Run su -s with arguments
I run to run a command using the su -s
command to start a process. Since I do not want the root user to own the process.
I try to do this by issuing the command
su -s "$CATALINA_HOME/bin/catalina.sh run" tomcat
which returns su: /opt/apache-tomcat/bin/catalina.sh run: No such file or directory
How can I run the su -s
command along with arguments to not generate this error?
command-line sudo su arguments
|
show 3 more comments
I run to run a command using the su -s
command to start a process. Since I do not want the root user to own the process.
I try to do this by issuing the command
su -s "$CATALINA_HOME/bin/catalina.sh run" tomcat
which returns su: /opt/apache-tomcat/bin/catalina.sh run: No such file or directory
How can I run the su -s
command along with arguments to not generate this error?
command-line sudo su arguments
I think you are looking for-c
switch, not-s
.-s
switch is for running su with a different shell (if it is allowed in/etc/shells
of course)
– MelBurslan
Jun 10 '16 at 18:33
@MelBurslan I can't use -c as the user hasnologin
set in the/etc/passwd
file.
– jgr208
Jun 10 '16 at 18:34
then trysu -s /bin/bash -c "$CATALINA_HOME/bin/catalina.sh run" tomcat
and see if it works for you
– MelBurslan
Jun 10 '16 at 18:36
1
@MelBurslan All these should go as an answer..please..
– heemayl
Jun 10 '16 at 18:37
@StephenKitt beat me to it.
– MelBurslan
Jun 10 '16 at 18:40
|
show 3 more comments
I run to run a command using the su -s
command to start a process. Since I do not want the root user to own the process.
I try to do this by issuing the command
su -s "$CATALINA_HOME/bin/catalina.sh run" tomcat
which returns su: /opt/apache-tomcat/bin/catalina.sh run: No such file or directory
How can I run the su -s
command along with arguments to not generate this error?
command-line sudo su arguments
I run to run a command using the su -s
command to start a process. Since I do not want the root user to own the process.
I try to do this by issuing the command
su -s "$CATALINA_HOME/bin/catalina.sh run" tomcat
which returns su: /opt/apache-tomcat/bin/catalina.sh run: No such file or directory
How can I run the su -s
command along with arguments to not generate this error?
command-line sudo su arguments
command-line sudo su arguments
asked Jun 10 '16 at 18:31
jgr208jgr208
473424
473424
I think you are looking for-c
switch, not-s
.-s
switch is for running su with a different shell (if it is allowed in/etc/shells
of course)
– MelBurslan
Jun 10 '16 at 18:33
@MelBurslan I can't use -c as the user hasnologin
set in the/etc/passwd
file.
– jgr208
Jun 10 '16 at 18:34
then trysu -s /bin/bash -c "$CATALINA_HOME/bin/catalina.sh run" tomcat
and see if it works for you
– MelBurslan
Jun 10 '16 at 18:36
1
@MelBurslan All these should go as an answer..please..
– heemayl
Jun 10 '16 at 18:37
@StephenKitt beat me to it.
– MelBurslan
Jun 10 '16 at 18:40
|
show 3 more comments
I think you are looking for-c
switch, not-s
.-s
switch is for running su with a different shell (if it is allowed in/etc/shells
of course)
– MelBurslan
Jun 10 '16 at 18:33
@MelBurslan I can't use -c as the user hasnologin
set in the/etc/passwd
file.
– jgr208
Jun 10 '16 at 18:34
then trysu -s /bin/bash -c "$CATALINA_HOME/bin/catalina.sh run" tomcat
and see if it works for you
– MelBurslan
Jun 10 '16 at 18:36
1
@MelBurslan All these should go as an answer..please..
– heemayl
Jun 10 '16 at 18:37
@StephenKitt beat me to it.
– MelBurslan
Jun 10 '16 at 18:40
I think you are looking for
-c
switch, not -s
. -s
switch is for running su with a different shell (if it is allowed in /etc/shells
of course)– MelBurslan
Jun 10 '16 at 18:33
I think you are looking for
-c
switch, not -s
. -s
switch is for running su with a different shell (if it is allowed in /etc/shells
of course)– MelBurslan
Jun 10 '16 at 18:33
@MelBurslan I can't use -c as the user has
nologin
set in the /etc/passwd
file.– jgr208
Jun 10 '16 at 18:34
@MelBurslan I can't use -c as the user has
nologin
set in the /etc/passwd
file.– jgr208
Jun 10 '16 at 18:34
then try
su -s /bin/bash -c "$CATALINA_HOME/bin/catalina.sh run" tomcat
and see if it works for you– MelBurslan
Jun 10 '16 at 18:36
then try
su -s /bin/bash -c "$CATALINA_HOME/bin/catalina.sh run" tomcat
and see if it works for you– MelBurslan
Jun 10 '16 at 18:36
1
1
@MelBurslan All these should go as an answer..please..
– heemayl
Jun 10 '16 at 18:37
@MelBurslan All these should go as an answer..please..
– heemayl
Jun 10 '16 at 18:37
@StephenKitt beat me to it.
– MelBurslan
Jun 10 '16 at 18:40
@StephenKitt beat me to it.
– MelBurslan
Jun 10 '16 at 18:40
|
show 3 more comments
3 Answers
3
active
oldest
votes
If you're running su
as root
, you can use -s
to specify a different shell (running as root
is necessary here since your tomcat
user doesn't have a valid shell), and -c
to specify the command to run:
su -s /bin/sh -c "$CATALINA_HOME/bin/catalina.sh run" tomcat
You might find start-stop-daemon
useful; it has a whole slew of options to specify the user and group to use, how to start the daemon etc. The tomcat8
initscript used in Debian might provide useful inspiration. Or you could look at writing a systemd unit or whatever is appropriate for your system's init.
add a comment |
The -s
switch for su
command is to change the shell of the specified user. The command you want to run must be preceded by -c
switch.
So the command you are looking for is something like this:
su -s /bin/bash -c "$CATALINA_HOME/bin/catalina.sh run" tomcat
add a comment |
Your other questions at https://stackoverflow.com/questions/37753783/ and Is there any way to tell if a shell script was killed with signal 9 indicate that what's missing from your question is that you are trying to run Tomcat under upstart.
In such a case:
start-stop-daemon
is not appropriate.- Nor is
su
. - Nor are Poor Man's Daemon Supervisor gyrations to do PID file management in shell script.
All of those are attempting to duplicate stuff that upstart does directly. The use of su
is particularly bad, because it isn't a tool for dropping privileges. It is a tool for adding privileges, in a login session. It nowadays has involvement under the covers with various login session management subsystems that makes it particularly inappropriate for the (much simpler) task of dropping superuser privileges in a dæmon. start-stop-daemon
is just supererogatory. And upstart knows the process IDs of its children.
In the upstart job file, use the setuid
and (if appropriate) setgid
stanzas to drop privileges to an unprivileged user:
setuid tomcat
And if you do invoke catalina.sh
via sh -c
, which isn't really necessary, don't wander into systemd House of Horror territory. (It's only marginally less horrendous when these sorts of things are done with upstart.) Do things the daemontools way and have the shell chain to the script, invoking it via the shell's exec
command so that upstart sees the dæmon as its direct child process. (And make sure that upstart knows this with the correct expect
stanza, too.)
An explicit shell isn't necessary in the first place, though, because upstart can invoke catalina.sh
directly itself, just as systemd and other service management tools can. You furthermore thus don't have the worry of ensuring that /bin/bash
is actually the right interpreter for that script.
exec $CATALINA_HOME/bin/catalina.sh run
Further reading
- James Hunt and Clint Byrum (2014). "
setuid
". Upstart Cookbook. - James Hunt and Clint Byrum (2014). "
setgid
". Upstart Cookbook. - James Hunt and Clint Byrum (2014). "
console log
". Upstart Cookbook. - Jonathan de Boyne Pollard (2014). Don't abuse
su
for dropping user privileges. Frequently Given Answers. - Jonathan de Boyne Pollard (2015). Wrapping Apache Tomcat in many pointless extra layers The systemd House of Horror.
- Jonathan de Boyne Pollard (2015). The systemd House of Horror. Frequently Given Answers.
- https://superuser.com/a/723333/38062
- https://superuser.com/questions/683855/
I am using RHEL which uses upstart 0.9.4 and does not have the setuid stanza and yes i have already tried.
– jgr208
Jun 10 '16 at 19:50
Then (a) start providing such information in questions and (b) read the Further Reading section and apply one of the several the tools pointed to there for dropping privileges.
– JdeBP
Jun 10 '16 at 19:53
"upstart script that is used to start apache tomcat on an RHEL 6.8 system" seems to be provided to me. Also this is a upstart so the systemd tools don't apply, the tools mentioned in others are not installed on my system and can not be, I don't have that version of upstart.
– jgr208
Jun 10 '16 at 19:58
The tools that I just mentioned are not systemd tools. And the idea that these tools, many of which have been around for years, are not available for RedHat Linux is very wrong indeed.
– JdeBP
Jun 10 '16 at 20:12
never said they were not around i said they can not be installed on the system not by my choice. also some of the stuff is systemd some upstart i never said all.
– jgr208
Jun 10 '16 at 20:15
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f289037%2frun-su-s-with-arguments%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
3 Answers
3
active
oldest
votes
3 Answers
3
active
oldest
votes
active
oldest
votes
active
oldest
votes
If you're running su
as root
, you can use -s
to specify a different shell (running as root
is necessary here since your tomcat
user doesn't have a valid shell), and -c
to specify the command to run:
su -s /bin/sh -c "$CATALINA_HOME/bin/catalina.sh run" tomcat
You might find start-stop-daemon
useful; it has a whole slew of options to specify the user and group to use, how to start the daemon etc. The tomcat8
initscript used in Debian might provide useful inspiration. Or you could look at writing a systemd unit or whatever is appropriate for your system's init.
add a comment |
If you're running su
as root
, you can use -s
to specify a different shell (running as root
is necessary here since your tomcat
user doesn't have a valid shell), and -c
to specify the command to run:
su -s /bin/sh -c "$CATALINA_HOME/bin/catalina.sh run" tomcat
You might find start-stop-daemon
useful; it has a whole slew of options to specify the user and group to use, how to start the daemon etc. The tomcat8
initscript used in Debian might provide useful inspiration. Or you could look at writing a systemd unit or whatever is appropriate for your system's init.
add a comment |
If you're running su
as root
, you can use -s
to specify a different shell (running as root
is necessary here since your tomcat
user doesn't have a valid shell), and -c
to specify the command to run:
su -s /bin/sh -c "$CATALINA_HOME/bin/catalina.sh run" tomcat
You might find start-stop-daemon
useful; it has a whole slew of options to specify the user and group to use, how to start the daemon etc. The tomcat8
initscript used in Debian might provide useful inspiration. Or you could look at writing a systemd unit or whatever is appropriate for your system's init.
If you're running su
as root
, you can use -s
to specify a different shell (running as root
is necessary here since your tomcat
user doesn't have a valid shell), and -c
to specify the command to run:
su -s /bin/sh -c "$CATALINA_HOME/bin/catalina.sh run" tomcat
You might find start-stop-daemon
useful; it has a whole slew of options to specify the user and group to use, how to start the daemon etc. The tomcat8
initscript used in Debian might provide useful inspiration. Or you could look at writing a systemd unit or whatever is appropriate for your system's init.
edited Jan 31 at 15:57
answered Jun 10 '16 at 18:39
Stephen KittStephen Kitt
171k24386462
171k24386462
add a comment |
add a comment |
The -s
switch for su
command is to change the shell of the specified user. The command you want to run must be preceded by -c
switch.
So the command you are looking for is something like this:
su -s /bin/bash -c "$CATALINA_HOME/bin/catalina.sh run" tomcat
add a comment |
The -s
switch for su
command is to change the shell of the specified user. The command you want to run must be preceded by -c
switch.
So the command you are looking for is something like this:
su -s /bin/bash -c "$CATALINA_HOME/bin/catalina.sh run" tomcat
add a comment |
The -s
switch for su
command is to change the shell of the specified user. The command you want to run must be preceded by -c
switch.
So the command you are looking for is something like this:
su -s /bin/bash -c "$CATALINA_HOME/bin/catalina.sh run" tomcat
The -s
switch for su
command is to change the shell of the specified user. The command you want to run must be preceded by -c
switch.
So the command you are looking for is something like this:
su -s /bin/bash -c "$CATALINA_HOME/bin/catalina.sh run" tomcat
answered Jun 10 '16 at 18:41
MelBurslanMelBurslan
5,30011533
5,30011533
add a comment |
add a comment |
Your other questions at https://stackoverflow.com/questions/37753783/ and Is there any way to tell if a shell script was killed with signal 9 indicate that what's missing from your question is that you are trying to run Tomcat under upstart.
In such a case:
start-stop-daemon
is not appropriate.- Nor is
su
. - Nor are Poor Man's Daemon Supervisor gyrations to do PID file management in shell script.
All of those are attempting to duplicate stuff that upstart does directly. The use of su
is particularly bad, because it isn't a tool for dropping privileges. It is a tool for adding privileges, in a login session. It nowadays has involvement under the covers with various login session management subsystems that makes it particularly inappropriate for the (much simpler) task of dropping superuser privileges in a dæmon. start-stop-daemon
is just supererogatory. And upstart knows the process IDs of its children.
In the upstart job file, use the setuid
and (if appropriate) setgid
stanzas to drop privileges to an unprivileged user:
setuid tomcat
And if you do invoke catalina.sh
via sh -c
, which isn't really necessary, don't wander into systemd House of Horror territory. (It's only marginally less horrendous when these sorts of things are done with upstart.) Do things the daemontools way and have the shell chain to the script, invoking it via the shell's exec
command so that upstart sees the dæmon as its direct child process. (And make sure that upstart knows this with the correct expect
stanza, too.)
An explicit shell isn't necessary in the first place, though, because upstart can invoke catalina.sh
directly itself, just as systemd and other service management tools can. You furthermore thus don't have the worry of ensuring that /bin/bash
is actually the right interpreter for that script.
exec $CATALINA_HOME/bin/catalina.sh run
Further reading
- James Hunt and Clint Byrum (2014). "
setuid
". Upstart Cookbook. - James Hunt and Clint Byrum (2014). "
setgid
". Upstart Cookbook. - James Hunt and Clint Byrum (2014). "
console log
". Upstart Cookbook. - Jonathan de Boyne Pollard (2014). Don't abuse
su
for dropping user privileges. Frequently Given Answers. - Jonathan de Boyne Pollard (2015). Wrapping Apache Tomcat in many pointless extra layers The systemd House of Horror.
- Jonathan de Boyne Pollard (2015). The systemd House of Horror. Frequently Given Answers.
- https://superuser.com/a/723333/38062
- https://superuser.com/questions/683855/
I am using RHEL which uses upstart 0.9.4 and does not have the setuid stanza and yes i have already tried.
– jgr208
Jun 10 '16 at 19:50
Then (a) start providing such information in questions and (b) read the Further Reading section and apply one of the several the tools pointed to there for dropping privileges.
– JdeBP
Jun 10 '16 at 19:53
"upstart script that is used to start apache tomcat on an RHEL 6.8 system" seems to be provided to me. Also this is a upstart so the systemd tools don't apply, the tools mentioned in others are not installed on my system and can not be, I don't have that version of upstart.
– jgr208
Jun 10 '16 at 19:58
The tools that I just mentioned are not systemd tools. And the idea that these tools, many of which have been around for years, are not available for RedHat Linux is very wrong indeed.
– JdeBP
Jun 10 '16 at 20:12
never said they were not around i said they can not be installed on the system not by my choice. also some of the stuff is systemd some upstart i never said all.
– jgr208
Jun 10 '16 at 20:15
add a comment |
Your other questions at https://stackoverflow.com/questions/37753783/ and Is there any way to tell if a shell script was killed with signal 9 indicate that what's missing from your question is that you are trying to run Tomcat under upstart.
In such a case:
start-stop-daemon
is not appropriate.- Nor is
su
. - Nor are Poor Man's Daemon Supervisor gyrations to do PID file management in shell script.
All of those are attempting to duplicate stuff that upstart does directly. The use of su
is particularly bad, because it isn't a tool for dropping privileges. It is a tool for adding privileges, in a login session. It nowadays has involvement under the covers with various login session management subsystems that makes it particularly inappropriate for the (much simpler) task of dropping superuser privileges in a dæmon. start-stop-daemon
is just supererogatory. And upstart knows the process IDs of its children.
In the upstart job file, use the setuid
and (if appropriate) setgid
stanzas to drop privileges to an unprivileged user:
setuid tomcat
And if you do invoke catalina.sh
via sh -c
, which isn't really necessary, don't wander into systemd House of Horror territory. (It's only marginally less horrendous when these sorts of things are done with upstart.) Do things the daemontools way and have the shell chain to the script, invoking it via the shell's exec
command so that upstart sees the dæmon as its direct child process. (And make sure that upstart knows this with the correct expect
stanza, too.)
An explicit shell isn't necessary in the first place, though, because upstart can invoke catalina.sh
directly itself, just as systemd and other service management tools can. You furthermore thus don't have the worry of ensuring that /bin/bash
is actually the right interpreter for that script.
exec $CATALINA_HOME/bin/catalina.sh run
Further reading
- James Hunt and Clint Byrum (2014). "
setuid
". Upstart Cookbook. - James Hunt and Clint Byrum (2014). "
setgid
". Upstart Cookbook. - James Hunt and Clint Byrum (2014). "
console log
". Upstart Cookbook. - Jonathan de Boyne Pollard (2014). Don't abuse
su
for dropping user privileges. Frequently Given Answers. - Jonathan de Boyne Pollard (2015). Wrapping Apache Tomcat in many pointless extra layers The systemd House of Horror.
- Jonathan de Boyne Pollard (2015). The systemd House of Horror. Frequently Given Answers.
- https://superuser.com/a/723333/38062
- https://superuser.com/questions/683855/
I am using RHEL which uses upstart 0.9.4 and does not have the setuid stanza and yes i have already tried.
– jgr208
Jun 10 '16 at 19:50
Then (a) start providing such information in questions and (b) read the Further Reading section and apply one of the several the tools pointed to there for dropping privileges.
– JdeBP
Jun 10 '16 at 19:53
"upstart script that is used to start apache tomcat on an RHEL 6.8 system" seems to be provided to me. Also this is a upstart so the systemd tools don't apply, the tools mentioned in others are not installed on my system and can not be, I don't have that version of upstart.
– jgr208
Jun 10 '16 at 19:58
The tools that I just mentioned are not systemd tools. And the idea that these tools, many of which have been around for years, are not available for RedHat Linux is very wrong indeed.
– JdeBP
Jun 10 '16 at 20:12
never said they were not around i said they can not be installed on the system not by my choice. also some of the stuff is systemd some upstart i never said all.
– jgr208
Jun 10 '16 at 20:15
add a comment |
Your other questions at https://stackoverflow.com/questions/37753783/ and Is there any way to tell if a shell script was killed with signal 9 indicate that what's missing from your question is that you are trying to run Tomcat under upstart.
In such a case:
start-stop-daemon
is not appropriate.- Nor is
su
. - Nor are Poor Man's Daemon Supervisor gyrations to do PID file management in shell script.
All of those are attempting to duplicate stuff that upstart does directly. The use of su
is particularly bad, because it isn't a tool for dropping privileges. It is a tool for adding privileges, in a login session. It nowadays has involvement under the covers with various login session management subsystems that makes it particularly inappropriate for the (much simpler) task of dropping superuser privileges in a dæmon. start-stop-daemon
is just supererogatory. And upstart knows the process IDs of its children.
In the upstart job file, use the setuid
and (if appropriate) setgid
stanzas to drop privileges to an unprivileged user:
setuid tomcat
And if you do invoke catalina.sh
via sh -c
, which isn't really necessary, don't wander into systemd House of Horror territory. (It's only marginally less horrendous when these sorts of things are done with upstart.) Do things the daemontools way and have the shell chain to the script, invoking it via the shell's exec
command so that upstart sees the dæmon as its direct child process. (And make sure that upstart knows this with the correct expect
stanza, too.)
An explicit shell isn't necessary in the first place, though, because upstart can invoke catalina.sh
directly itself, just as systemd and other service management tools can. You furthermore thus don't have the worry of ensuring that /bin/bash
is actually the right interpreter for that script.
exec $CATALINA_HOME/bin/catalina.sh run
Further reading
- James Hunt and Clint Byrum (2014). "
setuid
". Upstart Cookbook. - James Hunt and Clint Byrum (2014). "
setgid
". Upstart Cookbook. - James Hunt and Clint Byrum (2014). "
console log
". Upstart Cookbook. - Jonathan de Boyne Pollard (2014). Don't abuse
su
for dropping user privileges. Frequently Given Answers. - Jonathan de Boyne Pollard (2015). Wrapping Apache Tomcat in many pointless extra layers The systemd House of Horror.
- Jonathan de Boyne Pollard (2015). The systemd House of Horror. Frequently Given Answers.
- https://superuser.com/a/723333/38062
- https://superuser.com/questions/683855/
Your other questions at https://stackoverflow.com/questions/37753783/ and Is there any way to tell if a shell script was killed with signal 9 indicate that what's missing from your question is that you are trying to run Tomcat under upstart.
In such a case:
start-stop-daemon
is not appropriate.- Nor is
su
. - Nor are Poor Man's Daemon Supervisor gyrations to do PID file management in shell script.
All of those are attempting to duplicate stuff that upstart does directly. The use of su
is particularly bad, because it isn't a tool for dropping privileges. It is a tool for adding privileges, in a login session. It nowadays has involvement under the covers with various login session management subsystems that makes it particularly inappropriate for the (much simpler) task of dropping superuser privileges in a dæmon. start-stop-daemon
is just supererogatory. And upstart knows the process IDs of its children.
In the upstart job file, use the setuid
and (if appropriate) setgid
stanzas to drop privileges to an unprivileged user:
setuid tomcat
And if you do invoke catalina.sh
via sh -c
, which isn't really necessary, don't wander into systemd House of Horror territory. (It's only marginally less horrendous when these sorts of things are done with upstart.) Do things the daemontools way and have the shell chain to the script, invoking it via the shell's exec
command so that upstart sees the dæmon as its direct child process. (And make sure that upstart knows this with the correct expect
stanza, too.)
An explicit shell isn't necessary in the first place, though, because upstart can invoke catalina.sh
directly itself, just as systemd and other service management tools can. You furthermore thus don't have the worry of ensuring that /bin/bash
is actually the right interpreter for that script.
exec $CATALINA_HOME/bin/catalina.sh run
Further reading
- James Hunt and Clint Byrum (2014). "
setuid
". Upstart Cookbook. - James Hunt and Clint Byrum (2014). "
setgid
". Upstart Cookbook. - James Hunt and Clint Byrum (2014). "
console log
". Upstart Cookbook. - Jonathan de Boyne Pollard (2014). Don't abuse
su
for dropping user privileges. Frequently Given Answers. - Jonathan de Boyne Pollard (2015). Wrapping Apache Tomcat in many pointless extra layers The systemd House of Horror.
- Jonathan de Boyne Pollard (2015). The systemd House of Horror. Frequently Given Answers.
- https://superuser.com/a/723333/38062
- https://superuser.com/questions/683855/
edited May 23 '17 at 12:39
Community♦
1
1
answered Jun 10 '16 at 19:48
JdeBPJdeBP
34.8k470163
34.8k470163
I am using RHEL which uses upstart 0.9.4 and does not have the setuid stanza and yes i have already tried.
– jgr208
Jun 10 '16 at 19:50
Then (a) start providing such information in questions and (b) read the Further Reading section and apply one of the several the tools pointed to there for dropping privileges.
– JdeBP
Jun 10 '16 at 19:53
"upstart script that is used to start apache tomcat on an RHEL 6.8 system" seems to be provided to me. Also this is a upstart so the systemd tools don't apply, the tools mentioned in others are not installed on my system and can not be, I don't have that version of upstart.
– jgr208
Jun 10 '16 at 19:58
The tools that I just mentioned are not systemd tools. And the idea that these tools, many of which have been around for years, are not available for RedHat Linux is very wrong indeed.
– JdeBP
Jun 10 '16 at 20:12
never said they were not around i said they can not be installed on the system not by my choice. also some of the stuff is systemd some upstart i never said all.
– jgr208
Jun 10 '16 at 20:15
add a comment |
I am using RHEL which uses upstart 0.9.4 and does not have the setuid stanza and yes i have already tried.
– jgr208
Jun 10 '16 at 19:50
Then (a) start providing such information in questions and (b) read the Further Reading section and apply one of the several the tools pointed to there for dropping privileges.
– JdeBP
Jun 10 '16 at 19:53
"upstart script that is used to start apache tomcat on an RHEL 6.8 system" seems to be provided to me. Also this is a upstart so the systemd tools don't apply, the tools mentioned in others are not installed on my system and can not be, I don't have that version of upstart.
– jgr208
Jun 10 '16 at 19:58
The tools that I just mentioned are not systemd tools. And the idea that these tools, many of which have been around for years, are not available for RedHat Linux is very wrong indeed.
– JdeBP
Jun 10 '16 at 20:12
never said they were not around i said they can not be installed on the system not by my choice. also some of the stuff is systemd some upstart i never said all.
– jgr208
Jun 10 '16 at 20:15
I am using RHEL which uses upstart 0.9.4 and does not have the setuid stanza and yes i have already tried.
– jgr208
Jun 10 '16 at 19:50
I am using RHEL which uses upstart 0.9.4 and does not have the setuid stanza and yes i have already tried.
– jgr208
Jun 10 '16 at 19:50
Then (a) start providing such information in questions and (b) read the Further Reading section and apply one of the several the tools pointed to there for dropping privileges.
– JdeBP
Jun 10 '16 at 19:53
Then (a) start providing such information in questions and (b) read the Further Reading section and apply one of the several the tools pointed to there for dropping privileges.
– JdeBP
Jun 10 '16 at 19:53
"upstart script that is used to start apache tomcat on an RHEL 6.8 system" seems to be provided to me. Also this is a upstart so the systemd tools don't apply, the tools mentioned in others are not installed on my system and can not be, I don't have that version of upstart.
– jgr208
Jun 10 '16 at 19:58
"upstart script that is used to start apache tomcat on an RHEL 6.8 system" seems to be provided to me. Also this is a upstart so the systemd tools don't apply, the tools mentioned in others are not installed on my system and can not be, I don't have that version of upstart.
– jgr208
Jun 10 '16 at 19:58
The tools that I just mentioned are not systemd tools. And the idea that these tools, many of which have been around for years, are not available for RedHat Linux is very wrong indeed.
– JdeBP
Jun 10 '16 at 20:12
The tools that I just mentioned are not systemd tools. And the idea that these tools, many of which have been around for years, are not available for RedHat Linux is very wrong indeed.
– JdeBP
Jun 10 '16 at 20:12
never said they were not around i said they can not be installed on the system not by my choice. also some of the stuff is systemd some upstart i never said all.
– jgr208
Jun 10 '16 at 20:15
never said they were not around i said they can not be installed on the system not by my choice. also some of the stuff is systemd some upstart i never said all.
– jgr208
Jun 10 '16 at 20:15
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f289037%2frun-su-s-with-arguments%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
I think you are looking for
-c
switch, not-s
.-s
switch is for running su with a different shell (if it is allowed in/etc/shells
of course)– MelBurslan
Jun 10 '16 at 18:33
@MelBurslan I can't use -c as the user has
nologin
set in the/etc/passwd
file.– jgr208
Jun 10 '16 at 18:34
then try
su -s /bin/bash -c "$CATALINA_HOME/bin/catalina.sh run" tomcat
and see if it works for you– MelBurslan
Jun 10 '16 at 18:36
1
@MelBurslan All these should go as an answer..please..
– heemayl
Jun 10 '16 at 18:37
@StephenKitt beat me to it.
– MelBurslan
Jun 10 '16 at 18:40