如何以与根 cronjob 不同的用户身份运行命令?
我似乎陷入了 NFS 限制和 Cron 限制之间。
因此,我让 root cron(在 RHEL5 上)运行一个 shell 脚本,除其他外,该脚本还需要通过 NFS 安装 rsync 一些文件。 NFS 挂载上的文件由模式 700 的 apache 用户拥有,因此只有 apache 用户可以运行 rsync 命令——以 root 身份运行会产生权限错误(显然,NFS 是一种罕见的情况,其中 root 用户是不是全能的?)
当我只想手动运行 rsync 时,我可以使用“sudo -u apache rsync ...”但是 sudo no workie in cron - 它说“sudo:抱歉,你必须有一个 tty”运行 sudo”。
我不想将整个脚本作为 apache 运行(即从 apache 的 crontab 运行),因为脚本的其他部分确实需要 root——这只是需要作为 apache 运行的一个命令。我真的不想更改文件的模式,因为这将涉及对其他应用程序的重大更改。
必须有一种方法可以从 cron 完成“sudo -u apache”?
谢谢! 抢
I seem to be stuck between an NFS limitation and a Cron limitation.
So I've got root cron (on RHEL5) running a shell script that, among other things, needs to rsync some files over an NFS mount. And the files on the NFS mount are owned by the apache user with mode 700, so only the apache user can run the rsync command -- running as root yields a permission error (NFS being a rare case, apparently, where the root user is not all-powerful?)
When I just want to run the rsync by hand, I can use "sudo -u apache rsync ..." But sudo no workie in cron -- it says "sudo: sorry, you must have a tty to run sudo".
I don't want to run the whole script as apache (i.e. from apache's crontab) because other parts of the script do require root -- it's just that one command that needs to run as apache. And I would really prefer not to change the mode on the files, as that will involve significant changes to other applications.
There's gotta be a way to accomplish "sudo -u apache" from cron??
thanks!
rob
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(5)
su --shell=/bin/bash --session-command="/path/to/command -argument=something" 用户名 &
对我有用(CentOS)
su --shell=/bin/bash --session-command="/path/to/command -argument=something" username &
Works for me (CentOS)
使用
su而不是sudo:Use
suinstead ofsudo:默认情况下,在 RHEL 上,没有终端 (tty) 的进程不允许使用
sudo。这是在/etc/sudoers中设置的。您可以使用以下说明为特定用户允许无 tty
sudo:https://serverfault.com/questions/111064/sudoers-how-to-disable-requiretty-per-user
By default on RHEL,
sudoisn't allowed for processes without a terminal (tty). That's set in/etc/sudoers.You can allow tty-less
sudofor particular users with these instructions:https://serverfault.com/questions/111064/sudoers-how-to-disable-requiretty-per-user
如果你想永久地让你以 apache 的身份摆弄:
这允许你更改用户的 shell
If you want to permanently enable you to fiddle around as apache:
this allows you to change the shell for the user
将其放在 /etc/crontab 中并在用户字段中指定 apache 而不是 root
place it in /etc/crontab and specify apache instead of root in the user field