I have a shell script I need to run. It is in /home/openhabian
. And I have a keypair setup for passwordless SSH from the openhabian
to a server. But, the exec binding uses the runtime user openhab
, so it doesn’t have the keypair for SSH into the server.
I’ve been reading various threads about sudo with exec. But I don’t want to give openhab unfettered sudo rights. And there’s so many different long running threads about it, frankly I’m lost. So what do I need to do to allow the exec binding to run a script as user openhabian
?
You have to use sudo
Setup a line like this:
openhab ALL=(openhabian:openhabian) NOPASSWD: /home/openhabian/scriptname
in /etc/sudoers
. But PLEASE, use visudo
for this purpose, as it will ensure, that the file is correct after editing. Otherwise, you will maybe damage your system.
The line will allow the user openhab
to call the script /home/openhabian/scriptname
as user openhabian
on ALL
computer systems without using a password.
But of course it’s also possible to use a private key directly.
As the home directory of the user openhab is /var/lib/openhab2
by default, simply create a folder /var/lib/openhab2/.ssh
, create the keys as user openhab
(by using sudo -u openhab ...
) and ensure the correct permission and ownership (755
for ./.ssh/
, 600
for private key, 644
for public key, all owned by user and group openhab
. Put the script to another path, which openhab
is allowed to use.
2 Likes
This is what I needed. Working great now! Thanks.