Forum: CFEngine Help Subject: Re: commands with setuid environment Author: sauer Link to topic: https://cfengine.com/forum/read.php?3,23529,23542#msg-23542
You need to add a bare - (or, alternatively, -l also works on some platforms) to the su command to get it to source the user's login files (ie, run in a login shell) before executing the command. Because of screwy quoting rules with su and the -c option (ie, -c expects one arg, so you have to quote the whole command, which means quoted args to the command need nested quotes), I personally prefer to use sudo with the -l option to run commands as other users. In my eyes, it just seems more clean to run sudo -u destusr -l /path/to/command arg1 arg2 than su destuser - -c '/path/to/command arg1 arg2' With that said, I've not tried either in Cfengine. But I've done both a *lot* in other scripts, so I see little reason that it'd be a problem here. :) The drawback with sudo, of course, is that you need sudoers set up to allow you to run the command. It may or may not allow root to run commands by default on your environment. _______________________________________________ Help-cfengine mailing list [email protected] https://cfengine.org/mailman/listinfo/help-cfengine
