Problem:
I need to run default scripts katello without using root as per our system requirements.
Expected outcome:
Run Katello Script default without issues.
Foreman and Proxy versions:
foreman-3.4
proxy-3.4
Foreman and Proxy plugin versions:
katello-4.6
Distribution and version:
rocky 8.6
Other relevant data:
I have changed ssh user and effective user from root to sample. We have created the user and provided access for ssh to execute remote job. Also allowed sudo for commands like yum. I'm successful in running 'Run Command - Script Default effective user', but in running 'Install errata by search query - Katello Script Default effective user' Im encountering errors. I have screenshot below for reference. How can I run these scripts as non-root user.
This is the definition of effective user as per documentation:
Default user to use for executing the script. If the user differs from the SSH user, su or sudo is used to switch the user.
Does this mean that we cannot use another user besides root? Also, when the effective user and the ssh user are the same, does the effective user method does not take effect? Thanks.
The effective user is the user which is supposed to execute the script.
If the ssh user is different from the effective user, then the effective user method is used to switch from the ssh user to the effective user. If the method requires a password to be entered that would go into the effective user password.
If ssh user and effective user are the same then there won’t be any switch necessary thus the switch method is not required.
You can use any user you want as effective user, but obviously the effective user must have all the privileges necessary to execute the commands. Thus, I guess almost always the effective user remains as “root”, while the ssh user may vary depending on whether you want to allow remote ssh login as root or not.
If you want to use the password, remember it depends on the method used.
Otherwise, I would recommend to use sudo and set up sudoers for your ssh user to run the commands you need without password. Then you can ssh into the host as ssh user and the ssh user can execute the commands as root without password.
Check the logs on your host to see why the change to the effective user has failed. I don’t mentioned what you have configured exactly, thus it’s hard to tell.
Please also copy text and don’t use screenshots. Screenshots are ugly and hard to read…
