Topic: System command is erroneously executed as root

Within model code, I call a bash shell script, like this:

call = "path/to/script #{arg1} #{arg2} ..."
puts call
system call

Now the problem is that this script is erroneously executed with root rights. I circumvented this problem with

call = "sudo -u myrailsuser path/to/script  #{arg1} #{arg2} ..."
puts call
system call

but now even this does not help: path/to/script is executed as root!

The problem is that the script must (due to its program logic) and should (for security reasons) be run with rights of myrailsuser, and as root.

Re: System command is erroneously executed as root

Start with this: sudo -u myrailsuser whoami
What does it return?  Try from command line and from within rails.

Re: System command is erroneously executed as root

sudo -u myrailsuser whoami
returns myrailsuser in all cases.

However,
echo $HOME
and
sudo -u myrailsuser  echo $HOME
both return /root when executed within the Mongrel server (using the method system), while it returns /home/myrailsuser when executed within script/console (either development or production) or from the shell.
I am working with Ubuntu 9.04 where myrailsuser is admin and hence can get root rights via sudo (but there is no sudo, except from sudo -u myrailsuser, which however explicitly switches to myrailsuser).

Edit: Not only that $HOME is /root, but I can also perform operations that require roor privileges.
I should stress that the Mongrel server is run as myrailsuser, and in development mode. In production mode, the problem does not occur.

Last edited by tillmo (2010-02-02 19:48:58)

Re: System command is erroneously executed as root

Well, I bet the environment doesn't change, so it makes sense that $HOME would return the same thing in both cases.

So in the /path/to/script echo whoami.

Is mongrel run as root?  mongrel should run as myrailsuser instead, would be safer and system calls would be run as myrailsuser.

Re: System command is erroneously executed as root

pullmonkey wrote:

Well, I bet the environment doesn't change, so it makes sense that $HOME would return the same thing in both cases.

So in the /path/to/script echo whoami.

Is mongrel run as root?  mongrel should run as myrailsuser instead, would be safer and system calls would be run as myrailsuser.

Mongrel is not run as root!

Re: System command is erroneously executed as root

tillmo wrote:

Mongrel is not run as root!

Alright, calm down ... your edit wasn't until after my post went through.
So then who is mongrel run as?

Work with some other simple commands like:
system("sudo -u myrailsuser mkdir /tmp/blah1") then go check and see who owns the directory
system("mkdir /tmp/blah2") then go check and see who owns the directory

What type of script are you running?  What are the contents of the script?

Re: System command is erroneously executed as root

pullmonkey wrote:

Alright, calm down ... your edit wasn't until after my post went through.
So then who is mongrel run as?

Sorry. Mongrel is run as myrailsuser

pullmonkey wrote:

Work with some other simple commands like:
system("sudo -u myrailsuser mkdir /tmp/blah1") then go check and see who owns the directory
system("mkdir /tmp/blah2") then go check and see who owns the directory

The owner is myrailsuser. So contrary to what I said, there are no root rights. It is just the value of $HOME that is wrong.

pullmonkey wrote:

What type of script are you running?  What are the contents of the script?

It is a complicated script, but the place where it fails is quite easy:

cd ~/myfolder

And then an error occurs: /root/myfolder does not exist

This is because $HOME is erroneously set to /root instead of /home/myrailsuser

By the way, I have encounted this problem now also in production mode.

Re: System command is erroneously executed as root

All makes sense and nothing is actually being executed as root, it is just misleading that the $HOME var is /root right?.
Try setting the homedir for your user - usermod -d /home/myrailsuser myrailsuser

http://linux.about.com/od/commands/l/bl … sermod.htm