bash 如何以不同的用户身份在 AWS Cloud Formation 启动时运行脚本?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/16733633/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to run script on AWS Cloud Formation startup as a different user?
提问by Phil
I am having a lot of trouble launching an AWS Ubuntu instance (from a Cloud Formation template) and successfully running a script on startup. This script does run, but I do not want it running as root. I want the script to either be invoked as a different user or when the script runs for the script to change user.
我在启动 AWS Ubuntu 实例(从 Cloud Formation 模板)并在启动时成功运行脚本时遇到了很多麻烦。该脚本确实运行,但我不希望它以 root 身份运行。我希望脚本要么以不同的用户身份调用,要么在脚本运行时调用脚本以更改用户。
Since we are attempting to use Cloud Formation, I need to put the script or a reference to the script in my Template file. The relevant part of my template file is below. The script 'myScript.sh' does run, but always as root.
由于我们正在尝试使用 Cloud Formation,因此我需要将脚本或对脚本的引用放入我的模板文件中。我的模板文件的相关部分如下。脚本“myScript.sh”确实运行,但始终以 root 身份运行。
"MyImage" : {
"Type" : "AWS::EC2::Instance",
"Properties" : {
"ImageId" : "xxxxxx",
"KeyName" : "xxxxxx",
"SecurityGroups" : [ "xxxxxx" ],
"UserData" : {"Fn::Base64" : {"Fn::Join" : ["", [
"#include\n",
"https://s3-eu-west-1.amazonaws.com/aFolder/myScript.sh \n"
] ] } }
}
}
},
From the URL: http://alestic.com/2009/06/ec2-user-data-scriptsit states that these scripts always run as root. So instead I decided to modify the script to change the user. Below is an example script that does not do what I want. I've commented it inline to explain what each stage does:
从 URL:http: //alestic.com/2009/06/ec2-user-data-scripts它指出这些脚本始终以 root 身份运行。因此,我决定修改脚本以更改用户。下面是一个示例脚本,它不符合我的要求。我已经对它进行了内联评论,以解释每个阶段的作用:
#!/bin/bash
whoami > /home/ubuntu/who1.txt # Always returns 'root'
su ubuntu # Appears to have no effect. Ubuntu user does exist
whoami > /home/ubuntu/who2.txt # Always returns 'root'
su ubuntu echo fish > /home/ubuntu/aFile.txt # File is not created
sudo -u ubuntu bash # Appears to have no effect
whoami > /home/ubuntu/who3.txt # Always returns 'root'
I'm guessing that there's something fundamentally wrong with my script, but I just can't see it! has anyone got any experience with AWS and Cloud Formation and have you succeeded in running a script not as root? I really don't want the script running as root since the activities that are going to be started should not be owned at the root level.
我猜我的脚本有一些根本性的错误,但我就是看不到它!有没有人对 AWS 和 Cloud Formation 有任何经验,并且您是否成功地以非 root 身份运行脚本?我真的不希望脚本以 root 身份运行,因为不应该在 root 级别拥有将要启动的活动。
Thanks, Phil
谢谢,菲尔
回答by Ben Butler-Cole
sudoesn't change the user for the remainder of the script, it starts a new interactive shell for the user you specify. In a non-interactive context like your script here, that shell exits immediately because there is nothing for it to do.
su不会更改脚本剩余部分的用户,它会为您指定的用户启动一个新的交互式 shell。在像这里的脚本这样的非交互式上下文中,该 shell 会立即退出,因为它无事可做。
See this questionfor some suggestions on how to change user for a series of commands. Alternatively for individual commands you can do sudo -u ubuntu [...].
有关如何为一系列命令更改用户的一些建议,请参阅此问题。或者,您可以执行单个命令sudo -u ubuntu [...]。
回答by Nielson Fernandes
This is a good alternative.
这是一个很好的选择。
#!/bin/bash
su ubuntu << 'EOF'
whoami >> /home/ubuntu/user_data_output2
EOF
su user2 << 'EOF'
whoami >> /home/user2/user_data_output2
EOF
Why ? This keep the directory and environments variable between commands in each 'EOF' block.
为什么 ?这将在每个“EOF”块中的命令之间保持目录和环境变量。
eg:
例如:
#!/bin/bash
su ubuntu << 'EOF'
cd /home/ubuntu/myfolder
pwd # The result will be /home/ubuntu/myfolder #
EOF
