a regular login shell, so the su -c syntax only returns "This account is currently not available". And altering the apache user's passwd entry for this purpose seems like a bad idea. Hm, I guess this question should be titled "How do I run a command as the apache user from a root cronjob?" And maybe it can't be done without introducing security holes?
-
Jukka Matilainen almost 15 yearsDoes it help if you explicitly specify the shell to be used with the
-s
switch (for example-s /bin/sh
)? At least on Ubuntu this seems to help if the user in question does not have a valid shell in /etc/passwd. -
Steve Tauber almost 12 yearsI had to add
export TERM=xterm;
before my command inside the--session-command
variable. Thus, I ended up withsu --shell=/bin/bash --session-command="export TERM=xterm; /path/to/command -argument=something" username &
-
Lambart over 10 yearsDoes not work on Ubuntu (12.04) as the
su
command doesn't support the--session-command
option. -
NoelProf over 10 yearsto clarify the answer, in root's crontab, add the
su --shell=/bin/bash --session-command="/path/to/command -argument=something" username