Home / ubuntu / Questions / 1346404
Accepted
Čamo
Asked: 2021-06-17 23:05:21 +0800 CST

Is there something as events in Ubuntu?

  • 772

I would like to know if Ubuntu has something like events. I need to run a Jenkins job but Jenkins has no sudo privileges and I dont want to give it to him. But job needs to run some actions which requires sudo privileges. The solution could be to trigger an event which will listen as root user and this event would run the code with sudo privileges. May be I am still confused by privileges but this could be very handy I think. Or something like public root user interface which will be available for other users but will run as root user. Like

root->doSomethingAsRoot()

Hope you understand what I want to achieve. Thanks for help.

PS This question is related to this issue

permissions

3 Answers

  1. If the actions that need to be run as root can be separated into separate processes/scripts, then you can run these processes as setuid root. It is a very handy tool that in my opinion is used far too rarely.

    What are setuid processes? Look for example at the passwd command. It can be run by any user, but it needs to be run as root, as it needs to modify password stored in a file that only root can access (/etc/shadow).

    How it is done? Look at the permissions of the /usr/bin/passwd binary:

    -rwsr-xr-x 1 root root 68208 maj 28  2020 /usr/bin/passwd

    The "s" instead of "x" in the owner field indicates that this binary will be run with the rights of its owner - that is root.

    This way every binary can be made to run as root (or any other user), independent of who is calling it.

    However, on scripts the setuid bit is ignored for security reasons. So to run a script as root you need to use a binary wrapper that will call the script from inside. You can use the following simple C program to create such a wrapper:

    #include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <unistd.h>
#include <sys/wait.h>

int main()
{
   int rc;
   setuid( 0 );
   rc=WEXITSTATUS(system( "/path/to/your/script" ));
   exit(rc);
}

    Compile the program and make the executable setuid root (assuming the executable is called wrapper, do sudo chown root:root wrapper followed by sudo chmod o+s wrapper).

    BTW. The script that is run from inside the wrapper does not have to be setuid; only the wrapper needs to.

    Edit: from your explanation in the comments it looks that you want to run a particular rm -rf /some/path command as root and are concerned to not accidentally remove anything else. In that case, I suggest just replacing the /path/to/your/script part in the wrapper program above by this very command rm -rf /some/path, and just run the wrapper binary from your script in the place where you would run rm -rf /some/path command. This seems to be the safest approach.

    • 1

  2. My straight forward solution is to run endless background script as root which find and deletes required directories every 10 seconds. It runs as nohup so it is still running although I close the terminal.

    while true
do
  find /var/www -maxdepth 1 -type d -name 'deploy-old-*' -exec rm -rf {} \;
  sleep 10
done
    • 0
  3. Best Answer

    The final solution for this issue where Laravel generates the files with chmod 644 is to set up ACL privileges for the parent directory via setfacl.

    setfacl -R -dm "g:www-data:rw" $www_new_app_dir/storage

    where all generated files will inherit the acl settings from parent directory. In this case rw for www-data group.

    • 0