How to run script on AWS Cloud Formation startup as a different user?

bash amazon-web-services cloud

14,729

su doesn't change the user for the remainder of the script, it starts a new interactive shell for the user you specify. In a non-interactive context like your script here, that shell exits immediately because there is nothing for it to do.

See this question for some suggestions on how to change user for a series of commands. Alternatively for individual commands you can do sudo -u ubuntu [...].

14,729

Author by

Phil

SOreadytohelp

Updated on June 13, 2022

Comments

Phil almost 2 years
I am having a lot of trouble launching an AWS Ubuntu instance (from a Cloud Formation template) and successfully running a script on startup. This script does run, but I do not want it running as root. I want the script to either be invoked as a different user or when the script runs for the script to change user.

Since we are attempting to use Cloud Formation, I need to put the script or a reference to the script in my Template file. The relevant part of my template file is below. The script 'myScript.sh' does run, but always as root.
```
"MyImage" : {
        "Type" : "AWS::EC2::Instance",
        "Properties" : {
           "ImageId" : "xxxxxx",
           "KeyName" : "xxxxxx",
           "SecurityGroups" : [ "xxxxxx" ],
           "UserData" : {"Fn::Base64" : {"Fn::Join" : ["", [
            "#include\n",
            "https://s3-eu-west-1.amazonaws.com/aFolder/myScript.sh \n"
            ] ] } }
        }
      }
    },
```
From the URL: http://alestic.com/2009/06/ec2-user-data-scripts it states that these scripts always run as root. So instead I decided to modify the script to change the user. Below is an example script that does not do what I want. I've commented it inline to explain what each stage does:
```
#!/bin/bash

whoami > /home/ubuntu/who1.txt    # Always returns 'root'
su ubuntu                         # Appears to have no effect. Ubuntu user does exist
whoami > /home/ubuntu/who2.txt    # Always returns 'root'

su ubuntu echo fish > /home/ubuntu/aFile.txt  # File is not created

sudo -u ubuntu bash               # Appears to have no effect
whoami > /home/ubuntu/who3.txt    # Always returns 'root'
```
I'm guessing that there's something fundamentally wrong with my script, but I just can't see it! has anyone got any experience with AWS and Cloud Formation and have you succeeded in running a script not as root? I really don't want the script running as root since the activities that are going to be started should not be owned at the root level.

Thanks, Phil
Phil almost 11 years

Thanks for explaining that to me and the link is useful too. sudo -u ubuntu [...] worked as well. Thanks.
AJB over 9 years

Holy jumpin'. I looked for this for hours today and finally found something that works. Thank you a million times. Why doesn't AWS provide this information in their docs?
Nic3500 over 6 years

Please explain to the user the difference, why is it better than what he did (or was was his mistake)?