Skip to content

Commit

Permalink
use runuser instead of su to run rake as the foreman user
Browse files Browse the repository at this point in the history
foreman-rake is designed to be run as root (and switch to foreman) or by
foreman directly. any other user can't use it as it is installed in sbin
and the foreman user has no password set, making switching users as non
root impossible, but su will still try it:

    [nobody@foreman /]$ su foreman -s /bin/bash -c id
    Password:
    [nobody@foreman /]$ foreman-rake console
    Password:

runuser is designed to be used in scripts and refuses to work as non
root:

    [nobody@foreman /]$ runuser foreman -s /bin/bash -c id
    runuser: may not be used by non-root users
    [nobody@foreman /]$ foreman-rake console
    runuser: may not be used by non-root users
  • Loading branch information
evgeni committed Sep 21, 2023
1 parent 9933839 commit f581182
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion script/foreman-rake
Original file line number Diff line number Diff line change
Expand Up @@ -15,5 +15,5 @@ if [ $# -eq 0 ]; then
elif [ "$USERNAME" = foreman ]; then
RUBYOPT=-W0 RAILS_ENV=production $CMD "$@"
else
su foreman -s /bin/bash -c 'RUBYOPT=-W0 RAILS_ENV=production "$0" "$@"' -- $CMD "$@"
runuser - foreman -s /bin/bash -c 'RUBYOPT=-W0 RAILS_ENV=production "$0" "$@"' -- $CMD "$@"
fi

0 comments on commit f581182

Please sign in to comment.