JS7 JobScheduler

Space shortcuts

Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

Introduction

The JS7 Agent for Unix is running in a specific user account and by default will execute jobs within the context and permissions of this account.

  • Running a job as a different user includes to login as that user, optionally to load the user profile and to execute commands in this context.
  • User switching applies to Shell Jobs and is performed by the built-in sudo and su capabilities of the operating system.

This article applies to the JS7 Agent for Unix only. For Windows environments see JS7 - Running Jobs as a different User

Basics

Users can choose to

  • operate the Agent as the root run-time account:
    • This allows the Agent to execute any commands and scripts independently from ownership.
    • This allows the Agent to switch to any user account using su.
    • It is not recommended to operate the Agent as root as this includes unlimited permissions and introduces security risks.
  • operate the Agent as a non-root run-time account:
    • This allows to use sudo to switch to other user accounts.
    • This requires to configure sudo permissions for switching user accounts.

Using su from the root Account

If the Agent is operated from the root account it can use the following command to switch to a different user account:

Example for using su from the root account
su -l <user> <<EOF
whoami
pwd
EOF


Explanation:

  • <user> is any user account available from the operating system for which a login is performed.
  • For execution of multiline commands a Here String is used:
    • The commands between <<EOF (line 1) and EOF (line 4) are executed using su.
    • Instead of EOF any unique string can be used that does not match one of the commands to be executed.
    • Using <<'EOF' will prevent substitution of environment variables in a Here String.
  • Executing su from the root account does not require to specify the account's password.

Using sudo from a non-root Account

To allow user switching the Agent's run-time account has to be added to the /etc/sudo.conf file.

Example for using sudo from a non-root account
sudo -su <user> <<EOF
whoami
pwd
EOF


Explanation:

  • <user> is any user account available from the operating system for which a login is performed.
  • For execution of multiline commands a Here String is used:
    • The commands between <<EOF (line 1) and EOF (line 4) are executed using su.
    • Instead of EOF any unique string can be used that does not match one of the commands to be executed.
    • Using <<'EOF' will prevent substitution of environment variables in a Here String.
  • Executing su from the root account does not require to specify the account's password.

Using Script Includes





  • No labels