Running commands as normal user

Similar Messages

• Rc.local, run command as regular user?

  I want to run a command at startup that can't safely be run as root (and I don't want it to be anyway).  The only way I know of to execute a command at startup is rc.local, but that will run the command as root.  I know sudo can be used to run commands as other users.  If I use sudo to change what user the startup command is running as, will that be safe?  In other words, will that effectively make it as if it was being run by a regular user instead of root?  Or is there a better way of doing this?  Thanks.

  You can also put it in your .bashrc, so it will be executed every time you log in. For example, I have it set to mount my external disc if it's plugged but not mounted:
  if [[ -r /dev/disk/by-label/disco-externo && `mount | grep disco-externo | wc -l` -eq 0 ]]
  then
  sudo mount /dev/disk/by-label/disco-externo /mnt/disco-externo
  fi
  If you put the sudo away you can start any command as a regular user under certain circumstances.

• Running sbin commands as normal user

  Here's the problem: I would like to run rc.d to start/restart/stop daemons as a normal user.
  I ran into two possible workarounds:
  1. Sudoers file
  I've setup sudoers file to not ask for the password with:
  myuser ALL = NOPASSWD: /sbin/rc.d
  That of course still force me to write sudo before rc.d to start/restart/stop a daemon. Next step could be to create an alias like alias rc.d='sudo rc.d'.
  2. Permissions
  Another way would be to change the permissions of the command so It can be ran by "all" or a specific group.
  Maybe I'm just crazy, but all these workarounds look a bit "dirty" to me, so I was wondering if someone else knows a different approach to this issue :).

  SS4 wrote:
  pablox wrote:
  Btw, I just found that even when sudo -l shows me:
  User myuser may run the following commands on this host:
      (root) NOPASSWD: ALL
      (ALL) ALL
  It still asks for my password when I ran an app through sudo, any clue of what would be happening?
  That's just saying that you're allowed to use sudo, not that you can use it without a password.
  For example when I run sudo -l
  User me may run the following commands on this host:
  (ALL) ALL
  (ALL) ALL
  (root) NOPASSWD: /usr/bin/pacman, (root) /usr/bin/pacdiffviewer, (root) /usr/bin/make, (root) /sbin/shutdown, (root) /usr/sbin/hddtemp, (root) /usr/bin/pacman-color, (root) /usr/sbin/pm-suspend
  From my limited understanding (root) means that I become root user
  AFAIK our configurations are almost the same, except from the fact that I have configured it to supposedly not ask for the password for every command and in your case of the commands listed there.
  If you ran pacman with sudo, it asks your password?

• Run SunOne using normal user

  Hi, I have installed SunOne AppSvr7 on UNIX Server (SunOS) on my own directory "/export/home/SUNWappsvr7".
  I have installed the software using root permission.
  I can start and stop the app-server using root with no problem.
  However, I need to run/operate the app-server with user which does not have root permission.
  I do a chown to user with no root permission on the following directory:
  - <install_config_dir>: /export/home/SUNWappsvr7/config
  - /export/home/SUNWappsvr7/var <-- this contains the domains directory
  - /export/home/SUNWappsvr7/bin
  The error message that i get from the server.log file is as follows:
  [25/Mar/2003:09:19:06] INFO ( 3947): CORE1116: Sun ONE Application Server 7.0
  [25/Mar/2003:09:19:16] INFO ( 3948): CORE5076: Using [Java HotSpot(TM) Server VM, Version 1.4.0_02] from [Sun Microsystems Inc.]
  [25/Mar/2003:09:19:29] INFO ( 3948): JMS5029: Successfully attached to an existing Message Queue broker. Instance Name = TowerDomain_TowerInst
  [25/Mar/2003:09:19:48] INFO ( 3948): JTS5014: Recoverable JTS instance, serverId = [100]
  [25/Mar/2003:09:19:51] INFO ( 3948): RAR5060: Install JDBC Datasources ...
  [25/Mar/2003:09:19:52] INFO ( 3948): JMS5015: Install JMS resources ...
  [25/Mar/2003:09:20:03] SEVERE ( 3948): HTTP3127: HTTP listener http-listener-1 [http://suntest11:88]: Error creating socket (Permission denied)
  [25/Mar/2003:09:20:03] SEVERE ( 3948): HTTP3094: 1 HTTP listener socket(s) could not be created
  [25/Mar/2003:09:20:03] SEVERE ( 3948): CORE3186: Failed to set configuration
  Is there any special configurations or any other required steps to get Appserver running with no root permission?
  If anyone could help me with this problem, it would be deeply appreciated.
  Thanks in advance.

  Only root is allowed to listen on ports below 1024. Your Application Server has an HTTP listener configured on port 88. If you will not be starting your Application Server as root, you must choose another port.

• [SOLVED] Dropbox - can't run as normal user, but as root

  I have problems with running dropbox as normal user. I installed dropbox from AUR. It is successfully installed. But when I type in terminal dropboxd I get:
  WARNING: Cannot write to "/home/USERNAME/.dropbox/dropbox.pid"
  I can run dropboxd as root from terminal, but that way default Dropbox folder is created with root permissions in my /home directory. Is there some way to run dropbox as normal user and having Dropbox folder with permissions for my user?
  Last edited by archiebald (2010-02-18 22:50:33)

  Thanks toad and pickboy87 for advices. It's my fault, and lack of concetration after long hours of staring at screen.
  Solution is this:
  sudo chown -R USERNAME /home/USERNAME/.dropbox
  Btw. Ubuntu do all automatically, with Dropbox install, all I need is to follow on screen directions, and next, next.:lol:
  edit:
  everything works out of the box with dropbox install on other Arch machine i tried, probably I messed something with configuration somewhere before.
  Last edited by archiebald (2010-02-18 23:05:13)

• Portlet will run/output when run as Admin, but not normal user

  Anyone know why a portlet would run/output under admin privs, but will not run under a normal user's privs? This is a VB.NET portlet using the EDK. Anyone have any ideas?

  Flash Player should be initially installed using an Admin account.  Once installed however, it should work for all users.  If it does not function, then I suspect you're running into a file/folder/registry permission issue.  This FAQ can help repair these problems:
  How do I fix Windows permission problems with Flash Player?

• [solved] hook to run commands when user logs in? (before bash profile)

  Is there any way to run commands when a user logs in but before the bash profile is sourced?
  For example, I have a user account with a home directory on /tmp. When the user logs in, the home directory might not exist so there will be no .bash_profile to source. I want to run a script to create the directory if necessary and copy some files into it. How can that be done?
  I thought of putting something in /etc/profile or /etc/profile.d/, but I would like to run something before the user's shell and environment become active.
  I can use /etc/rc.local to do what I want, but I would prefer a hook to ensure that everything is set right when the user logs in.
  Any ideas?
  *edit*
  Solution
  In my case, I found that I could write my own shell script and set it as a login shell. In the script, I can configure everything I need before launching the interactive shell, then clean up anything after it exits.
  Last edited by Xyne (2011-12-10 19:34:07)

  Thanks, dammannj. PAM could probably do what I need but I think I have found a simpler solution (see original post).

• Can ACS run commands at logon for specific users?

  I have a scenario where I'd like a command run at the time a user logs into the device. Can ACS do this on behalf of the user during the logon process?

  Sure. Bigip LTM, once authenticated, drops users into what is called a TMSH shell. This breaks rancid since rancid expects to be in a bash shell.
  You can access bash from TMSH via a command(run util bash). I'd like ACS to pass this command and run it the moment the rancid user logs in. That way subsoquent commands from rancid will work since he will at that point be at a bash prompt.
  Basically a logon script that runs commands for the user at the time the user logs in.

• Pm-suspend: as normal user without changing sudoers and wake-up issue

  I'd like to be able to suspend my laptop as a normal user, but I don't want to "break" sudo just to do this. One wiki article (Suspend to RAM) says this:
  In fact, only the pm-utils approach can be called without special privileges, see pm-utils#Suspend.2FHibernate as regular user
  Linked article from the quote above describes how to make sudo run without asking for password. I wouldn't call that "without special privileges". After all, I can make anything run without special privileges if I edit sudoers in such way.
  Is there any proper way to make pm-suspend run as a normal user?
  One other thing about pm-suspend... I use netcfg and laptop-mode-tools. After wake-up from pm-suspend my wlan interface is down and hdparm -B value is set to 128. The wiki says that pm-utils is recommend for suspending to RAM because it can handle such things (i.e. restore as much as possible). Is there anything I must configure for this to work? If not, how can I set a custom script to be run after wake-up from pm-suspend?

  For example: https://bbs.archlinux.org/viewtopic.php?id=127962
  Edit: did you adjust the hdparm settings in laptop-mode.conf?
  Last edited by bohoomil (2011-10-16 11:44:20)

• Allow normal user to run "ip link set"

  Hi,
  every time I power on my wireless lan device by hardware switch I have to execute
  ip link set wlan0 up
  as root in order to use it. There's a bash script which is triggered with normal user rights by the switch.
  I'm member of the network group, but I can't use the bash script to run ip automatically:
  [drake@laptop ~]$ ip link set wlan0 up
  RTNETLINK answers: Operation not permitted
  Is there a way to allow my account to set up wlan0?
  Thanks!
  Drake

  Good afternoon.
  I believe we have a RFE for this issue our datebase. Namely:
  Bug 18202: Allow to specify params in reports but prevent saving changes
  If I may, I recommend that you open a support case and ask the responsible engineer to add your company's information to the RFE (once it's confirmed that the 2 issues are indeed the same). Doing so will increase the chances of this functionality being added to the product in a future release.
  Regards,
  Alex

• How to run the the impersonation permission grant command for multiple users

  I have run below command earlier to grant the impersonation for a user called user1
  get-mailbox -identity user1 | add-adpermission -user domainname\service application user -ExtendedRights ms-Exch-EPI-May-Impersonate
  Now I want to run this command for multiple users like user2, user3, user 4 together. How should I run the command.
  This is for Exchange Server 2007 SP2
  Abhijeet M. Mohite

  Hi Abhijeet
  get-mailbox -identity user1 | add-adpermission -user domainname\service application user -ExtendedRights ms-Exch-EPI-May-Impersonate
  I am little bit confused with this command so can you please help me what to right inplace of User1 and domainname\service application user
  Example: I wanted to give Impersonate rights to
  [email protected] then can you please complete command for me.      Thanks in advance.
  Warm Regards, Pramod Kumar Singh Manager-IT

• Can't run command because user is in read-only mode.

  Hi
  I try to execute any sql statment i am getting this error.
  Can't run command because user is in read-only mode.

  user493528 wrote:
  I am having the same issue with Benthic when I do the With clause.
  I understand this is not related to Oracle but did anyone had issue related to this. I am getting the same error. Is it related to ODBC driver of how Benthic use to connect etc.,? I do not know.
  Thanks
  Gopihttp://www.benthicsoftware.com/support.html

• Difference in running program Administrator or normal user?

  Hi,
  I've written a simple program (logged in as administrator), in which an LED control is turned on when a process starts, and off when the process ends, a sort of Busy-indicator.
  I switched to a normal user, and now the LED control does not operate anymore... Sometimes I can turn it on, but not in the required function...
  Where does the difference come from?? What else does it affect, aside from LED controls?
  Many thanks,
  Karel

  The user account privileges should not affect CVI UI objects. Are you sure it is not that the application needs privileges to check if the process is running? Does the code that alters the value of the LED ever run? Could you post code that demonstrates this?
  National Instruments
  Product Support Engineer

• Setting user permissions when running commands

  Here's a doosey,
  Looking to implement a system which will run "commands" being recieved from the network from a bunch of different users. I want the users to have different permissions depending on their username. I'm thinking the backing store as being an LDAP database. (easy update over the network, no using the policy editor, etc).
  Anyone got any advice, experience, existing products which do this? I"m looking at java.security.Profile and java.security.AccessController, java.security.ProtectionDomain and rolling my eyes. Kinda difficult.
  Am I barking up the wrong/right tree?
  Any ideas?
  Many thanks
  Keith

  I think I understand what you're saying, however i'm using the LDAP database to store the user's permissions (exactly like a policy file). So I"m not using LDAP to handle the authentication, just the data.
  It's the process of what you call "assigning the secuirty level" that I wanted to do...
  I think I've found what I'm looking for - JAAS. First I implent a java.security.Policy (in particular the getPermissions(ProtectionDomain domain) method). Then create my own java.security.Principal (containing the username) and associate that with a java.security.auth.Subject then use the Subject.doAs method.
  IN the command code then I do a AccessController.checkPermission(Permission ) method which will throw an exception if the permission is not found.
  I think this is it anyway.

• How to run commands upon system boot as user?

  How can I as a user run commands upon system boot? In Vixie's cron, one can use the @reboot syntax in a crontab, and the job is ran every time the cron daemon starts. Arch however, uses Dillon's cron which seems not support this feature.

  bwalk wrote:Hmm, does not work, because root owns init, so everything requires root. stb's version is valid, the -s parameter drops privileges to <USER>, spawns a shell and executes <COMMAND>. So, no security problem whatsoever.
  So there is nothing like @reboot in vixiecron?