Run command as not-root
Hi everyone
At work, I have to run a command in an AWS instance. In that particular instance only exists the root user. The command should not be executed with root privileges (it executes mpirun, which is not recommended to run as sudo or the machine might break), so I was wondering if there is a way to block or disable the sudo privileges while the command is running. As mentioned, the only user existing there is root, so I suppose “sudo -u” is not an option.
Does anyone know how to do it? Thanks in advance!
You probably want to run the command as
nobody, the special system user who daemons become when they don’t want to have root permissions.Use root to create new user, then run app as new user.
@astray yeah, that could be an option, but if more users exist in that machine then other processes might fail as that instance is part of a bigger cluster that has several processes running. It might not be a big deal, but checking that may still need some work. I’d prefer a way to do it without creating new users, if it exists
There are no other users at all? Seems like a lot of stuff simply wouldn’t work without a single non-root user, not to mention this is a pretty bad security stance considering the only user is the most powerful one.
If you do have another user on the instance you can su as that other user, nobody for example, from the root account. Run ‘cat /etc/passwd’ and you will see every available user on the instance.
Forgot to mention that creating a new user brings a lot of problems because of how that machine is configured and all the tools that would need to be added the new user’s permission. In theory it would eventually work after some time working on it, but I’d like to know if there’s a way to do it without creating users (or if it’s impossible, so I can just go on with that only option)
@linuxYou can run commands as the new user from the root account.
su -c 'command' username
Enter the password for the new user when prompted.
This way at least the main account is still root and the command is being run without root privileges on the new users account.
Are you certain this isn’t a docker container you’ve logged into?
@ursakhiin honestly, didn’t consider it. Just checked and the “docker” command doesn’t even exist so I assume that is not the case. Do you know if the is any other way I can be certain?
Well, the docker command wouldn’t exist inside of a container. You could use uname to check the system info.
How is it you don’t know this information about a system you’ve connected to?
@ursakhiin honestly, I didn’t even know an aws instance could be a docker image. Everything I did was creating the instance normally so I assumed it was just a regular vm. But already double checked and it is not a docker image, so no problem there 🙂
