| 1 |
DENIED
|
ROLE_USER
|
null |
|
Show voter details
|
| 2 |
DENIED
|
moderate
|
Proxies\__CG__\App\Entity\Post {#1451
+user: Proxies\__CG__\App\Entity\User {#2471 …}
+magazine: Proxies\__CG__\App\Entity\Magazine {#1439 …}
+image: null
+slug: "Run-command-as-not-root-Hi-everyone-At-work-I-have"
+body: """
Run command as not-root\n
\n
Hi everyone\n
\n
At work, I have to run a command in an AWS instance. In that particular instance only exists the root user. The command should not be executed with root privileges (it executes mpirun, which is not recommended to run as sudo or the machine might break), so I was wondering if there is a way to block or disable the sudo privileges while the command is running. As mentioned, the only user existing there is root, so I suppose "sudo -u" is not an option.\n
\n
Does anyone know how to do it? Thanks in advance!\n
\n
@linux@lemmy.ml
"""
+lang: "en"
+commentCount: 30
+favouriteCount: 36
+score: 0
+isAdult: false
+sticky: false
+lastActive: DateTime @1699069034 {#2653
date: 2023-11-04 04:37:14.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@linux@lemmy.ml"
]
+comments: Doctrine\ORM\PersistentCollection {#2654 …}
+votes: Doctrine\ORM\PersistentCollection {#2663 …}
+reports: Doctrine\ORM\PersistentCollection {#2665 …}
+favourites: Doctrine\ORM\PersistentCollection {#2697 …}
+notifications: Doctrine\ORM\PersistentCollection {#2693 …}
+children: [
App\Entity\PostComment {#1465
+user: App\Entity\User {#265 …}
+post: Proxies\__CG__\App\Entity\Post {#1451 …2}
+magazine: Proxies\__CG__\App\Entity\Magazine {#1439 …}
+parent: Proxies\__CG__\App\Entity\PostComment {#1433 …}
+root: Proxies\__CG__\App\Entity\PostComment {#1437 …}
+image: null
+body: """
Laziness sparks innovation, and there could possibly be some other way to drop privileges. There’s loads of stuff I learn about Linux still - and my first install was summer 94\n
\n
Keep at it!
"""
+lang: "en"
+favouriteCount: 2
+score: 0
+lastActive: DateTime @1698969553 {#1756
date: 2023-11-03 00:59:13.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@linux@lemmy.ml"
"@nirogu@vivaldi.net"
"@Oisteink@feddit.nl"
]
+isAdult: false
+updateMark: false
+children: Doctrine\ORM\PersistentCollection {#1428 …}
+nested: Doctrine\ORM\PersistentCollection {#1441 …}
+votes: Doctrine\ORM\PersistentCollection {#1456 …}
+reports: Doctrine\ORM\PersistentCollection {#1788 …}
+favourites: Doctrine\ORM\PersistentCollection {#1656 …}
+notifications: Doctrine\ORM\PersistentCollection {#1655 …}
-id: 621
-bodyTs: "'94':31 'could':6 'drop':13 'first':27 'innov':3 'instal':28 'keep':32 'lazi':1 'learn':21 'linux':23 'load':17 'possibl':7 'privileg':14 'spark':2 'still':24 'stuff':19 'summer':30 'way':11"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://feddit.nl/comment/4262519"
+editedAt: null
+createdAt: DateTimeImmutable @1698969553 {#1634
date: 2023-11-03 00:59:13.0 +01:00
}
}
App\Entity\PostComment {#1582
+user: App\Entity\User {#265 …}
+post: Proxies\__CG__\App\Entity\Post {#1451 …2}
+magazine: Proxies\__CG__\App\Entity\Magazine {#1439 …}
+parent: Proxies\__CG__\App\Entity\PostComment {#1589 …}
+root: Proxies\__CG__\App\Entity\PostComment {#1437 …}
+image: null
+body: "Read your other post and it seems to me that a rebuild of the system to accommodate non-root users would be my preferred solution. Trying to “work around“ issues like this are prone to break as the system is updated/changed. And you’re back to trying to figure out what’s changed and makes your script break."
+lang: "en"
+favouriteCount: 3
+score: 0
+lastActive: DateTime @1698955906 {#1637
date: 2023-11-02 21:11:46.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@linux@lemmy.ml"
"@nirogu@vivaldi.net"
"@Oisteink@feddit.nl"
]
+isAdult: false
+updateMark: false
+children: Doctrine\ORM\PersistentCollection {#1592 …}
+nested: Doctrine\ORM\PersistentCollection {#1578 …}
+votes: Doctrine\ORM\PersistentCollection {#1577 …}
+reports: Doctrine\ORM\PersistentCollection {#1579 …}
+favourites: Doctrine\ORM\PersistentCollection {#1581 …}
+notifications: Doctrine\ORM\PersistentCollection {#1572 …}
-id: 614
-bodyTs: "'accommod':17 'around':30 'back':46 'break':37,59 'chang':54 'figur':50 'issu':31 'like':32 'make':56 'non':19 'non-root':18 'post':4 'prefer':25 'prone':35 're':45 'read':1 'rebuild':12 'root':20 'script':58 'seem':7 'solut':26 'system':15,40 'tri':27,48 'updated/changed':42 'user':21 'work':29 'would':22"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://feddit.nl/comment/4256607"
+editedAt: null
+createdAt: DateTimeImmutable @1698955906 {#1644
date: 2023-11-02 21:11:46.0 +01:00
}
}
App\Entity\PostComment {#1573
+user: App\Entity\User {#265 …}
+post: Proxies\__CG__\App\Entity\Post {#1451 …2}
+magazine: Proxies\__CG__\App\Entity\Magazine {#1439 …}
+parent: Proxies\__CG__\App\Entity\PostComment {#1589 …}
+root: Proxies\__CG__\App\Entity\PostComment {#1437 …}
+image: null
+body: """
Linux privilege only understands user id’s and group id’s. These are mapped through /etc/passwd and /etc/groups. You will see in passwd that the root user has UID 0. Any account you create with UID 0 will have root privileges. So running the command specifying any user with UID!=0 will run without those privileges.\n
\n
It’s also possible to set user on execution with setuid - but that won’t work on scripts only binary executables.\n
\n
[en.wikipedia.org/wiki/Setuid](https://en.wikipedia.org/wiki/Setuid)\n
\n
[en.wikipedia.org/wiki/User_identifier](https://en.wikipedia.org/wiki/User_identifier)\n
\n
[en.wikipedia.org/wiki/Group_identifier](https://en.wikipedia.org/wiki/Group_identifier)
"""
+lang: "en"
+favouriteCount: 2
+score: 0
+lastActive: DateTime @1698955665 {#1571
date: 2023-11-02 21:07:45.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@linux@lemmy.ml"
"@nirogu@vivaldi.net"
"@Oisteink@feddit.nl"
]
+isAdult: false
+updateMark: false
+children: Doctrine\ORM\PersistentCollection {#1585 …}
+nested: Doctrine\ORM\PersistentCollection {#1551 …}
+votes: Doctrine\ORM\PersistentCollection {#1560 …}
+reports: Doctrine\ORM\PersistentCollection {#1526 …}
+favourites: Doctrine\ORM\PersistentCollection {#1527 …}
+notifications: Doctrine\ORM\PersistentCollection {#1525 …}
-id: 613
-bodyTs: "'/etc/groups':18 '/etc/passwd':16 '/wiki/group_identifier](https://en.wikipedia.org/wiki/group_identifier)':86 '/wiki/setuid](https://en.wikipedia.org/wiki/setuid)':80 '/wiki/user_identifier](https://en.wikipedia.org/wiki/user_identifier)':83 '0':30,37,51 'account':32 'also':59 'binari':76 'command':45 'creat':34 'en.wikipedia.org':79,82,85 'en.wikipedia.org/wiki/group_identifier](https://en.wikipedia.org/wiki/group_identifier)':84 'en.wikipedia.org/wiki/setuid](https://en.wikipedia.org/wiki/setuid)':78 'en.wikipedia.org/wiki/user_identifier](https://en.wikipedia.org/wiki/user_identifier)':81 'execut':65,77 'group':9 'id':6,10 'linux':1 'map':14 'passwd':23 'possibl':60 'privileg':2,41,56 'root':26,40 'run':43,53 'script':74 'see':21 'set':62 'setuid':67 'specifi':46 'uid':29,36,50 'understand':4 'user':5,27,48,63 'without':54 'won':70 'work':72"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://feddit.nl/comment/4256522"
+editedAt: DateTimeImmutable @1698955955 {#1424
date: 2023-11-02 21:12:35.0 +01:00
}
+createdAt: DateTimeImmutable @1698955665 {#1635
date: 2023-11-02 21:07:45.0 +01:00
}
}
App\Entity\PostComment {#1564
+user: App\Entity\User {#265 …}
+post: Proxies\__CG__\App\Entity\Post {#1451 …2}
+magazine: Proxies\__CG__\App\Entity\Magazine {#1439 …}
+parent: Proxies\__CG__\App\Entity\PostComment {#1437 …}
+root: Proxies\__CG__\App\Entity\PostComment {#1437 …}
+image: null
+body: """
There’s no way to run a command as another user if that user is not created.\n
\n
[linux.die.net/man/1/runuser](https://linux.die.net/man/1/runuser)\n
\n
Edit:sudo is also an option but I like runuser for your use-case
"""
+lang: "en"
+favouriteCount: 4
+score: 0
+lastActive: DateTime @1698952814 {#1586
date: 2023-11-02 20:20:14.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@linux@lemmy.ml"
"@nirogu@vivaldi.net"
]
+isAdult: false
+updateMark: false
+children: Doctrine\ORM\PersistentCollection {#1566 …}
+nested: Doctrine\ORM\PersistentCollection {#1562 …}
+votes: Doctrine\ORM\PersistentCollection {#1554 …}
+reports: Doctrine\ORM\PersistentCollection {#1556 …}
+favourites: Doctrine\ORM\PersistentCollection {#1555 …}
+notifications: Doctrine\ORM\PersistentCollection {#1620 …}
-id: 611
-bodyTs: "'/man/1/runuser](https://linux.die.net/man/1/runuser)':20 'also':24 'anoth':10 'case':35 'command':8 'creat':17 'edit':21 'like':29 'linux.die.net':19 'linux.die.net/man/1/runuser](https://linux.die.net/man/1/runuser)':18 'option':26 'run':6 'runus':30 'sudo':22 'use':34 'use-cas':33 'user':11,14 'way':4"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://feddit.nl/comment/4255538"
+editedAt: DateTimeImmutable @1698953029 {#1587
date: 2023-11-02 20:23:49.0 +01:00
}
+createdAt: DateTimeImmutable @1698952814 {#1575
date: 2023-11-02 20:20:14.0 +01:00
}
}
]
-id: 286
-bodyTs: "'advanc':103 'anyon':95 'aw':19 'block':65 'break':54 'command':2,16,31,73 'disabl':67 'everyon':8 'execut':35,40 'exist':26,81 'hi':7 'instanc':20,24 'know':96 'linux@lemmy.ml':104 'machin':52 'mention':77 'might':53 'mpirun':41 'not-root':4 'option':93 'particular':23 'privileg':38,70 'recommend':45 'root':6,28,37,84 'run':1,14,47,75 'sudo':49,69,88 'suppos':87 'thank':101 'u':89 'user':29,80 'way':63 'wonder':58 'work':10"
+upVotes: 0
+downVotes: 0
+ranking: 1699037071
+visibility: "visible "
+apId: "https://social.vivaldi.net/users/nirogu/statuses/111342431186356628"
+editedAt: null
+createdAt: DateTimeImmutable @1698950671 {#2652
date: 2023-11-02 19:44:31.0 +01:00
}
+__isInitialized__: true
…2
} |
|
Show voter details
|
| 3 |
DENIED
|
edit
|
Proxies\__CG__\App\Entity\Post {#1451
+user: Proxies\__CG__\App\Entity\User {#2471 …}
+magazine: Proxies\__CG__\App\Entity\Magazine {#1439 …}
+image: null
+slug: "Run-command-as-not-root-Hi-everyone-At-work-I-have"
+body: """
Run command as not-root\n
\n
Hi everyone\n
\n
At work, I have to run a command in an AWS instance. In that particular instance only exists the root user. The command should not be executed with root privileges (it executes mpirun, which is not recommended to run as sudo or the machine might break), so I was wondering if there is a way to block or disable the sudo privileges while the command is running. As mentioned, the only user existing there is root, so I suppose "sudo -u" is not an option.\n
\n
Does anyone know how to do it? Thanks in advance!\n
\n
@linux@lemmy.ml
"""
+lang: "en"
+commentCount: 30
+favouriteCount: 36
+score: 0
+isAdult: false
+sticky: false
+lastActive: DateTime @1699069034 {#2653
date: 2023-11-04 04:37:14.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@linux@lemmy.ml"
]
+comments: Doctrine\ORM\PersistentCollection {#2654 …}
+votes: Doctrine\ORM\PersistentCollection {#2663 …}
+reports: Doctrine\ORM\PersistentCollection {#2665 …}
+favourites: Doctrine\ORM\PersistentCollection {#2697 …}
+notifications: Doctrine\ORM\PersistentCollection {#2693 …}
+children: [
App\Entity\PostComment {#1465
+user: App\Entity\User {#265 …}
+post: Proxies\__CG__\App\Entity\Post {#1451 …2}
+magazine: Proxies\__CG__\App\Entity\Magazine {#1439 …}
+parent: Proxies\__CG__\App\Entity\PostComment {#1433 …}
+root: Proxies\__CG__\App\Entity\PostComment {#1437 …}
+image: null
+body: """
Laziness sparks innovation, and there could possibly be some other way to drop privileges. There’s loads of stuff I learn about Linux still - and my first install was summer 94\n
\n
Keep at it!
"""
+lang: "en"
+favouriteCount: 2
+score: 0
+lastActive: DateTime @1698969553 {#1756
date: 2023-11-03 00:59:13.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@linux@lemmy.ml"
"@nirogu@vivaldi.net"
"@Oisteink@feddit.nl"
]
+isAdult: false
+updateMark: false
+children: Doctrine\ORM\PersistentCollection {#1428 …}
+nested: Doctrine\ORM\PersistentCollection {#1441 …}
+votes: Doctrine\ORM\PersistentCollection {#1456 …}
+reports: Doctrine\ORM\PersistentCollection {#1788 …}
+favourites: Doctrine\ORM\PersistentCollection {#1656 …}
+notifications: Doctrine\ORM\PersistentCollection {#1655 …}
-id: 621
-bodyTs: "'94':31 'could':6 'drop':13 'first':27 'innov':3 'instal':28 'keep':32 'lazi':1 'learn':21 'linux':23 'load':17 'possibl':7 'privileg':14 'spark':2 'still':24 'stuff':19 'summer':30 'way':11"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://feddit.nl/comment/4262519"
+editedAt: null
+createdAt: DateTimeImmutable @1698969553 {#1634
date: 2023-11-03 00:59:13.0 +01:00
}
}
App\Entity\PostComment {#1582
+user: App\Entity\User {#265 …}
+post: Proxies\__CG__\App\Entity\Post {#1451 …2}
+magazine: Proxies\__CG__\App\Entity\Magazine {#1439 …}
+parent: Proxies\__CG__\App\Entity\PostComment {#1589 …}
+root: Proxies\__CG__\App\Entity\PostComment {#1437 …}
+image: null
+body: "Read your other post and it seems to me that a rebuild of the system to accommodate non-root users would be my preferred solution. Trying to “work around“ issues like this are prone to break as the system is updated/changed. And you’re back to trying to figure out what’s changed and makes your script break."
+lang: "en"
+favouriteCount: 3
+score: 0
+lastActive: DateTime @1698955906 {#1637
date: 2023-11-02 21:11:46.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@linux@lemmy.ml"
"@nirogu@vivaldi.net"
"@Oisteink@feddit.nl"
]
+isAdult: false
+updateMark: false
+children: Doctrine\ORM\PersistentCollection {#1592 …}
+nested: Doctrine\ORM\PersistentCollection {#1578 …}
+votes: Doctrine\ORM\PersistentCollection {#1577 …}
+reports: Doctrine\ORM\PersistentCollection {#1579 …}
+favourites: Doctrine\ORM\PersistentCollection {#1581 …}
+notifications: Doctrine\ORM\PersistentCollection {#1572 …}
-id: 614
-bodyTs: "'accommod':17 'around':30 'back':46 'break':37,59 'chang':54 'figur':50 'issu':31 'like':32 'make':56 'non':19 'non-root':18 'post':4 'prefer':25 'prone':35 're':45 'read':1 'rebuild':12 'root':20 'script':58 'seem':7 'solut':26 'system':15,40 'tri':27,48 'updated/changed':42 'user':21 'work':29 'would':22"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://feddit.nl/comment/4256607"
+editedAt: null
+createdAt: DateTimeImmutable @1698955906 {#1644
date: 2023-11-02 21:11:46.0 +01:00
}
}
App\Entity\PostComment {#1573
+user: App\Entity\User {#265 …}
+post: Proxies\__CG__\App\Entity\Post {#1451 …2}
+magazine: Proxies\__CG__\App\Entity\Magazine {#1439 …}
+parent: Proxies\__CG__\App\Entity\PostComment {#1589 …}
+root: Proxies\__CG__\App\Entity\PostComment {#1437 …}
+image: null
+body: """
Linux privilege only understands user id’s and group id’s. These are mapped through /etc/passwd and /etc/groups. You will see in passwd that the root user has UID 0. Any account you create with UID 0 will have root privileges. So running the command specifying any user with UID!=0 will run without those privileges.\n
\n
It’s also possible to set user on execution with setuid - but that won’t work on scripts only binary executables.\n
\n
[en.wikipedia.org/wiki/Setuid](https://en.wikipedia.org/wiki/Setuid)\n
\n
[en.wikipedia.org/wiki/User_identifier](https://en.wikipedia.org/wiki/User_identifier)\n
\n
[en.wikipedia.org/wiki/Group_identifier](https://en.wikipedia.org/wiki/Group_identifier)
"""
+lang: "en"
+favouriteCount: 2
+score: 0
+lastActive: DateTime @1698955665 {#1571
date: 2023-11-02 21:07:45.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@linux@lemmy.ml"
"@nirogu@vivaldi.net"
"@Oisteink@feddit.nl"
]
+isAdult: false
+updateMark: false
+children: Doctrine\ORM\PersistentCollection {#1585 …}
+nested: Doctrine\ORM\PersistentCollection {#1551 …}
+votes: Doctrine\ORM\PersistentCollection {#1560 …}
+reports: Doctrine\ORM\PersistentCollection {#1526 …}
+favourites: Doctrine\ORM\PersistentCollection {#1527 …}
+notifications: Doctrine\ORM\PersistentCollection {#1525 …}
-id: 613
-bodyTs: "'/etc/groups':18 '/etc/passwd':16 '/wiki/group_identifier](https://en.wikipedia.org/wiki/group_identifier)':86 '/wiki/setuid](https://en.wikipedia.org/wiki/setuid)':80 '/wiki/user_identifier](https://en.wikipedia.org/wiki/user_identifier)':83 '0':30,37,51 'account':32 'also':59 'binari':76 'command':45 'creat':34 'en.wikipedia.org':79,82,85 'en.wikipedia.org/wiki/group_identifier](https://en.wikipedia.org/wiki/group_identifier)':84 'en.wikipedia.org/wiki/setuid](https://en.wikipedia.org/wiki/setuid)':78 'en.wikipedia.org/wiki/user_identifier](https://en.wikipedia.org/wiki/user_identifier)':81 'execut':65,77 'group':9 'id':6,10 'linux':1 'map':14 'passwd':23 'possibl':60 'privileg':2,41,56 'root':26,40 'run':43,53 'script':74 'see':21 'set':62 'setuid':67 'specifi':46 'uid':29,36,50 'understand':4 'user':5,27,48,63 'without':54 'won':70 'work':72"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://feddit.nl/comment/4256522"
+editedAt: DateTimeImmutable @1698955955 {#1424
date: 2023-11-02 21:12:35.0 +01:00
}
+createdAt: DateTimeImmutable @1698955665 {#1635
date: 2023-11-02 21:07:45.0 +01:00
}
}
App\Entity\PostComment {#1564
+user: App\Entity\User {#265 …}
+post: Proxies\__CG__\App\Entity\Post {#1451 …2}
+magazine: Proxies\__CG__\App\Entity\Magazine {#1439 …}
+parent: Proxies\__CG__\App\Entity\PostComment {#1437 …}
+root: Proxies\__CG__\App\Entity\PostComment {#1437 …}
+image: null
+body: """
There’s no way to run a command as another user if that user is not created.\n
\n
[linux.die.net/man/1/runuser](https://linux.die.net/man/1/runuser)\n
\n
Edit:sudo is also an option but I like runuser for your use-case
"""
+lang: "en"
+favouriteCount: 4
+score: 0
+lastActive: DateTime @1698952814 {#1586
date: 2023-11-02 20:20:14.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@linux@lemmy.ml"
"@nirogu@vivaldi.net"
]
+isAdult: false
+updateMark: false
+children: Doctrine\ORM\PersistentCollection {#1566 …}
+nested: Doctrine\ORM\PersistentCollection {#1562 …}
+votes: Doctrine\ORM\PersistentCollection {#1554 …}
+reports: Doctrine\ORM\PersistentCollection {#1556 …}
+favourites: Doctrine\ORM\PersistentCollection {#1555 …}
+notifications: Doctrine\ORM\PersistentCollection {#1620 …}
-id: 611
-bodyTs: "'/man/1/runuser](https://linux.die.net/man/1/runuser)':20 'also':24 'anoth':10 'case':35 'command':8 'creat':17 'edit':21 'like':29 'linux.die.net':19 'linux.die.net/man/1/runuser](https://linux.die.net/man/1/runuser)':18 'option':26 'run':6 'runus':30 'sudo':22 'use':34 'use-cas':33 'user':11,14 'way':4"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://feddit.nl/comment/4255538"
+editedAt: DateTimeImmutable @1698953029 {#1587
date: 2023-11-02 20:23:49.0 +01:00
}
+createdAt: DateTimeImmutable @1698952814 {#1575
date: 2023-11-02 20:20:14.0 +01:00
}
}
]
-id: 286
-bodyTs: "'advanc':103 'anyon':95 'aw':19 'block':65 'break':54 'command':2,16,31,73 'disabl':67 'everyon':8 'execut':35,40 'exist':26,81 'hi':7 'instanc':20,24 'know':96 'linux@lemmy.ml':104 'machin':52 'mention':77 'might':53 'mpirun':41 'not-root':4 'option':93 'particular':23 'privileg':38,70 'recommend':45 'root':6,28,37,84 'run':1,14,47,75 'sudo':49,69,88 'suppos':87 'thank':101 'u':89 'user':29,80 'way':63 'wonder':58 'work':10"
+upVotes: 0
+downVotes: 0
+ranking: 1699037071
+visibility: "visible "
+apId: "https://social.vivaldi.net/users/nirogu/statuses/111342431186356628"
+editedAt: null
+createdAt: DateTimeImmutable @1698950671 {#2652
date: 2023-11-02 19:44:31.0 +01:00
}
+__isInitialized__: true
…2
} |
|
Show voter details
|
| 4 |
DENIED
|
moderate
|
Proxies\__CG__\App\Entity\Post {#1451
+user: Proxies\__CG__\App\Entity\User {#2471 …}
+magazine: Proxies\__CG__\App\Entity\Magazine {#1439 …}
+image: null
+slug: "Run-command-as-not-root-Hi-everyone-At-work-I-have"
+body: """
Run command as not-root\n
\n
Hi everyone\n
\n
At work, I have to run a command in an AWS instance. In that particular instance only exists the root user. The command should not be executed with root privileges (it executes mpirun, which is not recommended to run as sudo or the machine might break), so I was wondering if there is a way to block or disable the sudo privileges while the command is running. As mentioned, the only user existing there is root, so I suppose "sudo -u" is not an option.\n
\n
Does anyone know how to do it? Thanks in advance!\n
\n
@linux@lemmy.ml
"""
+lang: "en"
+commentCount: 30
+favouriteCount: 36
+score: 0
+isAdult: false
+sticky: false
+lastActive: DateTime @1699069034 {#2653
date: 2023-11-04 04:37:14.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@linux@lemmy.ml"
]
+comments: Doctrine\ORM\PersistentCollection {#2654 …}
+votes: Doctrine\ORM\PersistentCollection {#2663 …}
+reports: Doctrine\ORM\PersistentCollection {#2665 …}
+favourites: Doctrine\ORM\PersistentCollection {#2697 …}
+notifications: Doctrine\ORM\PersistentCollection {#2693 …}
+children: [
App\Entity\PostComment {#1465
+user: App\Entity\User {#265 …}
+post: Proxies\__CG__\App\Entity\Post {#1451 …2}
+magazine: Proxies\__CG__\App\Entity\Magazine {#1439 …}
+parent: Proxies\__CG__\App\Entity\PostComment {#1433 …}
+root: Proxies\__CG__\App\Entity\PostComment {#1437 …}
+image: null
+body: """
Laziness sparks innovation, and there could possibly be some other way to drop privileges. There’s loads of stuff I learn about Linux still - and my first install was summer 94\n
\n
Keep at it!
"""
+lang: "en"
+favouriteCount: 2
+score: 0
+lastActive: DateTime @1698969553 {#1756
date: 2023-11-03 00:59:13.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@linux@lemmy.ml"
"@nirogu@vivaldi.net"
"@Oisteink@feddit.nl"
]
+isAdult: false
+updateMark: false
+children: Doctrine\ORM\PersistentCollection {#1428 …}
+nested: Doctrine\ORM\PersistentCollection {#1441 …}
+votes: Doctrine\ORM\PersistentCollection {#1456 …}
+reports: Doctrine\ORM\PersistentCollection {#1788 …}
+favourites: Doctrine\ORM\PersistentCollection {#1656 …}
+notifications: Doctrine\ORM\PersistentCollection {#1655 …}
-id: 621
-bodyTs: "'94':31 'could':6 'drop':13 'first':27 'innov':3 'instal':28 'keep':32 'lazi':1 'learn':21 'linux':23 'load':17 'possibl':7 'privileg':14 'spark':2 'still':24 'stuff':19 'summer':30 'way':11"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://feddit.nl/comment/4262519"
+editedAt: null
+createdAt: DateTimeImmutable @1698969553 {#1634
date: 2023-11-03 00:59:13.0 +01:00
}
}
App\Entity\PostComment {#1582
+user: App\Entity\User {#265 …}
+post: Proxies\__CG__\App\Entity\Post {#1451 …2}
+magazine: Proxies\__CG__\App\Entity\Magazine {#1439 …}
+parent: Proxies\__CG__\App\Entity\PostComment {#1589 …}
+root: Proxies\__CG__\App\Entity\PostComment {#1437 …}
+image: null
+body: "Read your other post and it seems to me that a rebuild of the system to accommodate non-root users would be my preferred solution. Trying to “work around“ issues like this are prone to break as the system is updated/changed. And you’re back to trying to figure out what’s changed and makes your script break."
+lang: "en"
+favouriteCount: 3
+score: 0
+lastActive: DateTime @1698955906 {#1637
date: 2023-11-02 21:11:46.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@linux@lemmy.ml"
"@nirogu@vivaldi.net"
"@Oisteink@feddit.nl"
]
+isAdult: false
+updateMark: false
+children: Doctrine\ORM\PersistentCollection {#1592 …}
+nested: Doctrine\ORM\PersistentCollection {#1578 …}
+votes: Doctrine\ORM\PersistentCollection {#1577 …}
+reports: Doctrine\ORM\PersistentCollection {#1579 …}
+favourites: Doctrine\ORM\PersistentCollection {#1581 …}
+notifications: Doctrine\ORM\PersistentCollection {#1572 …}
-id: 614
-bodyTs: "'accommod':17 'around':30 'back':46 'break':37,59 'chang':54 'figur':50 'issu':31 'like':32 'make':56 'non':19 'non-root':18 'post':4 'prefer':25 'prone':35 're':45 'read':1 'rebuild':12 'root':20 'script':58 'seem':7 'solut':26 'system':15,40 'tri':27,48 'updated/changed':42 'user':21 'work':29 'would':22"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://feddit.nl/comment/4256607"
+editedAt: null
+createdAt: DateTimeImmutable @1698955906 {#1644
date: 2023-11-02 21:11:46.0 +01:00
}
}
App\Entity\PostComment {#1573
+user: App\Entity\User {#265 …}
+post: Proxies\__CG__\App\Entity\Post {#1451 …2}
+magazine: Proxies\__CG__\App\Entity\Magazine {#1439 …}
+parent: Proxies\__CG__\App\Entity\PostComment {#1589 …}
+root: Proxies\__CG__\App\Entity\PostComment {#1437 …}
+image: null
+body: """
Linux privilege only understands user id’s and group id’s. These are mapped through /etc/passwd and /etc/groups. You will see in passwd that the root user has UID 0. Any account you create with UID 0 will have root privileges. So running the command specifying any user with UID!=0 will run without those privileges.\n
\n
It’s also possible to set user on execution with setuid - but that won’t work on scripts only binary executables.\n
\n
[en.wikipedia.org/wiki/Setuid](https://en.wikipedia.org/wiki/Setuid)\n
\n
[en.wikipedia.org/wiki/User_identifier](https://en.wikipedia.org/wiki/User_identifier)\n
\n
[en.wikipedia.org/wiki/Group_identifier](https://en.wikipedia.org/wiki/Group_identifier)
"""
+lang: "en"
+favouriteCount: 2
+score: 0
+lastActive: DateTime @1698955665 {#1571
date: 2023-11-02 21:07:45.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@linux@lemmy.ml"
"@nirogu@vivaldi.net"
"@Oisteink@feddit.nl"
]
+isAdult: false
+updateMark: false
+children: Doctrine\ORM\PersistentCollection {#1585 …}
+nested: Doctrine\ORM\PersistentCollection {#1551 …}
+votes: Doctrine\ORM\PersistentCollection {#1560 …}
+reports: Doctrine\ORM\PersistentCollection {#1526 …}
+favourites: Doctrine\ORM\PersistentCollection {#1527 …}
+notifications: Doctrine\ORM\PersistentCollection {#1525 …}
-id: 613
-bodyTs: "'/etc/groups':18 '/etc/passwd':16 '/wiki/group_identifier](https://en.wikipedia.org/wiki/group_identifier)':86 '/wiki/setuid](https://en.wikipedia.org/wiki/setuid)':80 '/wiki/user_identifier](https://en.wikipedia.org/wiki/user_identifier)':83 '0':30,37,51 'account':32 'also':59 'binari':76 'command':45 'creat':34 'en.wikipedia.org':79,82,85 'en.wikipedia.org/wiki/group_identifier](https://en.wikipedia.org/wiki/group_identifier)':84 'en.wikipedia.org/wiki/setuid](https://en.wikipedia.org/wiki/setuid)':78 'en.wikipedia.org/wiki/user_identifier](https://en.wikipedia.org/wiki/user_identifier)':81 'execut':65,77 'group':9 'id':6,10 'linux':1 'map':14 'passwd':23 'possibl':60 'privileg':2,41,56 'root':26,40 'run':43,53 'script':74 'see':21 'set':62 'setuid':67 'specifi':46 'uid':29,36,50 'understand':4 'user':5,27,48,63 'without':54 'won':70 'work':72"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://feddit.nl/comment/4256522"
+editedAt: DateTimeImmutable @1698955955 {#1424
date: 2023-11-02 21:12:35.0 +01:00
}
+createdAt: DateTimeImmutable @1698955665 {#1635
date: 2023-11-02 21:07:45.0 +01:00
}
}
App\Entity\PostComment {#1564
+user: App\Entity\User {#265 …}
+post: Proxies\__CG__\App\Entity\Post {#1451 …2}
+magazine: Proxies\__CG__\App\Entity\Magazine {#1439 …}
+parent: Proxies\__CG__\App\Entity\PostComment {#1437 …}
+root: Proxies\__CG__\App\Entity\PostComment {#1437 …}
+image: null
+body: """
There’s no way to run a command as another user if that user is not created.\n
\n
[linux.die.net/man/1/runuser](https://linux.die.net/man/1/runuser)\n
\n
Edit:sudo is also an option but I like runuser for your use-case
"""
+lang: "en"
+favouriteCount: 4
+score: 0
+lastActive: DateTime @1698952814 {#1586
date: 2023-11-02 20:20:14.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@linux@lemmy.ml"
"@nirogu@vivaldi.net"
]
+isAdult: false
+updateMark: false
+children: Doctrine\ORM\PersistentCollection {#1566 …}
+nested: Doctrine\ORM\PersistentCollection {#1562 …}
+votes: Doctrine\ORM\PersistentCollection {#1554 …}
+reports: Doctrine\ORM\PersistentCollection {#1556 …}
+favourites: Doctrine\ORM\PersistentCollection {#1555 …}
+notifications: Doctrine\ORM\PersistentCollection {#1620 …}
-id: 611
-bodyTs: "'/man/1/runuser](https://linux.die.net/man/1/runuser)':20 'also':24 'anoth':10 'case':35 'command':8 'creat':17 'edit':21 'like':29 'linux.die.net':19 'linux.die.net/man/1/runuser](https://linux.die.net/man/1/runuser)':18 'option':26 'run':6 'runus':30 'sudo':22 'use':34 'use-cas':33 'user':11,14 'way':4"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://feddit.nl/comment/4255538"
+editedAt: DateTimeImmutable @1698953029 {#1587
date: 2023-11-02 20:23:49.0 +01:00
}
+createdAt: DateTimeImmutable @1698952814 {#1575
date: 2023-11-02 20:20:14.0 +01:00
}
}
]
-id: 286
-bodyTs: "'advanc':103 'anyon':95 'aw':19 'block':65 'break':54 'command':2,16,31,73 'disabl':67 'everyon':8 'execut':35,40 'exist':26,81 'hi':7 'instanc':20,24 'know':96 'linux@lemmy.ml':104 'machin':52 'mention':77 'might':53 'mpirun':41 'not-root':4 'option':93 'particular':23 'privileg':38,70 'recommend':45 'root':6,28,37,84 'run':1,14,47,75 'sudo':49,69,88 'suppos':87 'thank':101 'u':89 'user':29,80 'way':63 'wonder':58 'work':10"
+upVotes: 0
+downVotes: 0
+ranking: 1699037071
+visibility: "visible "
+apId: "https://social.vivaldi.net/users/nirogu/statuses/111342431186356628"
+editedAt: null
+createdAt: DateTimeImmutable @1698950671 {#2652
date: 2023-11-02 19:44:31.0 +01:00
}
+__isInitialized__: true
…2
} |
|
Show voter details
|
| 5 |
DENIED
|
ROLE_USER
|
null |
|
Show voter details
|
| 6 |
DENIED
|
moderate
|
App\Entity\PostComment {#1564
+user: App\Entity\User {#265 …}
+post: Proxies\__CG__\App\Entity\Post {#1451
+user: Proxies\__CG__\App\Entity\User {#2471 …}
+magazine: Proxies\__CG__\App\Entity\Magazine {#1439 …}
+image: null
+slug: "Run-command-as-not-root-Hi-everyone-At-work-I-have"
+body: """
Run command as not-root\n
\n
Hi everyone\n
\n
At work, I have to run a command in an AWS instance. In that particular instance only exists the root user. The command should not be executed with root privileges (it executes mpirun, which is not recommended to run as sudo or the machine might break), so I was wondering if there is a way to block or disable the sudo privileges while the command is running. As mentioned, the only user existing there is root, so I suppose "sudo -u" is not an option.\n
\n
Does anyone know how to do it? Thanks in advance!\n
\n
@linux@lemmy.ml
"""
+lang: "en"
+commentCount: 30
+favouriteCount: 36
+score: 0
+isAdult: false
+sticky: false
+lastActive: DateTime @1699069034 {#2653
date: 2023-11-04 04:37:14.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@linux@lemmy.ml"
]
+comments: Doctrine\ORM\PersistentCollection {#2654 …}
+votes: Doctrine\ORM\PersistentCollection {#2663 …}
+reports: Doctrine\ORM\PersistentCollection {#2665 …}
+favourites: Doctrine\ORM\PersistentCollection {#2697 …}
+notifications: Doctrine\ORM\PersistentCollection {#2693 …}
+children: [
App\Entity\PostComment {#1465
+user: App\Entity\User {#265 …}
+post: Proxies\__CG__\App\Entity\Post {#1451 …2}
+magazine: Proxies\__CG__\App\Entity\Magazine {#1439 …}
+parent: Proxies\__CG__\App\Entity\PostComment {#1433 …}
+root: Proxies\__CG__\App\Entity\PostComment {#1437 …}
+image: null
+body: """
Laziness sparks innovation, and there could possibly be some other way to drop privileges. There’s loads of stuff I learn about Linux still - and my first install was summer 94\n
\n
Keep at it!
"""
+lang: "en"
+favouriteCount: 2
+score: 0
+lastActive: DateTime @1698969553 {#1756
date: 2023-11-03 00:59:13.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@linux@lemmy.ml"
"@nirogu@vivaldi.net"
"@Oisteink@feddit.nl"
]
+isAdult: false
+updateMark: false
+children: Doctrine\ORM\PersistentCollection {#1428 …}
+nested: Doctrine\ORM\PersistentCollection {#1441 …}
+votes: Doctrine\ORM\PersistentCollection {#1456 …}
+reports: Doctrine\ORM\PersistentCollection {#1788 …}
+favourites: Doctrine\ORM\PersistentCollection {#1656 …}
+notifications: Doctrine\ORM\PersistentCollection {#1655 …}
-id: 621
-bodyTs: "'94':31 'could':6 'drop':13 'first':27 'innov':3 'instal':28 'keep':32 'lazi':1 'learn':21 'linux':23 'load':17 'possibl':7 'privileg':14 'spark':2 'still':24 'stuff':19 'summer':30 'way':11"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://feddit.nl/comment/4262519"
+editedAt: null
+createdAt: DateTimeImmutable @1698969553 {#1634
date: 2023-11-03 00:59:13.0 +01:00
}
}
App\Entity\PostComment {#1582
+user: App\Entity\User {#265 …}
+post: Proxies\__CG__\App\Entity\Post {#1451 …2}
+magazine: Proxies\__CG__\App\Entity\Magazine {#1439 …}
+parent: Proxies\__CG__\App\Entity\PostComment {#1589 …}
+root: Proxies\__CG__\App\Entity\PostComment {#1437 …}
+image: null
+body: "Read your other post and it seems to me that a rebuild of the system to accommodate non-root users would be my preferred solution. Trying to “work around“ issues like this are prone to break as the system is updated/changed. And you’re back to trying to figure out what’s changed and makes your script break."
+lang: "en"
+favouriteCount: 3
+score: 0
+lastActive: DateTime @1698955906 {#1637
date: 2023-11-02 21:11:46.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@linux@lemmy.ml"
"@nirogu@vivaldi.net"
"@Oisteink@feddit.nl"
]
+isAdult: false
+updateMark: false
+children: Doctrine\ORM\PersistentCollection {#1592 …}
+nested: Doctrine\ORM\PersistentCollection {#1578 …}
+votes: Doctrine\ORM\PersistentCollection {#1577 …}
+reports: Doctrine\ORM\PersistentCollection {#1579 …}
+favourites: Doctrine\ORM\PersistentCollection {#1581 …}
+notifications: Doctrine\ORM\PersistentCollection {#1572 …}
-id: 614
-bodyTs: "'accommod':17 'around':30 'back':46 'break':37,59 'chang':54 'figur':50 'issu':31 'like':32 'make':56 'non':19 'non-root':18 'post':4 'prefer':25 'prone':35 're':45 'read':1 'rebuild':12 'root':20 'script':58 'seem':7 'solut':26 'system':15,40 'tri':27,48 'updated/changed':42 'user':21 'work':29 'would':22"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://feddit.nl/comment/4256607"
+editedAt: null
+createdAt: DateTimeImmutable @1698955906 {#1644
date: 2023-11-02 21:11:46.0 +01:00
}
}
App\Entity\PostComment {#1573
+user: App\Entity\User {#265 …}
+post: Proxies\__CG__\App\Entity\Post {#1451 …2}
+magazine: Proxies\__CG__\App\Entity\Magazine {#1439 …}
+parent: Proxies\__CG__\App\Entity\PostComment {#1589 …}
+root: Proxies\__CG__\App\Entity\PostComment {#1437 …}
+image: null
+body: """
Linux privilege only understands user id’s and group id’s. These are mapped through /etc/passwd and /etc/groups. You will see in passwd that the root user has UID 0. Any account you create with UID 0 will have root privileges. So running the command specifying any user with UID!=0 will run without those privileges.\n
\n
It’s also possible to set user on execution with setuid - but that won’t work on scripts only binary executables.\n
\n
[en.wikipedia.org/wiki/Setuid](https://en.wikipedia.org/wiki/Setuid)\n
\n
[en.wikipedia.org/wiki/User_identifier](https://en.wikipedia.org/wiki/User_identifier)\n
\n
[en.wikipedia.org/wiki/Group_identifier](https://en.wikipedia.org/wiki/Group_identifier)
"""
+lang: "en"
+favouriteCount: 2
+score: 0
+lastActive: DateTime @1698955665 {#1571
date: 2023-11-02 21:07:45.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@linux@lemmy.ml"
"@nirogu@vivaldi.net"
"@Oisteink@feddit.nl"
]
+isAdult: false
+updateMark: false
+children: Doctrine\ORM\PersistentCollection {#1585 …}
+nested: Doctrine\ORM\PersistentCollection {#1551 …}
+votes: Doctrine\ORM\PersistentCollection {#1560 …}
+reports: Doctrine\ORM\PersistentCollection {#1526 …}
+favourites: Doctrine\ORM\PersistentCollection {#1527 …}
+notifications: Doctrine\ORM\PersistentCollection {#1525 …}
-id: 613
-bodyTs: "'/etc/groups':18 '/etc/passwd':16 '/wiki/group_identifier](https://en.wikipedia.org/wiki/group_identifier)':86 '/wiki/setuid](https://en.wikipedia.org/wiki/setuid)':80 '/wiki/user_identifier](https://en.wikipedia.org/wiki/user_identifier)':83 '0':30,37,51 'account':32 'also':59 'binari':76 'command':45 'creat':34 'en.wikipedia.org':79,82,85 'en.wikipedia.org/wiki/group_identifier](https://en.wikipedia.org/wiki/group_identifier)':84 'en.wikipedia.org/wiki/setuid](https://en.wikipedia.org/wiki/setuid)':78 'en.wikipedia.org/wiki/user_identifier](https://en.wikipedia.org/wiki/user_identifier)':81 'execut':65,77 'group':9 'id':6,10 'linux':1 'map':14 'passwd':23 'possibl':60 'privileg':2,41,56 'root':26,40 'run':43,53 'script':74 'see':21 'set':62 'setuid':67 'specifi':46 'uid':29,36,50 'understand':4 'user':5,27,48,63 'without':54 'won':70 'work':72"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://feddit.nl/comment/4256522"
+editedAt: DateTimeImmutable @1698955955 {#1424
date: 2023-11-02 21:12:35.0 +01:00
}
+createdAt: DateTimeImmutable @1698955665 {#1635
date: 2023-11-02 21:07:45.0 +01:00
}
}
App\Entity\PostComment {#1564}
]
-id: 286
-bodyTs: "'advanc':103 'anyon':95 'aw':19 'block':65 'break':54 'command':2,16,31,73 'disabl':67 'everyon':8 'execut':35,40 'exist':26,81 'hi':7 'instanc':20,24 'know':96 'linux@lemmy.ml':104 'machin':52 'mention':77 'might':53 'mpirun':41 'not-root':4 'option':93 'particular':23 'privileg':38,70 'recommend':45 'root':6,28,37,84 'run':1,14,47,75 'sudo':49,69,88 'suppos':87 'thank':101 'u':89 'user':29,80 'way':63 'wonder':58 'work':10"
+upVotes: 0
+downVotes: 0
+ranking: 1699037071
+visibility: "visible "
+apId: "https://social.vivaldi.net/users/nirogu/statuses/111342431186356628"
+editedAt: null
+createdAt: DateTimeImmutable @1698950671 {#2652
date: 2023-11-02 19:44:31.0 +01:00
}
+__isInitialized__: true
…2
}
+magazine: Proxies\__CG__\App\Entity\Magazine {#1439 …}
+parent: Proxies\__CG__\App\Entity\PostComment {#1437 …}
+root: Proxies\__CG__\App\Entity\PostComment {#1437 …}
+image: null
+body: """
There’s no way to run a command as another user if that user is not created.\n
\n
[linux.die.net/man/1/runuser](https://linux.die.net/man/1/runuser)\n
\n
Edit:sudo is also an option but I like runuser for your use-case
"""
+lang: "en"
+favouriteCount: 4
+score: 0
+lastActive: DateTime @1698952814 {#1586
date: 2023-11-02 20:20:14.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@linux@lemmy.ml"
"@nirogu@vivaldi.net"
]
+isAdult: false
+updateMark: false
+children: Doctrine\ORM\PersistentCollection {#1566 …}
+nested: Doctrine\ORM\PersistentCollection {#1562 …}
+votes: Doctrine\ORM\PersistentCollection {#1554 …}
+reports: Doctrine\ORM\PersistentCollection {#1556 …}
+favourites: Doctrine\ORM\PersistentCollection {#1555 …}
+notifications: Doctrine\ORM\PersistentCollection {#1620 …}
-id: 611
-bodyTs: "'/man/1/runuser](https://linux.die.net/man/1/runuser)':20 'also':24 'anoth':10 'case':35 'command':8 'creat':17 'edit':21 'like':29 'linux.die.net':19 'linux.die.net/man/1/runuser](https://linux.die.net/man/1/runuser)':18 'option':26 'run':6 'runus':30 'sudo':22 'use':34 'use-cas':33 'user':11,14 'way':4"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://feddit.nl/comment/4255538"
+editedAt: DateTimeImmutable @1698953029 {#1587
date: 2023-11-02 20:23:49.0 +01:00
}
+createdAt: DateTimeImmutable @1698952814 {#1575
date: 2023-11-02 20:20:14.0 +01:00
}
} |
|
Show voter details
|
| 7 |
DENIED
|
edit
|
App\Entity\PostComment {#1564
+user: App\Entity\User {#265 …}
+post: Proxies\__CG__\App\Entity\Post {#1451
+user: Proxies\__CG__\App\Entity\User {#2471 …}
+magazine: Proxies\__CG__\App\Entity\Magazine {#1439 …}
+image: null
+slug: "Run-command-as-not-root-Hi-everyone-At-work-I-have"
+body: """
Run command as not-root\n
\n
Hi everyone\n
\n
At work, I have to run a command in an AWS instance. In that particular instance only exists the root user. The command should not be executed with root privileges (it executes mpirun, which is not recommended to run as sudo or the machine might break), so I was wondering if there is a way to block or disable the sudo privileges while the command is running. As mentioned, the only user existing there is root, so I suppose "sudo -u" is not an option.\n
\n
Does anyone know how to do it? Thanks in advance!\n
\n
@linux@lemmy.ml
"""
+lang: "en"
+commentCount: 30
+favouriteCount: 36
+score: 0
+isAdult: false
+sticky: false
+lastActive: DateTime @1699069034 {#2653
date: 2023-11-04 04:37:14.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@linux@lemmy.ml"
]
+comments: Doctrine\ORM\PersistentCollection {#2654 …}
+votes: Doctrine\ORM\PersistentCollection {#2663 …}
+reports: Doctrine\ORM\PersistentCollection {#2665 …}
+favourites: Doctrine\ORM\PersistentCollection {#2697 …}
+notifications: Doctrine\ORM\PersistentCollection {#2693 …}
+children: [
App\Entity\PostComment {#1465
+user: App\Entity\User {#265 …}
+post: Proxies\__CG__\App\Entity\Post {#1451 …2}
+magazine: Proxies\__CG__\App\Entity\Magazine {#1439 …}
+parent: Proxies\__CG__\App\Entity\PostComment {#1433 …}
+root: Proxies\__CG__\App\Entity\PostComment {#1437 …}
+image: null
+body: """
Laziness sparks innovation, and there could possibly be some other way to drop privileges. There’s loads of stuff I learn about Linux still - and my first install was summer 94\n
\n
Keep at it!
"""
+lang: "en"
+favouriteCount: 2
+score: 0
+lastActive: DateTime @1698969553 {#1756
date: 2023-11-03 00:59:13.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@linux@lemmy.ml"
"@nirogu@vivaldi.net"
"@Oisteink@feddit.nl"
]
+isAdult: false
+updateMark: false
+children: Doctrine\ORM\PersistentCollection {#1428 …}
+nested: Doctrine\ORM\PersistentCollection {#1441 …}
+votes: Doctrine\ORM\PersistentCollection {#1456 …}
+reports: Doctrine\ORM\PersistentCollection {#1788 …}
+favourites: Doctrine\ORM\PersistentCollection {#1656 …}
+notifications: Doctrine\ORM\PersistentCollection {#1655 …}
-id: 621
-bodyTs: "'94':31 'could':6 'drop':13 'first':27 'innov':3 'instal':28 'keep':32 'lazi':1 'learn':21 'linux':23 'load':17 'possibl':7 'privileg':14 'spark':2 'still':24 'stuff':19 'summer':30 'way':11"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://feddit.nl/comment/4262519"
+editedAt: null
+createdAt: DateTimeImmutable @1698969553 {#1634
date: 2023-11-03 00:59:13.0 +01:00
}
}
App\Entity\PostComment {#1582
+user: App\Entity\User {#265 …}
+post: Proxies\__CG__\App\Entity\Post {#1451 …2}
+magazine: Proxies\__CG__\App\Entity\Magazine {#1439 …}
+parent: Proxies\__CG__\App\Entity\PostComment {#1589 …}
+root: Proxies\__CG__\App\Entity\PostComment {#1437 …}
+image: null
+body: "Read your other post and it seems to me that a rebuild of the system to accommodate non-root users would be my preferred solution. Trying to “work around“ issues like this are prone to break as the system is updated/changed. And you’re back to trying to figure out what’s changed and makes your script break."
+lang: "en"
+favouriteCount: 3
+score: 0
+lastActive: DateTime @1698955906 {#1637
date: 2023-11-02 21:11:46.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@linux@lemmy.ml"
"@nirogu@vivaldi.net"
"@Oisteink@feddit.nl"
]
+isAdult: false
+updateMark: false
+children: Doctrine\ORM\PersistentCollection {#1592 …}
+nested: Doctrine\ORM\PersistentCollection {#1578 …}
+votes: Doctrine\ORM\PersistentCollection {#1577 …}
+reports: Doctrine\ORM\PersistentCollection {#1579 …}
+favourites: Doctrine\ORM\PersistentCollection {#1581 …}
+notifications: Doctrine\ORM\PersistentCollection {#1572 …}
-id: 614
-bodyTs: "'accommod':17 'around':30 'back':46 'break':37,59 'chang':54 'figur':50 'issu':31 'like':32 'make':56 'non':19 'non-root':18 'post':4 'prefer':25 'prone':35 're':45 'read':1 'rebuild':12 'root':20 'script':58 'seem':7 'solut':26 'system':15,40 'tri':27,48 'updated/changed':42 'user':21 'work':29 'would':22"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://feddit.nl/comment/4256607"
+editedAt: null
+createdAt: DateTimeImmutable @1698955906 {#1644
date: 2023-11-02 21:11:46.0 +01:00
}
}
App\Entity\PostComment {#1573
+user: App\Entity\User {#265 …}
+post: Proxies\__CG__\App\Entity\Post {#1451 …2}
+magazine: Proxies\__CG__\App\Entity\Magazine {#1439 …}
+parent: Proxies\__CG__\App\Entity\PostComment {#1589 …}
+root: Proxies\__CG__\App\Entity\PostComment {#1437 …}
+image: null
+body: """
Linux privilege only understands user id’s and group id’s. These are mapped through /etc/passwd and /etc/groups. You will see in passwd that the root user has UID 0. Any account you create with UID 0 will have root privileges. So running the command specifying any user with UID!=0 will run without those privileges.\n
\n
It’s also possible to set user on execution with setuid - but that won’t work on scripts only binary executables.\n
\n
[en.wikipedia.org/wiki/Setuid](https://en.wikipedia.org/wiki/Setuid)\n
\n
[en.wikipedia.org/wiki/User_identifier](https://en.wikipedia.org/wiki/User_identifier)\n
\n
[en.wikipedia.org/wiki/Group_identifier](https://en.wikipedia.org/wiki/Group_identifier)
"""
+lang: "en"
+favouriteCount: 2
+score: 0
+lastActive: DateTime @1698955665 {#1571
date: 2023-11-02 21:07:45.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@linux@lemmy.ml"
"@nirogu@vivaldi.net"
"@Oisteink@feddit.nl"
]
+isAdult: false
+updateMark: false
+children: Doctrine\ORM\PersistentCollection {#1585 …}
+nested: Doctrine\ORM\PersistentCollection {#1551 …}
+votes: Doctrine\ORM\PersistentCollection {#1560 …}
+reports: Doctrine\ORM\PersistentCollection {#1526 …}
+favourites: Doctrine\ORM\PersistentCollection {#1527 …}
+notifications: Doctrine\ORM\PersistentCollection {#1525 …}
-id: 613
-bodyTs: "'/etc/groups':18 '/etc/passwd':16 '/wiki/group_identifier](https://en.wikipedia.org/wiki/group_identifier)':86 '/wiki/setuid](https://en.wikipedia.org/wiki/setuid)':80 '/wiki/user_identifier](https://en.wikipedia.org/wiki/user_identifier)':83 '0':30,37,51 'account':32 'also':59 'binari':76 'command':45 'creat':34 'en.wikipedia.org':79,82,85 'en.wikipedia.org/wiki/group_identifier](https://en.wikipedia.org/wiki/group_identifier)':84 'en.wikipedia.org/wiki/setuid](https://en.wikipedia.org/wiki/setuid)':78 'en.wikipedia.org/wiki/user_identifier](https://en.wikipedia.org/wiki/user_identifier)':81 'execut':65,77 'group':9 'id':6,10 'linux':1 'map':14 'passwd':23 'possibl':60 'privileg':2,41,56 'root':26,40 'run':43,53 'script':74 'see':21 'set':62 'setuid':67 'specifi':46 'uid':29,36,50 'understand':4 'user':5,27,48,63 'without':54 'won':70 'work':72"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://feddit.nl/comment/4256522"
+editedAt: DateTimeImmutable @1698955955 {#1424
date: 2023-11-02 21:12:35.0 +01:00
}
+createdAt: DateTimeImmutable @1698955665 {#1635
date: 2023-11-02 21:07:45.0 +01:00
}
}
App\Entity\PostComment {#1564}
]
-id: 286
-bodyTs: "'advanc':103 'anyon':95 'aw':19 'block':65 'break':54 'command':2,16,31,73 'disabl':67 'everyon':8 'execut':35,40 'exist':26,81 'hi':7 'instanc':20,24 'know':96 'linux@lemmy.ml':104 'machin':52 'mention':77 'might':53 'mpirun':41 'not-root':4 'option':93 'particular':23 'privileg':38,70 'recommend':45 'root':6,28,37,84 'run':1,14,47,75 'sudo':49,69,88 'suppos':87 'thank':101 'u':89 'user':29,80 'way':63 'wonder':58 'work':10"
+upVotes: 0
+downVotes: 0
+ranking: 1699037071
+visibility: "visible "
+apId: "https://social.vivaldi.net/users/nirogu/statuses/111342431186356628"
+editedAt: null
+createdAt: DateTimeImmutable @1698950671 {#2652
date: 2023-11-02 19:44:31.0 +01:00
}
+__isInitialized__: true
…2
}
+magazine: Proxies\__CG__\App\Entity\Magazine {#1439 …}
+parent: Proxies\__CG__\App\Entity\PostComment {#1437 …}
+root: Proxies\__CG__\App\Entity\PostComment {#1437 …}
+image: null
+body: """
There’s no way to run a command as another user if that user is not created.\n
\n
[linux.die.net/man/1/runuser](https://linux.die.net/man/1/runuser)\n
\n
Edit:sudo is also an option but I like runuser for your use-case
"""
+lang: "en"
+favouriteCount: 4
+score: 0
+lastActive: DateTime @1698952814 {#1586
date: 2023-11-02 20:20:14.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@linux@lemmy.ml"
"@nirogu@vivaldi.net"
]
+isAdult: false
+updateMark: false
+children: Doctrine\ORM\PersistentCollection {#1566 …}
+nested: Doctrine\ORM\PersistentCollection {#1562 …}
+votes: Doctrine\ORM\PersistentCollection {#1554 …}
+reports: Doctrine\ORM\PersistentCollection {#1556 …}
+favourites: Doctrine\ORM\PersistentCollection {#1555 …}
+notifications: Doctrine\ORM\PersistentCollection {#1620 …}
-id: 611
-bodyTs: "'/man/1/runuser](https://linux.die.net/man/1/runuser)':20 'also':24 'anoth':10 'case':35 'command':8 'creat':17 'edit':21 'like':29 'linux.die.net':19 'linux.die.net/man/1/runuser](https://linux.die.net/man/1/runuser)':18 'option':26 'run':6 'runus':30 'sudo':22 'use':34 'use-cas':33 'user':11,14 'way':4"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://feddit.nl/comment/4255538"
+editedAt: DateTimeImmutable @1698953029 {#1587
date: 2023-11-02 20:23:49.0 +01:00
}
+createdAt: DateTimeImmutable @1698952814 {#1575
date: 2023-11-02 20:20:14.0 +01:00
}
} |
|
Show voter details
|
| 8 |
DENIED
|
moderate
|
App\Entity\PostComment {#1564
+user: App\Entity\User {#265 …}
+post: Proxies\__CG__\App\Entity\Post {#1451
+user: Proxies\__CG__\App\Entity\User {#2471 …}
+magazine: Proxies\__CG__\App\Entity\Magazine {#1439 …}
+image: null
+slug: "Run-command-as-not-root-Hi-everyone-At-work-I-have"
+body: """
Run command as not-root\n
\n
Hi everyone\n
\n
At work, I have to run a command in an AWS instance. In that particular instance only exists the root user. The command should not be executed with root privileges (it executes mpirun, which is not recommended to run as sudo or the machine might break), so I was wondering if there is a way to block or disable the sudo privileges while the command is running. As mentioned, the only user existing there is root, so I suppose "sudo -u" is not an option.\n
\n
Does anyone know how to do it? Thanks in advance!\n
\n
@linux@lemmy.ml
"""
+lang: "en"
+commentCount: 30
+favouriteCount: 36
+score: 0
+isAdult: false
+sticky: false
+lastActive: DateTime @1699069034 {#2653
date: 2023-11-04 04:37:14.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@linux@lemmy.ml"
]
+comments: Doctrine\ORM\PersistentCollection {#2654 …}
+votes: Doctrine\ORM\PersistentCollection {#2663 …}
+reports: Doctrine\ORM\PersistentCollection {#2665 …}
+favourites: Doctrine\ORM\PersistentCollection {#2697 …}
+notifications: Doctrine\ORM\PersistentCollection {#2693 …}
+children: [
App\Entity\PostComment {#1465
+user: App\Entity\User {#265 …}
+post: Proxies\__CG__\App\Entity\Post {#1451 …2}
+magazine: Proxies\__CG__\App\Entity\Magazine {#1439 …}
+parent: Proxies\__CG__\App\Entity\PostComment {#1433 …}
+root: Proxies\__CG__\App\Entity\PostComment {#1437 …}
+image: null
+body: """
Laziness sparks innovation, and there could possibly be some other way to drop privileges. There’s loads of stuff I learn about Linux still - and my first install was summer 94\n
\n
Keep at it!
"""
+lang: "en"
+favouriteCount: 2
+score: 0
+lastActive: DateTime @1698969553 {#1756
date: 2023-11-03 00:59:13.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@linux@lemmy.ml"
"@nirogu@vivaldi.net"
"@Oisteink@feddit.nl"
]
+isAdult: false
+updateMark: false
+children: Doctrine\ORM\PersistentCollection {#1428 …}
+nested: Doctrine\ORM\PersistentCollection {#1441 …}
+votes: Doctrine\ORM\PersistentCollection {#1456 …}
+reports: Doctrine\ORM\PersistentCollection {#1788 …}
+favourites: Doctrine\ORM\PersistentCollection {#1656 …}
+notifications: Doctrine\ORM\PersistentCollection {#1655 …}
-id: 621
-bodyTs: "'94':31 'could':6 'drop':13 'first':27 'innov':3 'instal':28 'keep':32 'lazi':1 'learn':21 'linux':23 'load':17 'possibl':7 'privileg':14 'spark':2 'still':24 'stuff':19 'summer':30 'way':11"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://feddit.nl/comment/4262519"
+editedAt: null
+createdAt: DateTimeImmutable @1698969553 {#1634
date: 2023-11-03 00:59:13.0 +01:00
}
}
App\Entity\PostComment {#1582
+user: App\Entity\User {#265 …}
+post: Proxies\__CG__\App\Entity\Post {#1451 …2}
+magazine: Proxies\__CG__\App\Entity\Magazine {#1439 …}
+parent: Proxies\__CG__\App\Entity\PostComment {#1589 …}
+root: Proxies\__CG__\App\Entity\PostComment {#1437 …}
+image: null
+body: "Read your other post and it seems to me that a rebuild of the system to accommodate non-root users would be my preferred solution. Trying to “work around“ issues like this are prone to break as the system is updated/changed. And you’re back to trying to figure out what’s changed and makes your script break."
+lang: "en"
+favouriteCount: 3
+score: 0
+lastActive: DateTime @1698955906 {#1637
date: 2023-11-02 21:11:46.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@linux@lemmy.ml"
"@nirogu@vivaldi.net"
"@Oisteink@feddit.nl"
]
+isAdult: false
+updateMark: false
+children: Doctrine\ORM\PersistentCollection {#1592 …}
+nested: Doctrine\ORM\PersistentCollection {#1578 …}
+votes: Doctrine\ORM\PersistentCollection {#1577 …}
+reports: Doctrine\ORM\PersistentCollection {#1579 …}
+favourites: Doctrine\ORM\PersistentCollection {#1581 …}
+notifications: Doctrine\ORM\PersistentCollection {#1572 …}
-id: 614
-bodyTs: "'accommod':17 'around':30 'back':46 'break':37,59 'chang':54 'figur':50 'issu':31 'like':32 'make':56 'non':19 'non-root':18 'post':4 'prefer':25 'prone':35 're':45 'read':1 'rebuild':12 'root':20 'script':58 'seem':7 'solut':26 'system':15,40 'tri':27,48 'updated/changed':42 'user':21 'work':29 'would':22"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://feddit.nl/comment/4256607"
+editedAt: null
+createdAt: DateTimeImmutable @1698955906 {#1644
date: 2023-11-02 21:11:46.0 +01:00
}
}
App\Entity\PostComment {#1573
+user: App\Entity\User {#265 …}
+post: Proxies\__CG__\App\Entity\Post {#1451 …2}
+magazine: Proxies\__CG__\App\Entity\Magazine {#1439 …}
+parent: Proxies\__CG__\App\Entity\PostComment {#1589 …}
+root: Proxies\__CG__\App\Entity\PostComment {#1437 …}
+image: null
+body: """
Linux privilege only understands user id’s and group id’s. These are mapped through /etc/passwd and /etc/groups. You will see in passwd that the root user has UID 0. Any account you create with UID 0 will have root privileges. So running the command specifying any user with UID!=0 will run without those privileges.\n
\n
It’s also possible to set user on execution with setuid - but that won’t work on scripts only binary executables.\n
\n
[en.wikipedia.org/wiki/Setuid](https://en.wikipedia.org/wiki/Setuid)\n
\n
[en.wikipedia.org/wiki/User_identifier](https://en.wikipedia.org/wiki/User_identifier)\n
\n
[en.wikipedia.org/wiki/Group_identifier](https://en.wikipedia.org/wiki/Group_identifier)
"""
+lang: "en"
+favouriteCount: 2
+score: 0
+lastActive: DateTime @1698955665 {#1571
date: 2023-11-02 21:07:45.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@linux@lemmy.ml"
"@nirogu@vivaldi.net"
"@Oisteink@feddit.nl"
]
+isAdult: false
+updateMark: false
+children: Doctrine\ORM\PersistentCollection {#1585 …}
+nested: Doctrine\ORM\PersistentCollection {#1551 …}
+votes: Doctrine\ORM\PersistentCollection {#1560 …}
+reports: Doctrine\ORM\PersistentCollection {#1526 …}
+favourites: Doctrine\ORM\PersistentCollection {#1527 …}
+notifications: Doctrine\ORM\PersistentCollection {#1525 …}
-id: 613
-bodyTs: "'/etc/groups':18 '/etc/passwd':16 '/wiki/group_identifier](https://en.wikipedia.org/wiki/group_identifier)':86 '/wiki/setuid](https://en.wikipedia.org/wiki/setuid)':80 '/wiki/user_identifier](https://en.wikipedia.org/wiki/user_identifier)':83 '0':30,37,51 'account':32 'also':59 'binari':76 'command':45 'creat':34 'en.wikipedia.org':79,82,85 'en.wikipedia.org/wiki/group_identifier](https://en.wikipedia.org/wiki/group_identifier)':84 'en.wikipedia.org/wiki/setuid](https://en.wikipedia.org/wiki/setuid)':78 'en.wikipedia.org/wiki/user_identifier](https://en.wikipedia.org/wiki/user_identifier)':81 'execut':65,77 'group':9 'id':6,10 'linux':1 'map':14 'passwd':23 'possibl':60 'privileg':2,41,56 'root':26,40 'run':43,53 'script':74 'see':21 'set':62 'setuid':67 'specifi':46 'uid':29,36,50 'understand':4 'user':5,27,48,63 'without':54 'won':70 'work':72"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://feddit.nl/comment/4256522"
+editedAt: DateTimeImmutable @1698955955 {#1424
date: 2023-11-02 21:12:35.0 +01:00
}
+createdAt: DateTimeImmutable @1698955665 {#1635
date: 2023-11-02 21:07:45.0 +01:00
}
}
App\Entity\PostComment {#1564}
]
-id: 286
-bodyTs: "'advanc':103 'anyon':95 'aw':19 'block':65 'break':54 'command':2,16,31,73 'disabl':67 'everyon':8 'execut':35,40 'exist':26,81 'hi':7 'instanc':20,24 'know':96 'linux@lemmy.ml':104 'machin':52 'mention':77 'might':53 'mpirun':41 'not-root':4 'option':93 'particular':23 'privileg':38,70 'recommend':45 'root':6,28,37,84 'run':1,14,47,75 'sudo':49,69,88 'suppos':87 'thank':101 'u':89 'user':29,80 'way':63 'wonder':58 'work':10"
+upVotes: 0
+downVotes: 0
+ranking: 1699037071
+visibility: "visible "
+apId: "https://social.vivaldi.net/users/nirogu/statuses/111342431186356628"
+editedAt: null
+createdAt: DateTimeImmutable @1698950671 {#2652
date: 2023-11-02 19:44:31.0 +01:00
}
+__isInitialized__: true
…2
}
+magazine: Proxies\__CG__\App\Entity\Magazine {#1439 …}
+parent: Proxies\__CG__\App\Entity\PostComment {#1437 …}
+root: Proxies\__CG__\App\Entity\PostComment {#1437 …}
+image: null
+body: """
There’s no way to run a command as another user if that user is not created.\n
\n
[linux.die.net/man/1/runuser](https://linux.die.net/man/1/runuser)\n
\n
Edit:sudo is also an option but I like runuser for your use-case
"""
+lang: "en"
+favouriteCount: 4
+score: 0
+lastActive: DateTime @1698952814 {#1586
date: 2023-11-02 20:20:14.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@linux@lemmy.ml"
"@nirogu@vivaldi.net"
]
+isAdult: false
+updateMark: false
+children: Doctrine\ORM\PersistentCollection {#1566 …}
+nested: Doctrine\ORM\PersistentCollection {#1562 …}
+votes: Doctrine\ORM\PersistentCollection {#1554 …}
+reports: Doctrine\ORM\PersistentCollection {#1556 …}
+favourites: Doctrine\ORM\PersistentCollection {#1555 …}
+notifications: Doctrine\ORM\PersistentCollection {#1620 …}
-id: 611
-bodyTs: "'/man/1/runuser](https://linux.die.net/man/1/runuser)':20 'also':24 'anoth':10 'case':35 'command':8 'creat':17 'edit':21 'like':29 'linux.die.net':19 'linux.die.net/man/1/runuser](https://linux.die.net/man/1/runuser)':18 'option':26 'run':6 'runus':30 'sudo':22 'use':34 'use-cas':33 'user':11,14 'way':4"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://feddit.nl/comment/4255538"
+editedAt: DateTimeImmutable @1698953029 {#1587
date: 2023-11-02 20:23:49.0 +01:00
}
+createdAt: DateTimeImmutable @1698952814 {#1575
date: 2023-11-02 20:20:14.0 +01:00
}
} |
|
Show voter details
|
| 9 |
DENIED
|
ROLE_USER
|
null |
|
Show voter details
|
| 10 |
DENIED
|
moderate
|
App\Entity\PostComment {#1573
+user: App\Entity\User {#265 …}
+post: Proxies\__CG__\App\Entity\Post {#1451
+user: Proxies\__CG__\App\Entity\User {#2471 …}
+magazine: Proxies\__CG__\App\Entity\Magazine {#1439 …}
+image: null
+slug: "Run-command-as-not-root-Hi-everyone-At-work-I-have"
+body: """
Run command as not-root\n
\n
Hi everyone\n
\n
At work, I have to run a command in an AWS instance. In that particular instance only exists the root user. The command should not be executed with root privileges (it executes mpirun, which is not recommended to run as sudo or the machine might break), so I was wondering if there is a way to block or disable the sudo privileges while the command is running. As mentioned, the only user existing there is root, so I suppose "sudo -u" is not an option.\n
\n
Does anyone know how to do it? Thanks in advance!\n
\n
@linux@lemmy.ml
"""
+lang: "en"
+commentCount: 30
+favouriteCount: 36
+score: 0
+isAdult: false
+sticky: false
+lastActive: DateTime @1699069034 {#2653
date: 2023-11-04 04:37:14.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@linux@lemmy.ml"
]
+comments: Doctrine\ORM\PersistentCollection {#2654 …}
+votes: Doctrine\ORM\PersistentCollection {#2663 …}
+reports: Doctrine\ORM\PersistentCollection {#2665 …}
+favourites: Doctrine\ORM\PersistentCollection {#2697 …}
+notifications: Doctrine\ORM\PersistentCollection {#2693 …}
+children: [
App\Entity\PostComment {#1465
+user: App\Entity\User {#265 …}
+post: Proxies\__CG__\App\Entity\Post {#1451 …2}
+magazine: Proxies\__CG__\App\Entity\Magazine {#1439 …}
+parent: Proxies\__CG__\App\Entity\PostComment {#1433 …}
+root: Proxies\__CG__\App\Entity\PostComment {#1437 …}
+image: null
+body: """
Laziness sparks innovation, and there could possibly be some other way to drop privileges. There’s loads of stuff I learn about Linux still - and my first install was summer 94\n
\n
Keep at it!
"""
+lang: "en"
+favouriteCount: 2
+score: 0
+lastActive: DateTime @1698969553 {#1756
date: 2023-11-03 00:59:13.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@linux@lemmy.ml"
"@nirogu@vivaldi.net"
"@Oisteink@feddit.nl"
]
+isAdult: false
+updateMark: false
+children: Doctrine\ORM\PersistentCollection {#1428 …}
+nested: Doctrine\ORM\PersistentCollection {#1441 …}
+votes: Doctrine\ORM\PersistentCollection {#1456 …}
+reports: Doctrine\ORM\PersistentCollection {#1788 …}
+favourites: Doctrine\ORM\PersistentCollection {#1656 …}
+notifications: Doctrine\ORM\PersistentCollection {#1655 …}
-id: 621
-bodyTs: "'94':31 'could':6 'drop':13 'first':27 'innov':3 'instal':28 'keep':32 'lazi':1 'learn':21 'linux':23 'load':17 'possibl':7 'privileg':14 'spark':2 'still':24 'stuff':19 'summer':30 'way':11"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://feddit.nl/comment/4262519"
+editedAt: null
+createdAt: DateTimeImmutable @1698969553 {#1634
date: 2023-11-03 00:59:13.0 +01:00
}
}
App\Entity\PostComment {#1582
+user: App\Entity\User {#265 …}
+post: Proxies\__CG__\App\Entity\Post {#1451 …2}
+magazine: Proxies\__CG__\App\Entity\Magazine {#1439 …}
+parent: Proxies\__CG__\App\Entity\PostComment {#1589 …}
+root: Proxies\__CG__\App\Entity\PostComment {#1437 …}
+image: null
+body: "Read your other post and it seems to me that a rebuild of the system to accommodate non-root users would be my preferred solution. Trying to “work around“ issues like this are prone to break as the system is updated/changed. And you’re back to trying to figure out what’s changed and makes your script break."
+lang: "en"
+favouriteCount: 3
+score: 0
+lastActive: DateTime @1698955906 {#1637
date: 2023-11-02 21:11:46.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@linux@lemmy.ml"
"@nirogu@vivaldi.net"
"@Oisteink@feddit.nl"
]
+isAdult: false
+updateMark: false
+children: Doctrine\ORM\PersistentCollection {#1592 …}
+nested: Doctrine\ORM\PersistentCollection {#1578 …}
+votes: Doctrine\ORM\PersistentCollection {#1577 …}
+reports: Doctrine\ORM\PersistentCollection {#1579 …}
+favourites: Doctrine\ORM\PersistentCollection {#1581 …}
+notifications: Doctrine\ORM\PersistentCollection {#1572 …}
-id: 614
-bodyTs: "'accommod':17 'around':30 'back':46 'break':37,59 'chang':54 'figur':50 'issu':31 'like':32 'make':56 'non':19 'non-root':18 'post':4 'prefer':25 'prone':35 're':45 'read':1 'rebuild':12 'root':20 'script':58 'seem':7 'solut':26 'system':15,40 'tri':27,48 'updated/changed':42 'user':21 'work':29 'would':22"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://feddit.nl/comment/4256607"
+editedAt: null
+createdAt: DateTimeImmutable @1698955906 {#1644
date: 2023-11-02 21:11:46.0 +01:00
}
}
App\Entity\PostComment {#1573}
App\Entity\PostComment {#1564
+user: App\Entity\User {#265 …}
+post: Proxies\__CG__\App\Entity\Post {#1451 …2}
+magazine: Proxies\__CG__\App\Entity\Magazine {#1439 …}
+parent: Proxies\__CG__\App\Entity\PostComment {#1437 …}
+root: Proxies\__CG__\App\Entity\PostComment {#1437 …}
+image: null
+body: """
There’s no way to run a command as another user if that user is not created.\n
\n
[linux.die.net/man/1/runuser](https://linux.die.net/man/1/runuser)\n
\n
Edit:sudo is also an option but I like runuser for your use-case
"""
+lang: "en"
+favouriteCount: 4
+score: 0
+lastActive: DateTime @1698952814 {#1586
date: 2023-11-02 20:20:14.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@linux@lemmy.ml"
"@nirogu@vivaldi.net"
]
+isAdult: false
+updateMark: false
+children: Doctrine\ORM\PersistentCollection {#1566 …}
+nested: Doctrine\ORM\PersistentCollection {#1562 …}
+votes: Doctrine\ORM\PersistentCollection {#1554 …}
+reports: Doctrine\ORM\PersistentCollection {#1556 …}
+favourites: Doctrine\ORM\PersistentCollection {#1555 …}
+notifications: Doctrine\ORM\PersistentCollection {#1620 …}
-id: 611
-bodyTs: "'/man/1/runuser](https://linux.die.net/man/1/runuser)':20 'also':24 'anoth':10 'case':35 'command':8 'creat':17 'edit':21 'like':29 'linux.die.net':19 'linux.die.net/man/1/runuser](https://linux.die.net/man/1/runuser)':18 'option':26 'run':6 'runus':30 'sudo':22 'use':34 'use-cas':33 'user':11,14 'way':4"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://feddit.nl/comment/4255538"
+editedAt: DateTimeImmutable @1698953029 {#1587
date: 2023-11-02 20:23:49.0 +01:00
}
+createdAt: DateTimeImmutable @1698952814 {#1575
date: 2023-11-02 20:20:14.0 +01:00
}
}
]
-id: 286
-bodyTs: "'advanc':103 'anyon':95 'aw':19 'block':65 'break':54 'command':2,16,31,73 'disabl':67 'everyon':8 'execut':35,40 'exist':26,81 'hi':7 'instanc':20,24 'know':96 'linux@lemmy.ml':104 'machin':52 'mention':77 'might':53 'mpirun':41 'not-root':4 'option':93 'particular':23 'privileg':38,70 'recommend':45 'root':6,28,37,84 'run':1,14,47,75 'sudo':49,69,88 'suppos':87 'thank':101 'u':89 'user':29,80 'way':63 'wonder':58 'work':10"
+upVotes: 0
+downVotes: 0
+ranking: 1699037071
+visibility: "visible "
+apId: "https://social.vivaldi.net/users/nirogu/statuses/111342431186356628"
+editedAt: null
+createdAt: DateTimeImmutable @1698950671 {#2652
date: 2023-11-02 19:44:31.0 +01:00
}
+__isInitialized__: true
…2
}
+magazine: Proxies\__CG__\App\Entity\Magazine {#1439 …}
+parent: Proxies\__CG__\App\Entity\PostComment {#1589 …}
+root: Proxies\__CG__\App\Entity\PostComment {#1437 …}
+image: null
+body: """
Linux privilege only understands user id’s and group id’s. These are mapped through /etc/passwd and /etc/groups. You will see in passwd that the root user has UID 0. Any account you create with UID 0 will have root privileges. So running the command specifying any user with UID!=0 will run without those privileges.\n
\n
It’s also possible to set user on execution with setuid - but that won’t work on scripts only binary executables.\n
\n
[en.wikipedia.org/wiki/Setuid](https://en.wikipedia.org/wiki/Setuid)\n
\n
[en.wikipedia.org/wiki/User_identifier](https://en.wikipedia.org/wiki/User_identifier)\n
\n
[en.wikipedia.org/wiki/Group_identifier](https://en.wikipedia.org/wiki/Group_identifier)
"""
+lang: "en"
+favouriteCount: 2
+score: 0
+lastActive: DateTime @1698955665 {#1571
date: 2023-11-02 21:07:45.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@linux@lemmy.ml"
"@nirogu@vivaldi.net"
"@Oisteink@feddit.nl"
]
+isAdult: false
+updateMark: false
+children: Doctrine\ORM\PersistentCollection {#1585 …}
+nested: Doctrine\ORM\PersistentCollection {#1551 …}
+votes: Doctrine\ORM\PersistentCollection {#1560 …}
+reports: Doctrine\ORM\PersistentCollection {#1526 …}
+favourites: Doctrine\ORM\PersistentCollection {#1527 …}
+notifications: Doctrine\ORM\PersistentCollection {#1525 …}
-id: 613
-bodyTs: "'/etc/groups':18 '/etc/passwd':16 '/wiki/group_identifier](https://en.wikipedia.org/wiki/group_identifier)':86 '/wiki/setuid](https://en.wikipedia.org/wiki/setuid)':80 '/wiki/user_identifier](https://en.wikipedia.org/wiki/user_identifier)':83 '0':30,37,51 'account':32 'also':59 'binari':76 'command':45 'creat':34 'en.wikipedia.org':79,82,85 'en.wikipedia.org/wiki/group_identifier](https://en.wikipedia.org/wiki/group_identifier)':84 'en.wikipedia.org/wiki/setuid](https://en.wikipedia.org/wiki/setuid)':78 'en.wikipedia.org/wiki/user_identifier](https://en.wikipedia.org/wiki/user_identifier)':81 'execut':65,77 'group':9 'id':6,10 'linux':1 'map':14 'passwd':23 'possibl':60 'privileg':2,41,56 'root':26,40 'run':43,53 'script':74 'see':21 'set':62 'setuid':67 'specifi':46 'uid':29,36,50 'understand':4 'user':5,27,48,63 'without':54 'won':70 'work':72"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://feddit.nl/comment/4256522"
+editedAt: DateTimeImmutable @1698955955 {#1424
date: 2023-11-02 21:12:35.0 +01:00
}
+createdAt: DateTimeImmutable @1698955665 {#1635
date: 2023-11-02 21:07:45.0 +01:00
}
} |
|
Show voter details
|
| 11 |
DENIED
|
edit
|
App\Entity\PostComment {#1573
+user: App\Entity\User {#265 …}
+post: Proxies\__CG__\App\Entity\Post {#1451
+user: Proxies\__CG__\App\Entity\User {#2471 …}
+magazine: Proxies\__CG__\App\Entity\Magazine {#1439 …}
+image: null
+slug: "Run-command-as-not-root-Hi-everyone-At-work-I-have"
+body: """
Run command as not-root\n
\n
Hi everyone\n
\n
At work, I have to run a command in an AWS instance. In that particular instance only exists the root user. The command should not be executed with root privileges (it executes mpirun, which is not recommended to run as sudo or the machine might break), so I was wondering if there is a way to block or disable the sudo privileges while the command is running. As mentioned, the only user existing there is root, so I suppose "sudo -u" is not an option.\n
\n
Does anyone know how to do it? Thanks in advance!\n
\n
@linux@lemmy.ml
"""
+lang: "en"
+commentCount: 30
+favouriteCount: 36
+score: 0
+isAdult: false
+sticky: false
+lastActive: DateTime @1699069034 {#2653
date: 2023-11-04 04:37:14.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@linux@lemmy.ml"
]
+comments: Doctrine\ORM\PersistentCollection {#2654 …}
+votes: Doctrine\ORM\PersistentCollection {#2663 …}
+reports: Doctrine\ORM\PersistentCollection {#2665 …}
+favourites: Doctrine\ORM\PersistentCollection {#2697 …}
+notifications: Doctrine\ORM\PersistentCollection {#2693 …}
+children: [
App\Entity\PostComment {#1465
+user: App\Entity\User {#265 …}
+post: Proxies\__CG__\App\Entity\Post {#1451 …2}
+magazine: Proxies\__CG__\App\Entity\Magazine {#1439 …}
+parent: Proxies\__CG__\App\Entity\PostComment {#1433 …}
+root: Proxies\__CG__\App\Entity\PostComment {#1437 …}
+image: null
+body: """
Laziness sparks innovation, and there could possibly be some other way to drop privileges. There’s loads of stuff I learn about Linux still - and my first install was summer 94\n
\n
Keep at it!
"""
+lang: "en"
+favouriteCount: 2
+score: 0
+lastActive: DateTime @1698969553 {#1756
date: 2023-11-03 00:59:13.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@linux@lemmy.ml"
"@nirogu@vivaldi.net"
"@Oisteink@feddit.nl"
]
+isAdult: false
+updateMark: false
+children: Doctrine\ORM\PersistentCollection {#1428 …}
+nested: Doctrine\ORM\PersistentCollection {#1441 …}
+votes: Doctrine\ORM\PersistentCollection {#1456 …}
+reports: Doctrine\ORM\PersistentCollection {#1788 …}
+favourites: Doctrine\ORM\PersistentCollection {#1656 …}
+notifications: Doctrine\ORM\PersistentCollection {#1655 …}
-id: 621
-bodyTs: "'94':31 'could':6 'drop':13 'first':27 'innov':3 'instal':28 'keep':32 'lazi':1 'learn':21 'linux':23 'load':17 'possibl':7 'privileg':14 'spark':2 'still':24 'stuff':19 'summer':30 'way':11"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://feddit.nl/comment/4262519"
+editedAt: null
+createdAt: DateTimeImmutable @1698969553 {#1634
date: 2023-11-03 00:59:13.0 +01:00
}
}
App\Entity\PostComment {#1582
+user: App\Entity\User {#265 …}
+post: Proxies\__CG__\App\Entity\Post {#1451 …2}
+magazine: Proxies\__CG__\App\Entity\Magazine {#1439 …}
+parent: Proxies\__CG__\App\Entity\PostComment {#1589 …}
+root: Proxies\__CG__\App\Entity\PostComment {#1437 …}
+image: null
+body: "Read your other post and it seems to me that a rebuild of the system to accommodate non-root users would be my preferred solution. Trying to “work around“ issues like this are prone to break as the system is updated/changed. And you’re back to trying to figure out what’s changed and makes your script break."
+lang: "en"
+favouriteCount: 3
+score: 0
+lastActive: DateTime @1698955906 {#1637
date: 2023-11-02 21:11:46.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@linux@lemmy.ml"
"@nirogu@vivaldi.net"
"@Oisteink@feddit.nl"
]
+isAdult: false
+updateMark: false
+children: Doctrine\ORM\PersistentCollection {#1592 …}
+nested: Doctrine\ORM\PersistentCollection {#1578 …}
+votes: Doctrine\ORM\PersistentCollection {#1577 …}
+reports: Doctrine\ORM\PersistentCollection {#1579 …}
+favourites: Doctrine\ORM\PersistentCollection {#1581 …}
+notifications: Doctrine\ORM\PersistentCollection {#1572 …}
-id: 614
-bodyTs: "'accommod':17 'around':30 'back':46 'break':37,59 'chang':54 'figur':50 'issu':31 'like':32 'make':56 'non':19 'non-root':18 'post':4 'prefer':25 'prone':35 're':45 'read':1 'rebuild':12 'root':20 'script':58 'seem':7 'solut':26 'system':15,40 'tri':27,48 'updated/changed':42 'user':21 'work':29 'would':22"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://feddit.nl/comment/4256607"
+editedAt: null
+createdAt: DateTimeImmutable @1698955906 {#1644
date: 2023-11-02 21:11:46.0 +01:00
}
}
App\Entity\PostComment {#1573}
App\Entity\PostComment {#1564
+user: App\Entity\User {#265 …}
+post: Proxies\__CG__\App\Entity\Post {#1451 …2}
+magazine: Proxies\__CG__\App\Entity\Magazine {#1439 …}
+parent: Proxies\__CG__\App\Entity\PostComment {#1437 …}
+root: Proxies\__CG__\App\Entity\PostComment {#1437 …}
+image: null
+body: """
There’s no way to run a command as another user if that user is not created.\n
\n
[linux.die.net/man/1/runuser](https://linux.die.net/man/1/runuser)\n
\n
Edit:sudo is also an option but I like runuser for your use-case
"""
+lang: "en"
+favouriteCount: 4
+score: 0
+lastActive: DateTime @1698952814 {#1586
date: 2023-11-02 20:20:14.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@linux@lemmy.ml"
"@nirogu@vivaldi.net"
]
+isAdult: false
+updateMark: false
+children: Doctrine\ORM\PersistentCollection {#1566 …}
+nested: Doctrine\ORM\PersistentCollection {#1562 …}
+votes: Doctrine\ORM\PersistentCollection {#1554 …}
+reports: Doctrine\ORM\PersistentCollection {#1556 …}
+favourites: Doctrine\ORM\PersistentCollection {#1555 …}
+notifications: Doctrine\ORM\PersistentCollection {#1620 …}
-id: 611
-bodyTs: "'/man/1/runuser](https://linux.die.net/man/1/runuser)':20 'also':24 'anoth':10 'case':35 'command':8 'creat':17 'edit':21 'like':29 'linux.die.net':19 'linux.die.net/man/1/runuser](https://linux.die.net/man/1/runuser)':18 'option':26 'run':6 'runus':30 'sudo':22 'use':34 'use-cas':33 'user':11,14 'way':4"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://feddit.nl/comment/4255538"
+editedAt: DateTimeImmutable @1698953029 {#1587
date: 2023-11-02 20:23:49.0 +01:00
}
+createdAt: DateTimeImmutable @1698952814 {#1575
date: 2023-11-02 20:20:14.0 +01:00
}
}
]
-id: 286
-bodyTs: "'advanc':103 'anyon':95 'aw':19 'block':65 'break':54 'command':2,16,31,73 'disabl':67 'everyon':8 'execut':35,40 'exist':26,81 'hi':7 'instanc':20,24 'know':96 'linux@lemmy.ml':104 'machin':52 'mention':77 'might':53 'mpirun':41 'not-root':4 'option':93 'particular':23 'privileg':38,70 'recommend':45 'root':6,28,37,84 'run':1,14,47,75 'sudo':49,69,88 'suppos':87 'thank':101 'u':89 'user':29,80 'way':63 'wonder':58 'work':10"
+upVotes: 0
+downVotes: 0
+ranking: 1699037071
+visibility: "visible "
+apId: "https://social.vivaldi.net/users/nirogu/statuses/111342431186356628"
+editedAt: null
+createdAt: DateTimeImmutable @1698950671 {#2652
date: 2023-11-02 19:44:31.0 +01:00
}
+__isInitialized__: true
…2
}
+magazine: Proxies\__CG__\App\Entity\Magazine {#1439 …}
+parent: Proxies\__CG__\App\Entity\PostComment {#1589 …}
+root: Proxies\__CG__\App\Entity\PostComment {#1437 …}
+image: null
+body: """
Linux privilege only understands user id’s and group id’s. These are mapped through /etc/passwd and /etc/groups. You will see in passwd that the root user has UID 0. Any account you create with UID 0 will have root privileges. So running the command specifying any user with UID!=0 will run without those privileges.\n
\n
It’s also possible to set user on execution with setuid - but that won’t work on scripts only binary executables.\n
\n
[en.wikipedia.org/wiki/Setuid](https://en.wikipedia.org/wiki/Setuid)\n
\n
[en.wikipedia.org/wiki/User_identifier](https://en.wikipedia.org/wiki/User_identifier)\n
\n
[en.wikipedia.org/wiki/Group_identifier](https://en.wikipedia.org/wiki/Group_identifier)
"""
+lang: "en"
+favouriteCount: 2
+score: 0
+lastActive: DateTime @1698955665 {#1571
date: 2023-11-02 21:07:45.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@linux@lemmy.ml"
"@nirogu@vivaldi.net"
"@Oisteink@feddit.nl"
]
+isAdult: false
+updateMark: false
+children: Doctrine\ORM\PersistentCollection {#1585 …}
+nested: Doctrine\ORM\PersistentCollection {#1551 …}
+votes: Doctrine\ORM\PersistentCollection {#1560 …}
+reports: Doctrine\ORM\PersistentCollection {#1526 …}
+favourites: Doctrine\ORM\PersistentCollection {#1527 …}
+notifications: Doctrine\ORM\PersistentCollection {#1525 …}
-id: 613
-bodyTs: "'/etc/groups':18 '/etc/passwd':16 '/wiki/group_identifier](https://en.wikipedia.org/wiki/group_identifier)':86 '/wiki/setuid](https://en.wikipedia.org/wiki/setuid)':80 '/wiki/user_identifier](https://en.wikipedia.org/wiki/user_identifier)':83 '0':30,37,51 'account':32 'also':59 'binari':76 'command':45 'creat':34 'en.wikipedia.org':79,82,85 'en.wikipedia.org/wiki/group_identifier](https://en.wikipedia.org/wiki/group_identifier)':84 'en.wikipedia.org/wiki/setuid](https://en.wikipedia.org/wiki/setuid)':78 'en.wikipedia.org/wiki/user_identifier](https://en.wikipedia.org/wiki/user_identifier)':81 'execut':65,77 'group':9 'id':6,10 'linux':1 'map':14 'passwd':23 'possibl':60 'privileg':2,41,56 'root':26,40 'run':43,53 'script':74 'see':21 'set':62 'setuid':67 'specifi':46 'uid':29,36,50 'understand':4 'user':5,27,48,63 'without':54 'won':70 'work':72"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://feddit.nl/comment/4256522"
+editedAt: DateTimeImmutable @1698955955 {#1424
date: 2023-11-02 21:12:35.0 +01:00
}
+createdAt: DateTimeImmutable @1698955665 {#1635
date: 2023-11-02 21:07:45.0 +01:00
}
} |
|
Show voter details
|
| 12 |
DENIED
|
moderate
|
App\Entity\PostComment {#1573
+user: App\Entity\User {#265 …}
+post: Proxies\__CG__\App\Entity\Post {#1451
+user: Proxies\__CG__\App\Entity\User {#2471 …}
+magazine: Proxies\__CG__\App\Entity\Magazine {#1439 …}
+image: null
+slug: "Run-command-as-not-root-Hi-everyone-At-work-I-have"
+body: """
Run command as not-root\n
\n
Hi everyone\n
\n
At work, I have to run a command in an AWS instance. In that particular instance only exists the root user. The command should not be executed with root privileges (it executes mpirun, which is not recommended to run as sudo or the machine might break), so I was wondering if there is a way to block or disable the sudo privileges while the command is running. As mentioned, the only user existing there is root, so I suppose "sudo -u" is not an option.\n
\n
Does anyone know how to do it? Thanks in advance!\n
\n
@linux@lemmy.ml
"""
+lang: "en"
+commentCount: 30
+favouriteCount: 36
+score: 0
+isAdult: false
+sticky: false
+lastActive: DateTime @1699069034 {#2653
date: 2023-11-04 04:37:14.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@linux@lemmy.ml"
]
+comments: Doctrine\ORM\PersistentCollection {#2654 …}
+votes: Doctrine\ORM\PersistentCollection {#2663 …}
+reports: Doctrine\ORM\PersistentCollection {#2665 …}
+favourites: Doctrine\ORM\PersistentCollection {#2697 …}
+notifications: Doctrine\ORM\PersistentCollection {#2693 …}
+children: [
App\Entity\PostComment {#1465
+user: App\Entity\User {#265 …}
+post: Proxies\__CG__\App\Entity\Post {#1451 …2}
+magazine: Proxies\__CG__\App\Entity\Magazine {#1439 …}
+parent: Proxies\__CG__\App\Entity\PostComment {#1433 …}
+root: Proxies\__CG__\App\Entity\PostComment {#1437 …}
+image: null
+body: """
Laziness sparks innovation, and there could possibly be some other way to drop privileges. There’s loads of stuff I learn about Linux still - and my first install was summer 94\n
\n
Keep at it!
"""
+lang: "en"
+favouriteCount: 2
+score: 0
+lastActive: DateTime @1698969553 {#1756
date: 2023-11-03 00:59:13.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@linux@lemmy.ml"
"@nirogu@vivaldi.net"
"@Oisteink@feddit.nl"
]
+isAdult: false
+updateMark: false
+children: Doctrine\ORM\PersistentCollection {#1428 …}
+nested: Doctrine\ORM\PersistentCollection {#1441 …}
+votes: Doctrine\ORM\PersistentCollection {#1456 …}
+reports: Doctrine\ORM\PersistentCollection {#1788 …}
+favourites: Doctrine\ORM\PersistentCollection {#1656 …}
+notifications: Doctrine\ORM\PersistentCollection {#1655 …}
-id: 621
-bodyTs: "'94':31 'could':6 'drop':13 'first':27 'innov':3 'instal':28 'keep':32 'lazi':1 'learn':21 'linux':23 'load':17 'possibl':7 'privileg':14 'spark':2 'still':24 'stuff':19 'summer':30 'way':11"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://feddit.nl/comment/4262519"
+editedAt: null
+createdAt: DateTimeImmutable @1698969553 {#1634
date: 2023-11-03 00:59:13.0 +01:00
}
}
App\Entity\PostComment {#1582
+user: App\Entity\User {#265 …}
+post: Proxies\__CG__\App\Entity\Post {#1451 …2}
+magazine: Proxies\__CG__\App\Entity\Magazine {#1439 …}
+parent: Proxies\__CG__\App\Entity\PostComment {#1589 …}
+root: Proxies\__CG__\App\Entity\PostComment {#1437 …}
+image: null
+body: "Read your other post and it seems to me that a rebuild of the system to accommodate non-root users would be my preferred solution. Trying to “work around“ issues like this are prone to break as the system is updated/changed. And you’re back to trying to figure out what’s changed and makes your script break."
+lang: "en"
+favouriteCount: 3
+score: 0
+lastActive: DateTime @1698955906 {#1637
date: 2023-11-02 21:11:46.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@linux@lemmy.ml"
"@nirogu@vivaldi.net"
"@Oisteink@feddit.nl"
]
+isAdult: false
+updateMark: false
+children: Doctrine\ORM\PersistentCollection {#1592 …}
+nested: Doctrine\ORM\PersistentCollection {#1578 …}
+votes: Doctrine\ORM\PersistentCollection {#1577 …}
+reports: Doctrine\ORM\PersistentCollection {#1579 …}
+favourites: Doctrine\ORM\PersistentCollection {#1581 …}
+notifications: Doctrine\ORM\PersistentCollection {#1572 …}
-id: 614
-bodyTs: "'accommod':17 'around':30 'back':46 'break':37,59 'chang':54 'figur':50 'issu':31 'like':32 'make':56 'non':19 'non-root':18 'post':4 'prefer':25 'prone':35 're':45 'read':1 'rebuild':12 'root':20 'script':58 'seem':7 'solut':26 'system':15,40 'tri':27,48 'updated/changed':42 'user':21 'work':29 'would':22"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://feddit.nl/comment/4256607"
+editedAt: null
+createdAt: DateTimeImmutable @1698955906 {#1644
date: 2023-11-02 21:11:46.0 +01:00
}
}
App\Entity\PostComment {#1573}
App\Entity\PostComment {#1564
+user: App\Entity\User {#265 …}
+post: Proxies\__CG__\App\Entity\Post {#1451 …2}
+magazine: Proxies\__CG__\App\Entity\Magazine {#1439 …}
+parent: Proxies\__CG__\App\Entity\PostComment {#1437 …}
+root: Proxies\__CG__\App\Entity\PostComment {#1437 …}
+image: null
+body: """
There’s no way to run a command as another user if that user is not created.\n
\n
[linux.die.net/man/1/runuser](https://linux.die.net/man/1/runuser)\n
\n
Edit:sudo is also an option but I like runuser for your use-case
"""
+lang: "en"
+favouriteCount: 4
+score: 0
+lastActive: DateTime @1698952814 {#1586
date: 2023-11-02 20:20:14.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@linux@lemmy.ml"
"@nirogu@vivaldi.net"
]
+isAdult: false
+updateMark: false
+children: Doctrine\ORM\PersistentCollection {#1566 …}
+nested: Doctrine\ORM\PersistentCollection {#1562 …}
+votes: Doctrine\ORM\PersistentCollection {#1554 …}
+reports: Doctrine\ORM\PersistentCollection {#1556 …}
+favourites: Doctrine\ORM\PersistentCollection {#1555 …}
+notifications: Doctrine\ORM\PersistentCollection {#1620 …}
-id: 611
-bodyTs: "'/man/1/runuser](https://linux.die.net/man/1/runuser)':20 'also':24 'anoth':10 'case':35 'command':8 'creat':17 'edit':21 'like':29 'linux.die.net':19 'linux.die.net/man/1/runuser](https://linux.die.net/man/1/runuser)':18 'option':26 'run':6 'runus':30 'sudo':22 'use':34 'use-cas':33 'user':11,14 'way':4"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://feddit.nl/comment/4255538"
+editedAt: DateTimeImmutable @1698953029 {#1587
date: 2023-11-02 20:23:49.0 +01:00
}
+createdAt: DateTimeImmutable @1698952814 {#1575
date: 2023-11-02 20:20:14.0 +01:00
}
}
]
-id: 286
-bodyTs: "'advanc':103 'anyon':95 'aw':19 'block':65 'break':54 'command':2,16,31,73 'disabl':67 'everyon':8 'execut':35,40 'exist':26,81 'hi':7 'instanc':20,24 'know':96 'linux@lemmy.ml':104 'machin':52 'mention':77 'might':53 'mpirun':41 'not-root':4 'option':93 'particular':23 'privileg':38,70 'recommend':45 'root':6,28,37,84 'run':1,14,47,75 'sudo':49,69,88 'suppos':87 'thank':101 'u':89 'user':29,80 'way':63 'wonder':58 'work':10"
+upVotes: 0
+downVotes: 0
+ranking: 1699037071
+visibility: "visible "
+apId: "https://social.vivaldi.net/users/nirogu/statuses/111342431186356628"
+editedAt: null
+createdAt: DateTimeImmutable @1698950671 {#2652
date: 2023-11-02 19:44:31.0 +01:00
}
+__isInitialized__: true
…2
}
+magazine: Proxies\__CG__\App\Entity\Magazine {#1439 …}
+parent: Proxies\__CG__\App\Entity\PostComment {#1589 …}
+root: Proxies\__CG__\App\Entity\PostComment {#1437 …}
+image: null
+body: """
Linux privilege only understands user id’s and group id’s. These are mapped through /etc/passwd and /etc/groups. You will see in passwd that the root user has UID 0. Any account you create with UID 0 will have root privileges. So running the command specifying any user with UID!=0 will run without those privileges.\n
\n
It’s also possible to set user on execution with setuid - but that won’t work on scripts only binary executables.\n
\n
[en.wikipedia.org/wiki/Setuid](https://en.wikipedia.org/wiki/Setuid)\n
\n
[en.wikipedia.org/wiki/User_identifier](https://en.wikipedia.org/wiki/User_identifier)\n
\n
[en.wikipedia.org/wiki/Group_identifier](https://en.wikipedia.org/wiki/Group_identifier)
"""
+lang: "en"
+favouriteCount: 2
+score: 0
+lastActive: DateTime @1698955665 {#1571
date: 2023-11-02 21:07:45.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@linux@lemmy.ml"
"@nirogu@vivaldi.net"
"@Oisteink@feddit.nl"
]
+isAdult: false
+updateMark: false
+children: Doctrine\ORM\PersistentCollection {#1585 …}
+nested: Doctrine\ORM\PersistentCollection {#1551 …}
+votes: Doctrine\ORM\PersistentCollection {#1560 …}
+reports: Doctrine\ORM\PersistentCollection {#1526 …}
+favourites: Doctrine\ORM\PersistentCollection {#1527 …}
+notifications: Doctrine\ORM\PersistentCollection {#1525 …}
-id: 613
-bodyTs: "'/etc/groups':18 '/etc/passwd':16 '/wiki/group_identifier](https://en.wikipedia.org/wiki/group_identifier)':86 '/wiki/setuid](https://en.wikipedia.org/wiki/setuid)':80 '/wiki/user_identifier](https://en.wikipedia.org/wiki/user_identifier)':83 '0':30,37,51 'account':32 'also':59 'binari':76 'command':45 'creat':34 'en.wikipedia.org':79,82,85 'en.wikipedia.org/wiki/group_identifier](https://en.wikipedia.org/wiki/group_identifier)':84 'en.wikipedia.org/wiki/setuid](https://en.wikipedia.org/wiki/setuid)':78 'en.wikipedia.org/wiki/user_identifier](https://en.wikipedia.org/wiki/user_identifier)':81 'execut':65,77 'group':9 'id':6,10 'linux':1 'map':14 'passwd':23 'possibl':60 'privileg':2,41,56 'root':26,40 'run':43,53 'script':74 'see':21 'set':62 'setuid':67 'specifi':46 'uid':29,36,50 'understand':4 'user':5,27,48,63 'without':54 'won':70 'work':72"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://feddit.nl/comment/4256522"
+editedAt: DateTimeImmutable @1698955955 {#1424
date: 2023-11-02 21:12:35.0 +01:00
}
+createdAt: DateTimeImmutable @1698955665 {#1635
date: 2023-11-02 21:07:45.0 +01:00
}
} |
|
Show voter details
|
| 13 |
DENIED
|
ROLE_USER
|
null |
|
Show voter details
|
| 14 |
DENIED
|
moderate
|
App\Entity\PostComment {#1582
+user: App\Entity\User {#265 …}
+post: Proxies\__CG__\App\Entity\Post {#1451
+user: Proxies\__CG__\App\Entity\User {#2471 …}
+magazine: Proxies\__CG__\App\Entity\Magazine {#1439 …}
+image: null
+slug: "Run-command-as-not-root-Hi-everyone-At-work-I-have"
+body: """
Run command as not-root\n
\n
Hi everyone\n
\n
At work, I have to run a command in an AWS instance. In that particular instance only exists the root user. The command should not be executed with root privileges (it executes mpirun, which is not recommended to run as sudo or the machine might break), so I was wondering if there is a way to block or disable the sudo privileges while the command is running. As mentioned, the only user existing there is root, so I suppose "sudo -u" is not an option.\n
\n
Does anyone know how to do it? Thanks in advance!\n
\n
@linux@lemmy.ml
"""
+lang: "en"
+commentCount: 30
+favouriteCount: 36
+score: 0
+isAdult: false
+sticky: false
+lastActive: DateTime @1699069034 {#2653
date: 2023-11-04 04:37:14.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@linux@lemmy.ml"
]
+comments: Doctrine\ORM\PersistentCollection {#2654 …}
+votes: Doctrine\ORM\PersistentCollection {#2663 …}
+reports: Doctrine\ORM\PersistentCollection {#2665 …}
+favourites: Doctrine\ORM\PersistentCollection {#2697 …}
+notifications: Doctrine\ORM\PersistentCollection {#2693 …}
+children: [
App\Entity\PostComment {#1465
+user: App\Entity\User {#265 …}
+post: Proxies\__CG__\App\Entity\Post {#1451 …2}
+magazine: Proxies\__CG__\App\Entity\Magazine {#1439 …}
+parent: Proxies\__CG__\App\Entity\PostComment {#1433 …}
+root: Proxies\__CG__\App\Entity\PostComment {#1437 …}
+image: null
+body: """
Laziness sparks innovation, and there could possibly be some other way to drop privileges. There’s loads of stuff I learn about Linux still - and my first install was summer 94\n
\n
Keep at it!
"""
+lang: "en"
+favouriteCount: 2
+score: 0
+lastActive: DateTime @1698969553 {#1756
date: 2023-11-03 00:59:13.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@linux@lemmy.ml"
"@nirogu@vivaldi.net"
"@Oisteink@feddit.nl"
]
+isAdult: false
+updateMark: false
+children: Doctrine\ORM\PersistentCollection {#1428 …}
+nested: Doctrine\ORM\PersistentCollection {#1441 …}
+votes: Doctrine\ORM\PersistentCollection {#1456 …}
+reports: Doctrine\ORM\PersistentCollection {#1788 …}
+favourites: Doctrine\ORM\PersistentCollection {#1656 …}
+notifications: Doctrine\ORM\PersistentCollection {#1655 …}
-id: 621
-bodyTs: "'94':31 'could':6 'drop':13 'first':27 'innov':3 'instal':28 'keep':32 'lazi':1 'learn':21 'linux':23 'load':17 'possibl':7 'privileg':14 'spark':2 'still':24 'stuff':19 'summer':30 'way':11"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://feddit.nl/comment/4262519"
+editedAt: null
+createdAt: DateTimeImmutable @1698969553 {#1634
date: 2023-11-03 00:59:13.0 +01:00
}
}
App\Entity\PostComment {#1582}
App\Entity\PostComment {#1573
+user: App\Entity\User {#265 …}
+post: Proxies\__CG__\App\Entity\Post {#1451 …2}
+magazine: Proxies\__CG__\App\Entity\Magazine {#1439 …}
+parent: Proxies\__CG__\App\Entity\PostComment {#1589 …}
+root: Proxies\__CG__\App\Entity\PostComment {#1437 …}
+image: null
+body: """
Linux privilege only understands user id’s and group id’s. These are mapped through /etc/passwd and /etc/groups. You will see in passwd that the root user has UID 0. Any account you create with UID 0 will have root privileges. So running the command specifying any user with UID!=0 will run without those privileges.\n
\n
It’s also possible to set user on execution with setuid - but that won’t work on scripts only binary executables.\n
\n
[en.wikipedia.org/wiki/Setuid](https://en.wikipedia.org/wiki/Setuid)\n
\n
[en.wikipedia.org/wiki/User_identifier](https://en.wikipedia.org/wiki/User_identifier)\n
\n
[en.wikipedia.org/wiki/Group_identifier](https://en.wikipedia.org/wiki/Group_identifier)
"""
+lang: "en"
+favouriteCount: 2
+score: 0
+lastActive: DateTime @1698955665 {#1571
date: 2023-11-02 21:07:45.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@linux@lemmy.ml"
"@nirogu@vivaldi.net"
"@Oisteink@feddit.nl"
]
+isAdult: false
+updateMark: false
+children: Doctrine\ORM\PersistentCollection {#1585 …}
+nested: Doctrine\ORM\PersistentCollection {#1551 …}
+votes: Doctrine\ORM\PersistentCollection {#1560 …}
+reports: Doctrine\ORM\PersistentCollection {#1526 …}
+favourites: Doctrine\ORM\PersistentCollection {#1527 …}
+notifications: Doctrine\ORM\PersistentCollection {#1525 …}
-id: 613
-bodyTs: "'/etc/groups':18 '/etc/passwd':16 '/wiki/group_identifier](https://en.wikipedia.org/wiki/group_identifier)':86 '/wiki/setuid](https://en.wikipedia.org/wiki/setuid)':80 '/wiki/user_identifier](https://en.wikipedia.org/wiki/user_identifier)':83 '0':30,37,51 'account':32 'also':59 'binari':76 'command':45 'creat':34 'en.wikipedia.org':79,82,85 'en.wikipedia.org/wiki/group_identifier](https://en.wikipedia.org/wiki/group_identifier)':84 'en.wikipedia.org/wiki/setuid](https://en.wikipedia.org/wiki/setuid)':78 'en.wikipedia.org/wiki/user_identifier](https://en.wikipedia.org/wiki/user_identifier)':81 'execut':65,77 'group':9 'id':6,10 'linux':1 'map':14 'passwd':23 'possibl':60 'privileg':2,41,56 'root':26,40 'run':43,53 'script':74 'see':21 'set':62 'setuid':67 'specifi':46 'uid':29,36,50 'understand':4 'user':5,27,48,63 'without':54 'won':70 'work':72"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://feddit.nl/comment/4256522"
+editedAt: DateTimeImmutable @1698955955 {#1424
date: 2023-11-02 21:12:35.0 +01:00
}
+createdAt: DateTimeImmutable @1698955665 {#1635
date: 2023-11-02 21:07:45.0 +01:00
}
}
App\Entity\PostComment {#1564
+user: App\Entity\User {#265 …}
+post: Proxies\__CG__\App\Entity\Post {#1451 …2}
+magazine: Proxies\__CG__\App\Entity\Magazine {#1439 …}
+parent: Proxies\__CG__\App\Entity\PostComment {#1437 …}
+root: Proxies\__CG__\App\Entity\PostComment {#1437 …}
+image: null
+body: """
There’s no way to run a command as another user if that user is not created.\n
\n
[linux.die.net/man/1/runuser](https://linux.die.net/man/1/runuser)\n
\n
Edit:sudo is also an option but I like runuser for your use-case
"""
+lang: "en"
+favouriteCount: 4
+score: 0
+lastActive: DateTime @1698952814 {#1586
date: 2023-11-02 20:20:14.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@linux@lemmy.ml"
"@nirogu@vivaldi.net"
]
+isAdult: false
+updateMark: false
+children: Doctrine\ORM\PersistentCollection {#1566 …}
+nested: Doctrine\ORM\PersistentCollection {#1562 …}
+votes: Doctrine\ORM\PersistentCollection {#1554 …}
+reports: Doctrine\ORM\PersistentCollection {#1556 …}
+favourites: Doctrine\ORM\PersistentCollection {#1555 …}
+notifications: Doctrine\ORM\PersistentCollection {#1620 …}
-id: 611
-bodyTs: "'/man/1/runuser](https://linux.die.net/man/1/runuser)':20 'also':24 'anoth':10 'case':35 'command':8 'creat':17 'edit':21 'like':29 'linux.die.net':19 'linux.die.net/man/1/runuser](https://linux.die.net/man/1/runuser)':18 'option':26 'run':6 'runus':30 'sudo':22 'use':34 'use-cas':33 'user':11,14 'way':4"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://feddit.nl/comment/4255538"
+editedAt: DateTimeImmutable @1698953029 {#1587
date: 2023-11-02 20:23:49.0 +01:00
}
+createdAt: DateTimeImmutable @1698952814 {#1575
date: 2023-11-02 20:20:14.0 +01:00
}
}
]
-id: 286
-bodyTs: "'advanc':103 'anyon':95 'aw':19 'block':65 'break':54 'command':2,16,31,73 'disabl':67 'everyon':8 'execut':35,40 'exist':26,81 'hi':7 'instanc':20,24 'know':96 'linux@lemmy.ml':104 'machin':52 'mention':77 'might':53 'mpirun':41 'not-root':4 'option':93 'particular':23 'privileg':38,70 'recommend':45 'root':6,28,37,84 'run':1,14,47,75 'sudo':49,69,88 'suppos':87 'thank':101 'u':89 'user':29,80 'way':63 'wonder':58 'work':10"
+upVotes: 0
+downVotes: 0
+ranking: 1699037071
+visibility: "visible "
+apId: "https://social.vivaldi.net/users/nirogu/statuses/111342431186356628"
+editedAt: null
+createdAt: DateTimeImmutable @1698950671 {#2652
date: 2023-11-02 19:44:31.0 +01:00
}
+__isInitialized__: true
…2
}
+magazine: Proxies\__CG__\App\Entity\Magazine {#1439 …}
+parent: Proxies\__CG__\App\Entity\PostComment {#1589 …}
+root: Proxies\__CG__\App\Entity\PostComment {#1437 …}
+image: null
+body: "Read your other post and it seems to me that a rebuild of the system to accommodate non-root users would be my preferred solution. Trying to “work around“ issues like this are prone to break as the system is updated/changed. And you’re back to trying to figure out what’s changed and makes your script break."
+lang: "en"
+favouriteCount: 3
+score: 0
+lastActive: DateTime @1698955906 {#1637
date: 2023-11-02 21:11:46.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@linux@lemmy.ml"
"@nirogu@vivaldi.net"
"@Oisteink@feddit.nl"
]
+isAdult: false
+updateMark: false
+children: Doctrine\ORM\PersistentCollection {#1592 …}
+nested: Doctrine\ORM\PersistentCollection {#1578 …}
+votes: Doctrine\ORM\PersistentCollection {#1577 …}
+reports: Doctrine\ORM\PersistentCollection {#1579 …}
+favourites: Doctrine\ORM\PersistentCollection {#1581 …}
+notifications: Doctrine\ORM\PersistentCollection {#1572 …}
-id: 614
-bodyTs: "'accommod':17 'around':30 'back':46 'break':37,59 'chang':54 'figur':50 'issu':31 'like':32 'make':56 'non':19 'non-root':18 'post':4 'prefer':25 'prone':35 're':45 'read':1 'rebuild':12 'root':20 'script':58 'seem':7 'solut':26 'system':15,40 'tri':27,48 'updated/changed':42 'user':21 'work':29 'would':22"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://feddit.nl/comment/4256607"
+editedAt: null
+createdAt: DateTimeImmutable @1698955906 {#1644
date: 2023-11-02 21:11:46.0 +01:00
}
} |
|
Show voter details
|
| 15 |
DENIED
|
edit
|
App\Entity\PostComment {#1582
+user: App\Entity\User {#265 …}
+post: Proxies\__CG__\App\Entity\Post {#1451
+user: Proxies\__CG__\App\Entity\User {#2471 …}
+magazine: Proxies\__CG__\App\Entity\Magazine {#1439 …}
+image: null
+slug: "Run-command-as-not-root-Hi-everyone-At-work-I-have"
+body: """
Run command as not-root\n
\n
Hi everyone\n
\n
At work, I have to run a command in an AWS instance. In that particular instance only exists the root user. The command should not be executed with root privileges (it executes mpirun, which is not recommended to run as sudo or the machine might break), so I was wondering if there is a way to block or disable the sudo privileges while the command is running. As mentioned, the only user existing there is root, so I suppose "sudo -u" is not an option.\n
\n
Does anyone know how to do it? Thanks in advance!\n
\n
@linux@lemmy.ml
"""
+lang: "en"
+commentCount: 30
+favouriteCount: 36
+score: 0
+isAdult: false
+sticky: false
+lastActive: DateTime @1699069034 {#2653
date: 2023-11-04 04:37:14.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@linux@lemmy.ml"
]
+comments: Doctrine\ORM\PersistentCollection {#2654 …}
+votes: Doctrine\ORM\PersistentCollection {#2663 …}
+reports: Doctrine\ORM\PersistentCollection {#2665 …}
+favourites: Doctrine\ORM\PersistentCollection {#2697 …}
+notifications: Doctrine\ORM\PersistentCollection {#2693 …}
+children: [
App\Entity\PostComment {#1465
+user: App\Entity\User {#265 …}
+post: Proxies\__CG__\App\Entity\Post {#1451 …2}
+magazine: Proxies\__CG__\App\Entity\Magazine {#1439 …}
+parent: Proxies\__CG__\App\Entity\PostComment {#1433 …}
+root: Proxies\__CG__\App\Entity\PostComment {#1437 …}
+image: null
+body: """
Laziness sparks innovation, and there could possibly be some other way to drop privileges. There’s loads of stuff I learn about Linux still - and my first install was summer 94\n
\n
Keep at it!
"""
+lang: "en"
+favouriteCount: 2
+score: 0
+lastActive: DateTime @1698969553 {#1756
date: 2023-11-03 00:59:13.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@linux@lemmy.ml"
"@nirogu@vivaldi.net"
"@Oisteink@feddit.nl"
]
+isAdult: false
+updateMark: false
+children: Doctrine\ORM\PersistentCollection {#1428 …}
+nested: Doctrine\ORM\PersistentCollection {#1441 …}
+votes: Doctrine\ORM\PersistentCollection {#1456 …}
+reports: Doctrine\ORM\PersistentCollection {#1788 …}
+favourites: Doctrine\ORM\PersistentCollection {#1656 …}
+notifications: Doctrine\ORM\PersistentCollection {#1655 …}
-id: 621
-bodyTs: "'94':31 'could':6 'drop':13 'first':27 'innov':3 'instal':28 'keep':32 'lazi':1 'learn':21 'linux':23 'load':17 'possibl':7 'privileg':14 'spark':2 'still':24 'stuff':19 'summer':30 'way':11"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://feddit.nl/comment/4262519"
+editedAt: null
+createdAt: DateTimeImmutable @1698969553 {#1634
date: 2023-11-03 00:59:13.0 +01:00
}
}
App\Entity\PostComment {#1582}
App\Entity\PostComment {#1573
+user: App\Entity\User {#265 …}
+post: Proxies\__CG__\App\Entity\Post {#1451 …2}
+magazine: Proxies\__CG__\App\Entity\Magazine {#1439 …}
+parent: Proxies\__CG__\App\Entity\PostComment {#1589 …}
+root: Proxies\__CG__\App\Entity\PostComment {#1437 …}
+image: null
+body: """
Linux privilege only understands user id’s and group id’s. These are mapped through /etc/passwd and /etc/groups. You will see in passwd that the root user has UID 0. Any account you create with UID 0 will have root privileges. So running the command specifying any user with UID!=0 will run without those privileges.\n
\n
It’s also possible to set user on execution with setuid - but that won’t work on scripts only binary executables.\n
\n
[en.wikipedia.org/wiki/Setuid](https://en.wikipedia.org/wiki/Setuid)\n
\n
[en.wikipedia.org/wiki/User_identifier](https://en.wikipedia.org/wiki/User_identifier)\n
\n
[en.wikipedia.org/wiki/Group_identifier](https://en.wikipedia.org/wiki/Group_identifier)
"""
+lang: "en"
+favouriteCount: 2
+score: 0
+lastActive: DateTime @1698955665 {#1571
date: 2023-11-02 21:07:45.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@linux@lemmy.ml"
"@nirogu@vivaldi.net"
"@Oisteink@feddit.nl"
]
+isAdult: false
+updateMark: false
+children: Doctrine\ORM\PersistentCollection {#1585 …}
+nested: Doctrine\ORM\PersistentCollection {#1551 …}
+votes: Doctrine\ORM\PersistentCollection {#1560 …}
+reports: Doctrine\ORM\PersistentCollection {#1526 …}
+favourites: Doctrine\ORM\PersistentCollection {#1527 …}
+notifications: Doctrine\ORM\PersistentCollection {#1525 …}
-id: 613
-bodyTs: "'/etc/groups':18 '/etc/passwd':16 '/wiki/group_identifier](https://en.wikipedia.org/wiki/group_identifier)':86 '/wiki/setuid](https://en.wikipedia.org/wiki/setuid)':80 '/wiki/user_identifier](https://en.wikipedia.org/wiki/user_identifier)':83 '0':30,37,51 'account':32 'also':59 'binari':76 'command':45 'creat':34 'en.wikipedia.org':79,82,85 'en.wikipedia.org/wiki/group_identifier](https://en.wikipedia.org/wiki/group_identifier)':84 'en.wikipedia.org/wiki/setuid](https://en.wikipedia.org/wiki/setuid)':78 'en.wikipedia.org/wiki/user_identifier](https://en.wikipedia.org/wiki/user_identifier)':81 'execut':65,77 'group':9 'id':6,10 'linux':1 'map':14 'passwd':23 'possibl':60 'privileg':2,41,56 'root':26,40 'run':43,53 'script':74 'see':21 'set':62 'setuid':67 'specifi':46 'uid':29,36,50 'understand':4 'user':5,27,48,63 'without':54 'won':70 'work':72"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://feddit.nl/comment/4256522"
+editedAt: DateTimeImmutable @1698955955 {#1424
date: 2023-11-02 21:12:35.0 +01:00
}
+createdAt: DateTimeImmutable @1698955665 {#1635
date: 2023-11-02 21:07:45.0 +01:00
}
}
App\Entity\PostComment {#1564
+user: App\Entity\User {#265 …}
+post: Proxies\__CG__\App\Entity\Post {#1451 …2}
+magazine: Proxies\__CG__\App\Entity\Magazine {#1439 …}
+parent: Proxies\__CG__\App\Entity\PostComment {#1437 …}
+root: Proxies\__CG__\App\Entity\PostComment {#1437 …}
+image: null
+body: """
There’s no way to run a command as another user if that user is not created.\n
\n
[linux.die.net/man/1/runuser](https://linux.die.net/man/1/runuser)\n
\n
Edit:sudo is also an option but I like runuser for your use-case
"""
+lang: "en"
+favouriteCount: 4
+score: 0
+lastActive: DateTime @1698952814 {#1586
date: 2023-11-02 20:20:14.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@linux@lemmy.ml"
"@nirogu@vivaldi.net"
]
+isAdult: false
+updateMark: false
+children: Doctrine\ORM\PersistentCollection {#1566 …}
+nested: Doctrine\ORM\PersistentCollection {#1562 …}
+votes: Doctrine\ORM\PersistentCollection {#1554 …}
+reports: Doctrine\ORM\PersistentCollection {#1556 …}
+favourites: Doctrine\ORM\PersistentCollection {#1555 …}
+notifications: Doctrine\ORM\PersistentCollection {#1620 …}
-id: 611
-bodyTs: "'/man/1/runuser](https://linux.die.net/man/1/runuser)':20 'also':24 'anoth':10 'case':35 'command':8 'creat':17 'edit':21 'like':29 'linux.die.net':19 'linux.die.net/man/1/runuser](https://linux.die.net/man/1/runuser)':18 'option':26 'run':6 'runus':30 'sudo':22 'use':34 'use-cas':33 'user':11,14 'way':4"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://feddit.nl/comment/4255538"
+editedAt: DateTimeImmutable @1698953029 {#1587
date: 2023-11-02 20:23:49.0 +01:00
}
+createdAt: DateTimeImmutable @1698952814 {#1575
date: 2023-11-02 20:20:14.0 +01:00
}
}
]
-id: 286
-bodyTs: "'advanc':103 'anyon':95 'aw':19 'block':65 'break':54 'command':2,16,31,73 'disabl':67 'everyon':8 'execut':35,40 'exist':26,81 'hi':7 'instanc':20,24 'know':96 'linux@lemmy.ml':104 'machin':52 'mention':77 'might':53 'mpirun':41 'not-root':4 'option':93 'particular':23 'privileg':38,70 'recommend':45 'root':6,28,37,84 'run':1,14,47,75 'sudo':49,69,88 'suppos':87 'thank':101 'u':89 'user':29,80 'way':63 'wonder':58 'work':10"
+upVotes: 0
+downVotes: 0
+ranking: 1699037071
+visibility: "visible "
+apId: "https://social.vivaldi.net/users/nirogu/statuses/111342431186356628"
+editedAt: null
+createdAt: DateTimeImmutable @1698950671 {#2652
date: 2023-11-02 19:44:31.0 +01:00
}
+__isInitialized__: true
…2
}
+magazine: Proxies\__CG__\App\Entity\Magazine {#1439 …}
+parent: Proxies\__CG__\App\Entity\PostComment {#1589 …}
+root: Proxies\__CG__\App\Entity\PostComment {#1437 …}
+image: null
+body: "Read your other post and it seems to me that a rebuild of the system to accommodate non-root users would be my preferred solution. Trying to “work around“ issues like this are prone to break as the system is updated/changed. And you’re back to trying to figure out what’s changed and makes your script break."
+lang: "en"
+favouriteCount: 3
+score: 0
+lastActive: DateTime @1698955906 {#1637
date: 2023-11-02 21:11:46.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@linux@lemmy.ml"
"@nirogu@vivaldi.net"
"@Oisteink@feddit.nl"
]
+isAdult: false
+updateMark: false
+children: Doctrine\ORM\PersistentCollection {#1592 …}
+nested: Doctrine\ORM\PersistentCollection {#1578 …}
+votes: Doctrine\ORM\PersistentCollection {#1577 …}
+reports: Doctrine\ORM\PersistentCollection {#1579 …}
+favourites: Doctrine\ORM\PersistentCollection {#1581 …}
+notifications: Doctrine\ORM\PersistentCollection {#1572 …}
-id: 614
-bodyTs: "'accommod':17 'around':30 'back':46 'break':37,59 'chang':54 'figur':50 'issu':31 'like':32 'make':56 'non':19 'non-root':18 'post':4 'prefer':25 'prone':35 're':45 'read':1 'rebuild':12 'root':20 'script':58 'seem':7 'solut':26 'system':15,40 'tri':27,48 'updated/changed':42 'user':21 'work':29 'would':22"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://feddit.nl/comment/4256607"
+editedAt: null
+createdAt: DateTimeImmutable @1698955906 {#1644
date: 2023-11-02 21:11:46.0 +01:00
}
} |
|
Show voter details
|
| 16 |
DENIED
|
moderate
|
App\Entity\PostComment {#1582
+user: App\Entity\User {#265 …}
+post: Proxies\__CG__\App\Entity\Post {#1451
+user: Proxies\__CG__\App\Entity\User {#2471 …}
+magazine: Proxies\__CG__\App\Entity\Magazine {#1439 …}
+image: null
+slug: "Run-command-as-not-root-Hi-everyone-At-work-I-have"
+body: """
Run command as not-root\n
\n
Hi everyone\n
\n
At work, I have to run a command in an AWS instance. In that particular instance only exists the root user. The command should not be executed with root privileges (it executes mpirun, which is not recommended to run as sudo or the machine might break), so I was wondering if there is a way to block or disable the sudo privileges while the command is running. As mentioned, the only user existing there is root, so I suppose "sudo -u" is not an option.\n
\n
Does anyone know how to do it? Thanks in advance!\n
\n
@linux@lemmy.ml
"""
+lang: "en"
+commentCount: 30
+favouriteCount: 36
+score: 0
+isAdult: false
+sticky: false
+lastActive: DateTime @1699069034 {#2653
date: 2023-11-04 04:37:14.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@linux@lemmy.ml"
]
+comments: Doctrine\ORM\PersistentCollection {#2654 …}
+votes: Doctrine\ORM\PersistentCollection {#2663 …}
+reports: Doctrine\ORM\PersistentCollection {#2665 …}
+favourites: Doctrine\ORM\PersistentCollection {#2697 …}
+notifications: Doctrine\ORM\PersistentCollection {#2693 …}
+children: [
App\Entity\PostComment {#1465
+user: App\Entity\User {#265 …}
+post: Proxies\__CG__\App\Entity\Post {#1451 …2}
+magazine: Proxies\__CG__\App\Entity\Magazine {#1439 …}
+parent: Proxies\__CG__\App\Entity\PostComment {#1433 …}
+root: Proxies\__CG__\App\Entity\PostComment {#1437 …}
+image: null
+body: """
Laziness sparks innovation, and there could possibly be some other way to drop privileges. There’s loads of stuff I learn about Linux still - and my first install was summer 94\n
\n
Keep at it!
"""
+lang: "en"
+favouriteCount: 2
+score: 0
+lastActive: DateTime @1698969553 {#1756
date: 2023-11-03 00:59:13.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@linux@lemmy.ml"
"@nirogu@vivaldi.net"
"@Oisteink@feddit.nl"
]
+isAdult: false
+updateMark: false
+children: Doctrine\ORM\PersistentCollection {#1428 …}
+nested: Doctrine\ORM\PersistentCollection {#1441 …}
+votes: Doctrine\ORM\PersistentCollection {#1456 …}
+reports: Doctrine\ORM\PersistentCollection {#1788 …}
+favourites: Doctrine\ORM\PersistentCollection {#1656 …}
+notifications: Doctrine\ORM\PersistentCollection {#1655 …}
-id: 621
-bodyTs: "'94':31 'could':6 'drop':13 'first':27 'innov':3 'instal':28 'keep':32 'lazi':1 'learn':21 'linux':23 'load':17 'possibl':7 'privileg':14 'spark':2 'still':24 'stuff':19 'summer':30 'way':11"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://feddit.nl/comment/4262519"
+editedAt: null
+createdAt: DateTimeImmutable @1698969553 {#1634
date: 2023-11-03 00:59:13.0 +01:00
}
}
App\Entity\PostComment {#1582}
App\Entity\PostComment {#1573
+user: App\Entity\User {#265 …}
+post: Proxies\__CG__\App\Entity\Post {#1451 …2}
+magazine: Proxies\__CG__\App\Entity\Magazine {#1439 …}
+parent: Proxies\__CG__\App\Entity\PostComment {#1589 …}
+root: Proxies\__CG__\App\Entity\PostComment {#1437 …}
+image: null
+body: """
Linux privilege only understands user id’s and group id’s. These are mapped through /etc/passwd and /etc/groups. You will see in passwd that the root user has UID 0. Any account you create with UID 0 will have root privileges. So running the command specifying any user with UID!=0 will run without those privileges.\n
\n
It’s also possible to set user on execution with setuid - but that won’t work on scripts only binary executables.\n
\n
[en.wikipedia.org/wiki/Setuid](https://en.wikipedia.org/wiki/Setuid)\n
\n
[en.wikipedia.org/wiki/User_identifier](https://en.wikipedia.org/wiki/User_identifier)\n
\n
[en.wikipedia.org/wiki/Group_identifier](https://en.wikipedia.org/wiki/Group_identifier)
"""
+lang: "en"
+favouriteCount: 2
+score: 0
+lastActive: DateTime @1698955665 {#1571
date: 2023-11-02 21:07:45.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@linux@lemmy.ml"
"@nirogu@vivaldi.net"
"@Oisteink@feddit.nl"
]
+isAdult: false
+updateMark: false
+children: Doctrine\ORM\PersistentCollection {#1585 …}
+nested: Doctrine\ORM\PersistentCollection {#1551 …}
+votes: Doctrine\ORM\PersistentCollection {#1560 …}
+reports: Doctrine\ORM\PersistentCollection {#1526 …}
+favourites: Doctrine\ORM\PersistentCollection {#1527 …}
+notifications: Doctrine\ORM\PersistentCollection {#1525 …}
-id: 613
-bodyTs: "'/etc/groups':18 '/etc/passwd':16 '/wiki/group_identifier](https://en.wikipedia.org/wiki/group_identifier)':86 '/wiki/setuid](https://en.wikipedia.org/wiki/setuid)':80 '/wiki/user_identifier](https://en.wikipedia.org/wiki/user_identifier)':83 '0':30,37,51 'account':32 'also':59 'binari':76 'command':45 'creat':34 'en.wikipedia.org':79,82,85 'en.wikipedia.org/wiki/group_identifier](https://en.wikipedia.org/wiki/group_identifier)':84 'en.wikipedia.org/wiki/setuid](https://en.wikipedia.org/wiki/setuid)':78 'en.wikipedia.org/wiki/user_identifier](https://en.wikipedia.org/wiki/user_identifier)':81 'execut':65,77 'group':9 'id':6,10 'linux':1 'map':14 'passwd':23 'possibl':60 'privileg':2,41,56 'root':26,40 'run':43,53 'script':74 'see':21 'set':62 'setuid':67 'specifi':46 'uid':29,36,50 'understand':4 'user':5,27,48,63 'without':54 'won':70 'work':72"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://feddit.nl/comment/4256522"
+editedAt: DateTimeImmutable @1698955955 {#1424
date: 2023-11-02 21:12:35.0 +01:00
}
+createdAt: DateTimeImmutable @1698955665 {#1635
date: 2023-11-02 21:07:45.0 +01:00
}
}
App\Entity\PostComment {#1564
+user: App\Entity\User {#265 …}
+post: Proxies\__CG__\App\Entity\Post {#1451 …2}
+magazine: Proxies\__CG__\App\Entity\Magazine {#1439 …}
+parent: Proxies\__CG__\App\Entity\PostComment {#1437 …}
+root: Proxies\__CG__\App\Entity\PostComment {#1437 …}
+image: null
+body: """
There’s no way to run a command as another user if that user is not created.\n
\n
[linux.die.net/man/1/runuser](https://linux.die.net/man/1/runuser)\n
\n
Edit:sudo is also an option but I like runuser for your use-case
"""
+lang: "en"
+favouriteCount: 4
+score: 0
+lastActive: DateTime @1698952814 {#1586
date: 2023-11-02 20:20:14.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@linux@lemmy.ml"
"@nirogu@vivaldi.net"
]
+isAdult: false
+updateMark: false
+children: Doctrine\ORM\PersistentCollection {#1566 …}
+nested: Doctrine\ORM\PersistentCollection {#1562 …}
+votes: Doctrine\ORM\PersistentCollection {#1554 …}
+reports: Doctrine\ORM\PersistentCollection {#1556 …}
+favourites: Doctrine\ORM\PersistentCollection {#1555 …}
+notifications: Doctrine\ORM\PersistentCollection {#1620 …}
-id: 611
-bodyTs: "'/man/1/runuser](https://linux.die.net/man/1/runuser)':20 'also':24 'anoth':10 'case':35 'command':8 'creat':17 'edit':21 'like':29 'linux.die.net':19 'linux.die.net/man/1/runuser](https://linux.die.net/man/1/runuser)':18 'option':26 'run':6 'runus':30 'sudo':22 'use':34 'use-cas':33 'user':11,14 'way':4"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://feddit.nl/comment/4255538"
+editedAt: DateTimeImmutable @1698953029 {#1587
date: 2023-11-02 20:23:49.0 +01:00
}
+createdAt: DateTimeImmutable @1698952814 {#1575
date: 2023-11-02 20:20:14.0 +01:00
}
}
]
-id: 286
-bodyTs: "'advanc':103 'anyon':95 'aw':19 'block':65 'break':54 'command':2,16,31,73 'disabl':67 'everyon':8 'execut':35,40 'exist':26,81 'hi':7 'instanc':20,24 'know':96 'linux@lemmy.ml':104 'machin':52 'mention':77 'might':53 'mpirun':41 'not-root':4 'option':93 'particular':23 'privileg':38,70 'recommend':45 'root':6,28,37,84 'run':1,14,47,75 'sudo':49,69,88 'suppos':87 'thank':101 'u':89 'user':29,80 'way':63 'wonder':58 'work':10"
+upVotes: 0
+downVotes: 0
+ranking: 1699037071
+visibility: "visible "
+apId: "https://social.vivaldi.net/users/nirogu/statuses/111342431186356628"
+editedAt: null
+createdAt: DateTimeImmutable @1698950671 {#2652
date: 2023-11-02 19:44:31.0 +01:00
}
+__isInitialized__: true
…2
}
+magazine: Proxies\__CG__\App\Entity\Magazine {#1439 …}
+parent: Proxies\__CG__\App\Entity\PostComment {#1589 …}
+root: Proxies\__CG__\App\Entity\PostComment {#1437 …}
+image: null
+body: "Read your other post and it seems to me that a rebuild of the system to accommodate non-root users would be my preferred solution. Trying to “work around“ issues like this are prone to break as the system is updated/changed. And you’re back to trying to figure out what’s changed and makes your script break."
+lang: "en"
+favouriteCount: 3
+score: 0
+lastActive: DateTime @1698955906 {#1637
date: 2023-11-02 21:11:46.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@linux@lemmy.ml"
"@nirogu@vivaldi.net"
"@Oisteink@feddit.nl"
]
+isAdult: false
+updateMark: false
+children: Doctrine\ORM\PersistentCollection {#1592 …}
+nested: Doctrine\ORM\PersistentCollection {#1578 …}
+votes: Doctrine\ORM\PersistentCollection {#1577 …}
+reports: Doctrine\ORM\PersistentCollection {#1579 …}
+favourites: Doctrine\ORM\PersistentCollection {#1581 …}
+notifications: Doctrine\ORM\PersistentCollection {#1572 …}
-id: 614
-bodyTs: "'accommod':17 'around':30 'back':46 'break':37,59 'chang':54 'figur':50 'issu':31 'like':32 'make':56 'non':19 'non-root':18 'post':4 'prefer':25 'prone':35 're':45 'read':1 'rebuild':12 'root':20 'script':58 'seem':7 'solut':26 'system':15,40 'tri':27,48 'updated/changed':42 'user':21 'work':29 'would':22"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://feddit.nl/comment/4256607"
+editedAt: null
+createdAt: DateTimeImmutable @1698955906 {#1644
date: 2023-11-02 21:11:46.0 +01:00
}
} |
|
Show voter details
|
| 17 |
DENIED
|
ROLE_USER
|
null |
|
Show voter details
|
| 18 |
DENIED
|
moderate
|
App\Entity\PostComment {#1465
+user: App\Entity\User {#265 …}
+post: Proxies\__CG__\App\Entity\Post {#1451
+user: Proxies\__CG__\App\Entity\User {#2471 …}
+magazine: Proxies\__CG__\App\Entity\Magazine {#1439 …}
+image: null
+slug: "Run-command-as-not-root-Hi-everyone-At-work-I-have"
+body: """
Run command as not-root\n
\n
Hi everyone\n
\n
At work, I have to run a command in an AWS instance. In that particular instance only exists the root user. The command should not be executed with root privileges (it executes mpirun, which is not recommended to run as sudo or the machine might break), so I was wondering if there is a way to block or disable the sudo privileges while the command is running. As mentioned, the only user existing there is root, so I suppose "sudo -u" is not an option.\n
\n
Does anyone know how to do it? Thanks in advance!\n
\n
@linux@lemmy.ml
"""
+lang: "en"
+commentCount: 30
+favouriteCount: 36
+score: 0
+isAdult: false
+sticky: false
+lastActive: DateTime @1699069034 {#2653
date: 2023-11-04 04:37:14.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@linux@lemmy.ml"
]
+comments: Doctrine\ORM\PersistentCollection {#2654 …}
+votes: Doctrine\ORM\PersistentCollection {#2663 …}
+reports: Doctrine\ORM\PersistentCollection {#2665 …}
+favourites: Doctrine\ORM\PersistentCollection {#2697 …}
+notifications: Doctrine\ORM\PersistentCollection {#2693 …}
+children: [
App\Entity\PostComment {#1465}
App\Entity\PostComment {#1582
+user: App\Entity\User {#265 …}
+post: Proxies\__CG__\App\Entity\Post {#1451 …2}
+magazine: Proxies\__CG__\App\Entity\Magazine {#1439 …}
+parent: Proxies\__CG__\App\Entity\PostComment {#1589 …}
+root: Proxies\__CG__\App\Entity\PostComment {#1437 …}
+image: null
+body: "Read your other post and it seems to me that a rebuild of the system to accommodate non-root users would be my preferred solution. Trying to “work around“ issues like this are prone to break as the system is updated/changed. And you’re back to trying to figure out what’s changed and makes your script break."
+lang: "en"
+favouriteCount: 3
+score: 0
+lastActive: DateTime @1698955906 {#1637
date: 2023-11-02 21:11:46.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@linux@lemmy.ml"
"@nirogu@vivaldi.net"
"@Oisteink@feddit.nl"
]
+isAdult: false
+updateMark: false
+children: Doctrine\ORM\PersistentCollection {#1592 …}
+nested: Doctrine\ORM\PersistentCollection {#1578 …}
+votes: Doctrine\ORM\PersistentCollection {#1577 …}
+reports: Doctrine\ORM\PersistentCollection {#1579 …}
+favourites: Doctrine\ORM\PersistentCollection {#1581 …}
+notifications: Doctrine\ORM\PersistentCollection {#1572 …}
-id: 614
-bodyTs: "'accommod':17 'around':30 'back':46 'break':37,59 'chang':54 'figur':50 'issu':31 'like':32 'make':56 'non':19 'non-root':18 'post':4 'prefer':25 'prone':35 're':45 'read':1 'rebuild':12 'root':20 'script':58 'seem':7 'solut':26 'system':15,40 'tri':27,48 'updated/changed':42 'user':21 'work':29 'would':22"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://feddit.nl/comment/4256607"
+editedAt: null
+createdAt: DateTimeImmutable @1698955906 {#1644
date: 2023-11-02 21:11:46.0 +01:00
}
}
App\Entity\PostComment {#1573
+user: App\Entity\User {#265 …}
+post: Proxies\__CG__\App\Entity\Post {#1451 …2}
+magazine: Proxies\__CG__\App\Entity\Magazine {#1439 …}
+parent: Proxies\__CG__\App\Entity\PostComment {#1589 …}
+root: Proxies\__CG__\App\Entity\PostComment {#1437 …}
+image: null
+body: """
Linux privilege only understands user id’s and group id’s. These are mapped through /etc/passwd and /etc/groups. You will see in passwd that the root user has UID 0. Any account you create with UID 0 will have root privileges. So running the command specifying any user with UID!=0 will run without those privileges.\n
\n
It’s also possible to set user on execution with setuid - but that won’t work on scripts only binary executables.\n
\n
[en.wikipedia.org/wiki/Setuid](https://en.wikipedia.org/wiki/Setuid)\n
\n
[en.wikipedia.org/wiki/User_identifier](https://en.wikipedia.org/wiki/User_identifier)\n
\n
[en.wikipedia.org/wiki/Group_identifier](https://en.wikipedia.org/wiki/Group_identifier)
"""
+lang: "en"
+favouriteCount: 2
+score: 0
+lastActive: DateTime @1698955665 {#1571
date: 2023-11-02 21:07:45.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@linux@lemmy.ml"
"@nirogu@vivaldi.net"
"@Oisteink@feddit.nl"
]
+isAdult: false
+updateMark: false
+children: Doctrine\ORM\PersistentCollection {#1585 …}
+nested: Doctrine\ORM\PersistentCollection {#1551 …}
+votes: Doctrine\ORM\PersistentCollection {#1560 …}
+reports: Doctrine\ORM\PersistentCollection {#1526 …}
+favourites: Doctrine\ORM\PersistentCollection {#1527 …}
+notifications: Doctrine\ORM\PersistentCollection {#1525 …}
-id: 613
-bodyTs: "'/etc/groups':18 '/etc/passwd':16 '/wiki/group_identifier](https://en.wikipedia.org/wiki/group_identifier)':86 '/wiki/setuid](https://en.wikipedia.org/wiki/setuid)':80 '/wiki/user_identifier](https://en.wikipedia.org/wiki/user_identifier)':83 '0':30,37,51 'account':32 'also':59 'binari':76 'command':45 'creat':34 'en.wikipedia.org':79,82,85 'en.wikipedia.org/wiki/group_identifier](https://en.wikipedia.org/wiki/group_identifier)':84 'en.wikipedia.org/wiki/setuid](https://en.wikipedia.org/wiki/setuid)':78 'en.wikipedia.org/wiki/user_identifier](https://en.wikipedia.org/wiki/user_identifier)':81 'execut':65,77 'group':9 'id':6,10 'linux':1 'map':14 'passwd':23 'possibl':60 'privileg':2,41,56 'root':26,40 'run':43,53 'script':74 'see':21 'set':62 'setuid':67 'specifi':46 'uid':29,36,50 'understand':4 'user':5,27,48,63 'without':54 'won':70 'work':72"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://feddit.nl/comment/4256522"
+editedAt: DateTimeImmutable @1698955955 {#1424
date: 2023-11-02 21:12:35.0 +01:00
}
+createdAt: DateTimeImmutable @1698955665 {#1635
date: 2023-11-02 21:07:45.0 +01:00
}
}
App\Entity\PostComment {#1564
+user: App\Entity\User {#265 …}
+post: Proxies\__CG__\App\Entity\Post {#1451 …2}
+magazine: Proxies\__CG__\App\Entity\Magazine {#1439 …}
+parent: Proxies\__CG__\App\Entity\PostComment {#1437 …}
+root: Proxies\__CG__\App\Entity\PostComment {#1437 …}
+image: null
+body: """
There’s no way to run a command as another user if that user is not created.\n
\n
[linux.die.net/man/1/runuser](https://linux.die.net/man/1/runuser)\n
\n
Edit:sudo is also an option but I like runuser for your use-case
"""
+lang: "en"
+favouriteCount: 4
+score: 0
+lastActive: DateTime @1698952814 {#1586
date: 2023-11-02 20:20:14.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@linux@lemmy.ml"
"@nirogu@vivaldi.net"
]
+isAdult: false
+updateMark: false
+children: Doctrine\ORM\PersistentCollection {#1566 …}
+nested: Doctrine\ORM\PersistentCollection {#1562 …}
+votes: Doctrine\ORM\PersistentCollection {#1554 …}
+reports: Doctrine\ORM\PersistentCollection {#1556 …}
+favourites: Doctrine\ORM\PersistentCollection {#1555 …}
+notifications: Doctrine\ORM\PersistentCollection {#1620 …}
-id: 611
-bodyTs: "'/man/1/runuser](https://linux.die.net/man/1/runuser)':20 'also':24 'anoth':10 'case':35 'command':8 'creat':17 'edit':21 'like':29 'linux.die.net':19 'linux.die.net/man/1/runuser](https://linux.die.net/man/1/runuser)':18 'option':26 'run':6 'runus':30 'sudo':22 'use':34 'use-cas':33 'user':11,14 'way':4"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://feddit.nl/comment/4255538"
+editedAt: DateTimeImmutable @1698953029 {#1587
date: 2023-11-02 20:23:49.0 +01:00
}
+createdAt: DateTimeImmutable @1698952814 {#1575
date: 2023-11-02 20:20:14.0 +01:00
}
}
]
-id: 286
-bodyTs: "'advanc':103 'anyon':95 'aw':19 'block':65 'break':54 'command':2,16,31,73 'disabl':67 'everyon':8 'execut':35,40 'exist':26,81 'hi':7 'instanc':20,24 'know':96 'linux@lemmy.ml':104 'machin':52 'mention':77 'might':53 'mpirun':41 'not-root':4 'option':93 'particular':23 'privileg':38,70 'recommend':45 'root':6,28,37,84 'run':1,14,47,75 'sudo':49,69,88 'suppos':87 'thank':101 'u':89 'user':29,80 'way':63 'wonder':58 'work':10"
+upVotes: 0
+downVotes: 0
+ranking: 1699037071
+visibility: "visible "
+apId: "https://social.vivaldi.net/users/nirogu/statuses/111342431186356628"
+editedAt: null
+createdAt: DateTimeImmutable @1698950671 {#2652
date: 2023-11-02 19:44:31.0 +01:00
}
+__isInitialized__: true
…2
}
+magazine: Proxies\__CG__\App\Entity\Magazine {#1439 …}
+parent: Proxies\__CG__\App\Entity\PostComment {#1433 …}
+root: Proxies\__CG__\App\Entity\PostComment {#1437 …}
+image: null
+body: """
Laziness sparks innovation, and there could possibly be some other way to drop privileges. There’s loads of stuff I learn about Linux still - and my first install was summer 94\n
\n
Keep at it!
"""
+lang: "en"
+favouriteCount: 2
+score: 0
+lastActive: DateTime @1698969553 {#1756
date: 2023-11-03 00:59:13.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@linux@lemmy.ml"
"@nirogu@vivaldi.net"
"@Oisteink@feddit.nl"
]
+isAdult: false
+updateMark: false
+children: Doctrine\ORM\PersistentCollection {#1428 …}
+nested: Doctrine\ORM\PersistentCollection {#1441 …}
+votes: Doctrine\ORM\PersistentCollection {#1456 …}
+reports: Doctrine\ORM\PersistentCollection {#1788 …}
+favourites: Doctrine\ORM\PersistentCollection {#1656 …}
+notifications: Doctrine\ORM\PersistentCollection {#1655 …}
-id: 621
-bodyTs: "'94':31 'could':6 'drop':13 'first':27 'innov':3 'instal':28 'keep':32 'lazi':1 'learn':21 'linux':23 'load':17 'possibl':7 'privileg':14 'spark':2 'still':24 'stuff':19 'summer':30 'way':11"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://feddit.nl/comment/4262519"
+editedAt: null
+createdAt: DateTimeImmutable @1698969553 {#1634
date: 2023-11-03 00:59:13.0 +01:00
}
} |
|
Show voter details
|
| 19 |
DENIED
|
edit
|
App\Entity\PostComment {#1465
+user: App\Entity\User {#265 …}
+post: Proxies\__CG__\App\Entity\Post {#1451
+user: Proxies\__CG__\App\Entity\User {#2471 …}
+magazine: Proxies\__CG__\App\Entity\Magazine {#1439 …}
+image: null
+slug: "Run-command-as-not-root-Hi-everyone-At-work-I-have"
+body: """
Run command as not-root\n
\n
Hi everyone\n
\n
At work, I have to run a command in an AWS instance. In that particular instance only exists the root user. The command should not be executed with root privileges (it executes mpirun, which is not recommended to run as sudo or the machine might break), so I was wondering if there is a way to block or disable the sudo privileges while the command is running. As mentioned, the only user existing there is root, so I suppose "sudo -u" is not an option.\n
\n
Does anyone know how to do it? Thanks in advance!\n
\n
@linux@lemmy.ml
"""
+lang: "en"
+commentCount: 30
+favouriteCount: 36
+score: 0
+isAdult: false
+sticky: false
+lastActive: DateTime @1699069034 {#2653
date: 2023-11-04 04:37:14.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@linux@lemmy.ml"
]
+comments: Doctrine\ORM\PersistentCollection {#2654 …}
+votes: Doctrine\ORM\PersistentCollection {#2663 …}
+reports: Doctrine\ORM\PersistentCollection {#2665 …}
+favourites: Doctrine\ORM\PersistentCollection {#2697 …}
+notifications: Doctrine\ORM\PersistentCollection {#2693 …}
+children: [
App\Entity\PostComment {#1465}
App\Entity\PostComment {#1582
+user: App\Entity\User {#265 …}
+post: Proxies\__CG__\App\Entity\Post {#1451 …2}
+magazine: Proxies\__CG__\App\Entity\Magazine {#1439 …}
+parent: Proxies\__CG__\App\Entity\PostComment {#1589 …}
+root: Proxies\__CG__\App\Entity\PostComment {#1437 …}
+image: null
+body: "Read your other post and it seems to me that a rebuild of the system to accommodate non-root users would be my preferred solution. Trying to “work around“ issues like this are prone to break as the system is updated/changed. And you’re back to trying to figure out what’s changed and makes your script break."
+lang: "en"
+favouriteCount: 3
+score: 0
+lastActive: DateTime @1698955906 {#1637
date: 2023-11-02 21:11:46.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@linux@lemmy.ml"
"@nirogu@vivaldi.net"
"@Oisteink@feddit.nl"
]
+isAdult: false
+updateMark: false
+children: Doctrine\ORM\PersistentCollection {#1592 …}
+nested: Doctrine\ORM\PersistentCollection {#1578 …}
+votes: Doctrine\ORM\PersistentCollection {#1577 …}
+reports: Doctrine\ORM\PersistentCollection {#1579 …}
+favourites: Doctrine\ORM\PersistentCollection {#1581 …}
+notifications: Doctrine\ORM\PersistentCollection {#1572 …}
-id: 614
-bodyTs: "'accommod':17 'around':30 'back':46 'break':37,59 'chang':54 'figur':50 'issu':31 'like':32 'make':56 'non':19 'non-root':18 'post':4 'prefer':25 'prone':35 're':45 'read':1 'rebuild':12 'root':20 'script':58 'seem':7 'solut':26 'system':15,40 'tri':27,48 'updated/changed':42 'user':21 'work':29 'would':22"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://feddit.nl/comment/4256607"
+editedAt: null
+createdAt: DateTimeImmutable @1698955906 {#1644
date: 2023-11-02 21:11:46.0 +01:00
}
}
App\Entity\PostComment {#1573
+user: App\Entity\User {#265 …}
+post: Proxies\__CG__\App\Entity\Post {#1451 …2}
+magazine: Proxies\__CG__\App\Entity\Magazine {#1439 …}
+parent: Proxies\__CG__\App\Entity\PostComment {#1589 …}
+root: Proxies\__CG__\App\Entity\PostComment {#1437 …}
+image: null
+body: """
Linux privilege only understands user id’s and group id’s. These are mapped through /etc/passwd and /etc/groups. You will see in passwd that the root user has UID 0. Any account you create with UID 0 will have root privileges. So running the command specifying any user with UID!=0 will run without those privileges.\n
\n
It’s also possible to set user on execution with setuid - but that won’t work on scripts only binary executables.\n
\n
[en.wikipedia.org/wiki/Setuid](https://en.wikipedia.org/wiki/Setuid)\n
\n
[en.wikipedia.org/wiki/User_identifier](https://en.wikipedia.org/wiki/User_identifier)\n
\n
[en.wikipedia.org/wiki/Group_identifier](https://en.wikipedia.org/wiki/Group_identifier)
"""
+lang: "en"
+favouriteCount: 2
+score: 0
+lastActive: DateTime @1698955665 {#1571
date: 2023-11-02 21:07:45.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@linux@lemmy.ml"
"@nirogu@vivaldi.net"
"@Oisteink@feddit.nl"
]
+isAdult: false
+updateMark: false
+children: Doctrine\ORM\PersistentCollection {#1585 …}
+nested: Doctrine\ORM\PersistentCollection {#1551 …}
+votes: Doctrine\ORM\PersistentCollection {#1560 …}
+reports: Doctrine\ORM\PersistentCollection {#1526 …}
+favourites: Doctrine\ORM\PersistentCollection {#1527 …}
+notifications: Doctrine\ORM\PersistentCollection {#1525 …}
-id: 613
-bodyTs: "'/etc/groups':18 '/etc/passwd':16 '/wiki/group_identifier](https://en.wikipedia.org/wiki/group_identifier)':86 '/wiki/setuid](https://en.wikipedia.org/wiki/setuid)':80 '/wiki/user_identifier](https://en.wikipedia.org/wiki/user_identifier)':83 '0':30,37,51 'account':32 'also':59 'binari':76 'command':45 'creat':34 'en.wikipedia.org':79,82,85 'en.wikipedia.org/wiki/group_identifier](https://en.wikipedia.org/wiki/group_identifier)':84 'en.wikipedia.org/wiki/setuid](https://en.wikipedia.org/wiki/setuid)':78 'en.wikipedia.org/wiki/user_identifier](https://en.wikipedia.org/wiki/user_identifier)':81 'execut':65,77 'group':9 'id':6,10 'linux':1 'map':14 'passwd':23 'possibl':60 'privileg':2,41,56 'root':26,40 'run':43,53 'script':74 'see':21 'set':62 'setuid':67 'specifi':46 'uid':29,36,50 'understand':4 'user':5,27,48,63 'without':54 'won':70 'work':72"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://feddit.nl/comment/4256522"
+editedAt: DateTimeImmutable @1698955955 {#1424
date: 2023-11-02 21:12:35.0 +01:00
}
+createdAt: DateTimeImmutable @1698955665 {#1635
date: 2023-11-02 21:07:45.0 +01:00
}
}
App\Entity\PostComment {#1564
+user: App\Entity\User {#265 …}
+post: Proxies\__CG__\App\Entity\Post {#1451 …2}
+magazine: Proxies\__CG__\App\Entity\Magazine {#1439 …}
+parent: Proxies\__CG__\App\Entity\PostComment {#1437 …}
+root: Proxies\__CG__\App\Entity\PostComment {#1437 …}
+image: null
+body: """
There’s no way to run a command as another user if that user is not created.\n
\n
[linux.die.net/man/1/runuser](https://linux.die.net/man/1/runuser)\n
\n
Edit:sudo is also an option but I like runuser for your use-case
"""
+lang: "en"
+favouriteCount: 4
+score: 0
+lastActive: DateTime @1698952814 {#1586
date: 2023-11-02 20:20:14.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@linux@lemmy.ml"
"@nirogu@vivaldi.net"
]
+isAdult: false
+updateMark: false
+children: Doctrine\ORM\PersistentCollection {#1566 …}
+nested: Doctrine\ORM\PersistentCollection {#1562 …}
+votes: Doctrine\ORM\PersistentCollection {#1554 …}
+reports: Doctrine\ORM\PersistentCollection {#1556 …}
+favourites: Doctrine\ORM\PersistentCollection {#1555 …}
+notifications: Doctrine\ORM\PersistentCollection {#1620 …}
-id: 611
-bodyTs: "'/man/1/runuser](https://linux.die.net/man/1/runuser)':20 'also':24 'anoth':10 'case':35 'command':8 'creat':17 'edit':21 'like':29 'linux.die.net':19 'linux.die.net/man/1/runuser](https://linux.die.net/man/1/runuser)':18 'option':26 'run':6 'runus':30 'sudo':22 'use':34 'use-cas':33 'user':11,14 'way':4"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://feddit.nl/comment/4255538"
+editedAt: DateTimeImmutable @1698953029 {#1587
date: 2023-11-02 20:23:49.0 +01:00
}
+createdAt: DateTimeImmutable @1698952814 {#1575
date: 2023-11-02 20:20:14.0 +01:00
}
}
]
-id: 286
-bodyTs: "'advanc':103 'anyon':95 'aw':19 'block':65 'break':54 'command':2,16,31,73 'disabl':67 'everyon':8 'execut':35,40 'exist':26,81 'hi':7 'instanc':20,24 'know':96 'linux@lemmy.ml':104 'machin':52 'mention':77 'might':53 'mpirun':41 'not-root':4 'option':93 'particular':23 'privileg':38,70 'recommend':45 'root':6,28,37,84 'run':1,14,47,75 'sudo':49,69,88 'suppos':87 'thank':101 'u':89 'user':29,80 'way':63 'wonder':58 'work':10"
+upVotes: 0
+downVotes: 0
+ranking: 1699037071
+visibility: "visible "
+apId: "https://social.vivaldi.net/users/nirogu/statuses/111342431186356628"
+editedAt: null
+createdAt: DateTimeImmutable @1698950671 {#2652
date: 2023-11-02 19:44:31.0 +01:00
}
+__isInitialized__: true
…2
}
+magazine: Proxies\__CG__\App\Entity\Magazine {#1439 …}
+parent: Proxies\__CG__\App\Entity\PostComment {#1433 …}
+root: Proxies\__CG__\App\Entity\PostComment {#1437 …}
+image: null
+body: """
Laziness sparks innovation, and there could possibly be some other way to drop privileges. There’s loads of stuff I learn about Linux still - and my first install was summer 94\n
\n
Keep at it!
"""
+lang: "en"
+favouriteCount: 2
+score: 0
+lastActive: DateTime @1698969553 {#1756
date: 2023-11-03 00:59:13.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@linux@lemmy.ml"
"@nirogu@vivaldi.net"
"@Oisteink@feddit.nl"
]
+isAdult: false
+updateMark: false
+children: Doctrine\ORM\PersistentCollection {#1428 …}
+nested: Doctrine\ORM\PersistentCollection {#1441 …}
+votes: Doctrine\ORM\PersistentCollection {#1456 …}
+reports: Doctrine\ORM\PersistentCollection {#1788 …}
+favourites: Doctrine\ORM\PersistentCollection {#1656 …}
+notifications: Doctrine\ORM\PersistentCollection {#1655 …}
-id: 621
-bodyTs: "'94':31 'could':6 'drop':13 'first':27 'innov':3 'instal':28 'keep':32 'lazi':1 'learn':21 'linux':23 'load':17 'possibl':7 'privileg':14 'spark':2 'still':24 'stuff':19 'summer':30 'way':11"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://feddit.nl/comment/4262519"
+editedAt: null
+createdAt: DateTimeImmutable @1698969553 {#1634
date: 2023-11-03 00:59:13.0 +01:00
}
} |
|
Show voter details
|
| 20 |
DENIED
|
moderate
|
App\Entity\PostComment {#1465
+user: App\Entity\User {#265 …}
+post: Proxies\__CG__\App\Entity\Post {#1451
+user: Proxies\__CG__\App\Entity\User {#2471 …}
+magazine: Proxies\__CG__\App\Entity\Magazine {#1439 …}
+image: null
+slug: "Run-command-as-not-root-Hi-everyone-At-work-I-have"
+body: """
Run command as not-root\n
\n
Hi everyone\n
\n
At work, I have to run a command in an AWS instance. In that particular instance only exists the root user. The command should not be executed with root privileges (it executes mpirun, which is not recommended to run as sudo or the machine might break), so I was wondering if there is a way to block or disable the sudo privileges while the command is running. As mentioned, the only user existing there is root, so I suppose "sudo -u" is not an option.\n
\n
Does anyone know how to do it? Thanks in advance!\n
\n
@linux@lemmy.ml
"""
+lang: "en"
+commentCount: 30
+favouriteCount: 36
+score: 0
+isAdult: false
+sticky: false
+lastActive: DateTime @1699069034 {#2653
date: 2023-11-04 04:37:14.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@linux@lemmy.ml"
]
+comments: Doctrine\ORM\PersistentCollection {#2654 …}
+votes: Doctrine\ORM\PersistentCollection {#2663 …}
+reports: Doctrine\ORM\PersistentCollection {#2665 …}
+favourites: Doctrine\ORM\PersistentCollection {#2697 …}
+notifications: Doctrine\ORM\PersistentCollection {#2693 …}
+children: [
App\Entity\PostComment {#1465}
App\Entity\PostComment {#1582
+user: App\Entity\User {#265 …}
+post: Proxies\__CG__\App\Entity\Post {#1451 …2}
+magazine: Proxies\__CG__\App\Entity\Magazine {#1439 …}
+parent: Proxies\__CG__\App\Entity\PostComment {#1589 …}
+root: Proxies\__CG__\App\Entity\PostComment {#1437 …}
+image: null
+body: "Read your other post and it seems to me that a rebuild of the system to accommodate non-root users would be my preferred solution. Trying to “work around“ issues like this are prone to break as the system is updated/changed. And you’re back to trying to figure out what’s changed and makes your script break."
+lang: "en"
+favouriteCount: 3
+score: 0
+lastActive: DateTime @1698955906 {#1637
date: 2023-11-02 21:11:46.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@linux@lemmy.ml"
"@nirogu@vivaldi.net"
"@Oisteink@feddit.nl"
]
+isAdult: false
+updateMark: false
+children: Doctrine\ORM\PersistentCollection {#1592 …}
+nested: Doctrine\ORM\PersistentCollection {#1578 …}
+votes: Doctrine\ORM\PersistentCollection {#1577 …}
+reports: Doctrine\ORM\PersistentCollection {#1579 …}
+favourites: Doctrine\ORM\PersistentCollection {#1581 …}
+notifications: Doctrine\ORM\PersistentCollection {#1572 …}
-id: 614
-bodyTs: "'accommod':17 'around':30 'back':46 'break':37,59 'chang':54 'figur':50 'issu':31 'like':32 'make':56 'non':19 'non-root':18 'post':4 'prefer':25 'prone':35 're':45 'read':1 'rebuild':12 'root':20 'script':58 'seem':7 'solut':26 'system':15,40 'tri':27,48 'updated/changed':42 'user':21 'work':29 'would':22"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://feddit.nl/comment/4256607"
+editedAt: null
+createdAt: DateTimeImmutable @1698955906 {#1644
date: 2023-11-02 21:11:46.0 +01:00
}
}
App\Entity\PostComment {#1573
+user: App\Entity\User {#265 …}
+post: Proxies\__CG__\App\Entity\Post {#1451 …2}
+magazine: Proxies\__CG__\App\Entity\Magazine {#1439 …}
+parent: Proxies\__CG__\App\Entity\PostComment {#1589 …}
+root: Proxies\__CG__\App\Entity\PostComment {#1437 …}
+image: null
+body: """
Linux privilege only understands user id’s and group id’s. These are mapped through /etc/passwd and /etc/groups. You will see in passwd that the root user has UID 0. Any account you create with UID 0 will have root privileges. So running the command specifying any user with UID!=0 will run without those privileges.\n
\n
It’s also possible to set user on execution with setuid - but that won’t work on scripts only binary executables.\n
\n
[en.wikipedia.org/wiki/Setuid](https://en.wikipedia.org/wiki/Setuid)\n
\n
[en.wikipedia.org/wiki/User_identifier](https://en.wikipedia.org/wiki/User_identifier)\n
\n
[en.wikipedia.org/wiki/Group_identifier](https://en.wikipedia.org/wiki/Group_identifier)
"""
+lang: "en"
+favouriteCount: 2
+score: 0
+lastActive: DateTime @1698955665 {#1571
date: 2023-11-02 21:07:45.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@linux@lemmy.ml"
"@nirogu@vivaldi.net"
"@Oisteink@feddit.nl"
]
+isAdult: false
+updateMark: false
+children: Doctrine\ORM\PersistentCollection {#1585 …}
+nested: Doctrine\ORM\PersistentCollection {#1551 …}
+votes: Doctrine\ORM\PersistentCollection {#1560 …}
+reports: Doctrine\ORM\PersistentCollection {#1526 …}
+favourites: Doctrine\ORM\PersistentCollection {#1527 …}
+notifications: Doctrine\ORM\PersistentCollection {#1525 …}
-id: 613
-bodyTs: "'/etc/groups':18 '/etc/passwd':16 '/wiki/group_identifier](https://en.wikipedia.org/wiki/group_identifier)':86 '/wiki/setuid](https://en.wikipedia.org/wiki/setuid)':80 '/wiki/user_identifier](https://en.wikipedia.org/wiki/user_identifier)':83 '0':30,37,51 'account':32 'also':59 'binari':76 'command':45 'creat':34 'en.wikipedia.org':79,82,85 'en.wikipedia.org/wiki/group_identifier](https://en.wikipedia.org/wiki/group_identifier)':84 'en.wikipedia.org/wiki/setuid](https://en.wikipedia.org/wiki/setuid)':78 'en.wikipedia.org/wiki/user_identifier](https://en.wikipedia.org/wiki/user_identifier)':81 'execut':65,77 'group':9 'id':6,10 'linux':1 'map':14 'passwd':23 'possibl':60 'privileg':2,41,56 'root':26,40 'run':43,53 'script':74 'see':21 'set':62 'setuid':67 'specifi':46 'uid':29,36,50 'understand':4 'user':5,27,48,63 'without':54 'won':70 'work':72"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://feddit.nl/comment/4256522"
+editedAt: DateTimeImmutable @1698955955 {#1424
date: 2023-11-02 21:12:35.0 +01:00
}
+createdAt: DateTimeImmutable @1698955665 {#1635
date: 2023-11-02 21:07:45.0 +01:00
}
}
App\Entity\PostComment {#1564
+user: App\Entity\User {#265 …}
+post: Proxies\__CG__\App\Entity\Post {#1451 …2}
+magazine: Proxies\__CG__\App\Entity\Magazine {#1439 …}
+parent: Proxies\__CG__\App\Entity\PostComment {#1437 …}
+root: Proxies\__CG__\App\Entity\PostComment {#1437 …}
+image: null
+body: """
There’s no way to run a command as another user if that user is not created.\n
\n
[linux.die.net/man/1/runuser](https://linux.die.net/man/1/runuser)\n
\n
Edit:sudo is also an option but I like runuser for your use-case
"""
+lang: "en"
+favouriteCount: 4
+score: 0
+lastActive: DateTime @1698952814 {#1586
date: 2023-11-02 20:20:14.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@linux@lemmy.ml"
"@nirogu@vivaldi.net"
]
+isAdult: false
+updateMark: false
+children: Doctrine\ORM\PersistentCollection {#1566 …}
+nested: Doctrine\ORM\PersistentCollection {#1562 …}
+votes: Doctrine\ORM\PersistentCollection {#1554 …}
+reports: Doctrine\ORM\PersistentCollection {#1556 …}
+favourites: Doctrine\ORM\PersistentCollection {#1555 …}
+notifications: Doctrine\ORM\PersistentCollection {#1620 …}
-id: 611
-bodyTs: "'/man/1/runuser](https://linux.die.net/man/1/runuser)':20 'also':24 'anoth':10 'case':35 'command':8 'creat':17 'edit':21 'like':29 'linux.die.net':19 'linux.die.net/man/1/runuser](https://linux.die.net/man/1/runuser)':18 'option':26 'run':6 'runus':30 'sudo':22 'use':34 'use-cas':33 'user':11,14 'way':4"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://feddit.nl/comment/4255538"
+editedAt: DateTimeImmutable @1698953029 {#1587
date: 2023-11-02 20:23:49.0 +01:00
}
+createdAt: DateTimeImmutable @1698952814 {#1575
date: 2023-11-02 20:20:14.0 +01:00
}
}
]
-id: 286
-bodyTs: "'advanc':103 'anyon':95 'aw':19 'block':65 'break':54 'command':2,16,31,73 'disabl':67 'everyon':8 'execut':35,40 'exist':26,81 'hi':7 'instanc':20,24 'know':96 'linux@lemmy.ml':104 'machin':52 'mention':77 'might':53 'mpirun':41 'not-root':4 'option':93 'particular':23 'privileg':38,70 'recommend':45 'root':6,28,37,84 'run':1,14,47,75 'sudo':49,69,88 'suppos':87 'thank':101 'u':89 'user':29,80 'way':63 'wonder':58 'work':10"
+upVotes: 0
+downVotes: 0
+ranking: 1699037071
+visibility: "visible "
+apId: "https://social.vivaldi.net/users/nirogu/statuses/111342431186356628"
+editedAt: null
+createdAt: DateTimeImmutable @1698950671 {#2652
date: 2023-11-02 19:44:31.0 +01:00
}
+__isInitialized__: true
…2
}
+magazine: Proxies\__CG__\App\Entity\Magazine {#1439 …}
+parent: Proxies\__CG__\App\Entity\PostComment {#1433 …}
+root: Proxies\__CG__\App\Entity\PostComment {#1437 …}
+image: null
+body: """
Laziness sparks innovation, and there could possibly be some other way to drop privileges. There’s loads of stuff I learn about Linux still - and my first install was summer 94\n
\n
Keep at it!
"""
+lang: "en"
+favouriteCount: 2
+score: 0
+lastActive: DateTime @1698969553 {#1756
date: 2023-11-03 00:59:13.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@linux@lemmy.ml"
"@nirogu@vivaldi.net"
"@Oisteink@feddit.nl"
]
+isAdult: false
+updateMark: false
+children: Doctrine\ORM\PersistentCollection {#1428 …}
+nested: Doctrine\ORM\PersistentCollection {#1441 …}
+votes: Doctrine\ORM\PersistentCollection {#1456 …}
+reports: Doctrine\ORM\PersistentCollection {#1788 …}
+favourites: Doctrine\ORM\PersistentCollection {#1656 …}
+notifications: Doctrine\ORM\PersistentCollection {#1655 …}
-id: 621
-bodyTs: "'94':31 'could':6 'drop':13 'first':27 'innov':3 'instal':28 'keep':32 'lazi':1 'learn':21 'linux':23 'load':17 'possibl':7 'privileg':14 'spark':2 'still':24 'stuff':19 'summer':30 'way':11"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://feddit.nl/comment/4262519"
+editedAt: null
+createdAt: DateTimeImmutable @1698969553 {#1634
date: 2023-11-03 00:59:13.0 +01:00
}
} |
|
Show voter details
|