I have a shell script I need to run. It is in
/home/openhabian. And I have a keypair setup for passwordless SSH from the
openhabian to a server. But, the exec binding uses the runtime user
openhab, so it doesn’t have the keypair for SSH into the server.
I’ve been reading various threads about sudo with exec. But I don’t want to give openhab unfettered sudo rights. And there’s so many different long running threads about it, frankly I’m lost. So what do I need to do to allow the exec binding to run a script as user
You have to use sudo
Setup a line like this:
openhab ALL=(openhabian:openhabian) NOPASSWD: /home/openhabian/scriptname
/etc/sudoers. But PLEASE, use
visudo for this purpose, as it will ensure, that the file is correct after editing. Otherwise, you will maybe damage your system.
The line will allow the user
openhab to call the script
/home/openhabian/scriptname as user
ALL computer systems without using a password.
But of course it’s also possible to use a private key directly.
As the home directory of the user openhab is
/var/lib/openhab2 by default, simply create a folder
/var/lib/openhab2/.ssh, create the keys as user
openhab (by using
sudo -u openhab ...) and ensure the correct permission and ownership (
600 for private key,
644 for public key, all owned by user and group
openhab. Put the script to another path, which
openhab is allowed to use.
This is what I needed. Working great now! Thanks.