jhuckaby
shell script plugin set to run as another user #2
Summary
This relates to https://github.com/jhuckaby/Cronicle/issues/141 but now using local users, not LDAP users. Although this issue is closed it still does not seem to work: if I set the 'Run as User (UID)'-parameter to a local user listed in etc/passwd I get error 'Error: Plugin Error: User does not exist: XXXXX'. I also tried to enter the UID with same result.
Steps to reproduce the problem
From a fresh single master set up , go to Admin tab, Edit Plugin, Shell Plugin, Advanced, Run as User (UID), set a user name available in /etc/passwd on the local server where cronicle master is installed. Now create a New Event using this plugin with target=local master server, command 'whoami'. When running the task it fails with 'Error: Plugin Error: User does not exist: XXXXX' . When leaving the 'Run as User (UID)'-parameter empty the task runs fine and 'whoami' outputs 'root'.
Your Setup
Using a single server Using the filesystem as back-end storage
Operating system and version?
CentOS 7
Node.js version?
v12.13.0-linux-x64
Cronicle software version?
0.8.32
I do apologize, but I cannot reproduce this issue. I have CentOS 7.5.1804, Node.js v12.13.0, and Cronicle v0.8.32. The Shell Plugin works just fine when configured to run as other local users from /etc/passwd:
[2019/11/06 19:59:02] uid=1001(jhuckaby) gid=1001(jhuckaby) groups=1001(jhuckaby) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[2019/11/06 19:59:36] uid=89(postfix) gid=89(postfix) groups=89(postfix) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
Internally Cronicle uses the getpwnam() function from pixl-tools, which uses this command on Linux:
/usr/bin/getent passwd [USERNAME]
Example:
/usr/bin/getent passwd jhuckaby
Output:
jhuckaby:x:1001:1001::/home/jhuckaby:/bin/bash
Perhaps this utility is missing from your server, or doesn't work properly? I thought it was universal. Can you try this command on your server, with one of the usernames that isn't working in Cronicle?
Also, please note that the Cronicle daemon MUST be running as root for the change-user feature to even work. Could it be that you somehow started it as another user?
That's all I can think of. I do apologize!
Thanks for looking into this. The utility does work on my server:
command:
/usr/bin/getent passwd postgres
output:
postgres:x:26:26:PostgreSQL Server:/var/lib/pgsql:/bin/bash
And my daemon is running as root indeed. So all seems fine. Is there a way to log debug statements?
Unfortunately no, that's a static utility that has no access to the debug logger. Just out of curiosity, what does this command output for you, when executed on your Cronicle server as root:
cd /opt/cronicle
node -e 'console.log( require("pixl-tools").getpwnam("postgres") );'
When running as root:
node -e 'console.log( require("pixl-tools").getpwnam("postgres") );'
I get:
null
That is really very bizarre. That code simply shells out to /usr/bin/getent on Linux and returns the results. I cannot fathom how this is not working on your server. It's quite a mystery.
It may be that for some reason, Node.js doesn't detect your server as running Linux. It's the only possible thing I can think of. What does this print for you:
node -e 'console.log(process.platform);'
If this outputs linux then I am completely out of ideas.
It does recognizes the system as linux:
node -e 'console.log(process.platform);'
output:
linux
I'll dig into this
On https://github.com/jhuckaby/pixl-tools/commits/master I noticed a fix 'fix for User not found error with Cronicle' commited and merged Oct 17. Don't know if this is related and whether it made it to the latest release? Using Version 0.8.32.
Cronicle is configured to install the latest pixl-tools package version. So it really depends on when you installed your Cronicle software. If you installed it anytime after the pixl-tools change, you'll have it.