From f581182e0173fce8f4a6278631c76f3c85f6ffd5 Mon Sep 17 00:00:00 2001 From: Evgeni Golov Date: Thu, 21 Sep 2023 09:44:00 +0200 Subject: [PATCH] use runuser instead of su to run rake as the foreman user foreman-rake is designed to be run as root (and switch to foreman) or by foreman directly. any other user can't use it as it is installed in sbin and the foreman user has no password set, making switching users as non root impossible, but su will still try it: [nobody@foreman /]$ su foreman -s /bin/bash -c id Password: [nobody@foreman /]$ foreman-rake console Password: runuser is designed to be used in scripts and refuses to work as non root: [nobody@foreman /]$ runuser foreman -s /bin/bash -c id runuser: may not be used by non-root users [nobody@foreman /]$ foreman-rake console runuser: may not be used by non-root users --- script/foreman-rake | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/script/foreman-rake b/script/foreman-rake index cfd462820c06..6340b40612d1 100755 --- a/script/foreman-rake +++ b/script/foreman-rake @@ -15,5 +15,5 @@ if [ $# -eq 0 ]; then elif [ "$USERNAME" = foreman ]; then RUBYOPT=-W0 RAILS_ENV=production $CMD "$@" else - su foreman -s /bin/bash -c 'RUBYOPT=-W0 RAILS_ENV=production "$0" "$@"' -- $CMD "$@" + runuser - foreman -s /bin/bash -c 'RUBYOPT=-W0 RAILS_ENV=production "$0" "$@"' -- $CMD "$@" fi