Page History
Table of Contents |
---|
Introduction
The JS7 Agent for Unix is running in a specific user account and by default will execute jobs within the context and permissions of this account.
- Running a job as a different user includes to login as that user, optionally to load the user profile and to execute commands in this context.
- User switching applies to Shell Jobs and is performed by the built-in
sudo
andsu
capabilities of the operating system.
This article applies to the JS7 Agent for Unix only. For Windows environments see JS7 - Running Jobs as a different User
...
Basics
Users can choose to
- operate the Agent as the
root
run-time account:- This allows the Agent to execute any commands and scripts independently from ownership.
- This allows the Agent to switch to any user account using
su
. - It is not recommended to operate the Agent as
root
as this includes unlimited permissions and introduces security risks.
- operate the Agent as a
non-root
run-time account:- This allows to use
sudo
to switch to other user accounts. - This requires to configure
sudo
permissions for switching user accounts.
- This allows to use
Using su
from the root Account
If the Agent is operated from the root
account it can use the following command to switch to a different user account:
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
su -l <user> <<EOF
whoami
pwd
EOF |
Explanation:
<user>
is any user account available from the operating system for which a login is performed.- For execution of multiline commands a Here String is used:
- The commands between
<<EOF
(line 1) andEOF
(line 4) are executed usingsu
. - Instead of
EOF
any unique string can be used that does not match one of the commands to be executed. - Using
<<'EOF'
will prevent substitution of environment variables in a Here String.
- The commands between
- Executing
su
from the root account does not require to specify the account's password.
Using sudo
from a non-root Account
To allow user switching the Agent's run-time account has to be added to the /etc/sudo.conf
file.
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
sudo -su <user> <<EOF
whoami
pwd
EOF |
Explanation:
<user>
is any user account available from the operating system for which a login is performed.- For execution of multiline commands a Here String is used:
- The commands between
<<EOF
(line 1) andEOF
(line 4) are executed usingsu
. - Instead of
EOF
any unique string can be used that does not match one of the commands to be executed. - Using
<<'EOF'
will prevent substitution of environment variables in a Here String.
- The commands between
- Executing
su
from the root account does not require to specify the account's password.
Using Script Includes
Overview
Content Tools