I want to run some exec command with sudo. But I can’t figure out which user i have to grant rights. I added
openhab ALL=NOPASSWD: ALL to visudo but I didn’t have any impact. Still can’t use sudo
If you installed openHAB using apt-get then you are running as the openhab user so adding it to visudo is the right way to go.
However, if your sudoers file has the following line, it is far better to create a new file in sudoers.d for each command you want to be able to execute without a password.
#includedir /etc/sudoers.d
Using sudo visudo -f commandName create a file. For example, I added openhab so it doesn’t require a password to start/stop a service through systemctl.
Command:
sudo visudo -f /etc/sudoers.d/systemctl
Contents:
openhab chimera = (root) NOPASSWD: /bin/systemctl
NOTE: chimera is the hostname of my machine.
Hello rlkoshak,
thanks for your answer. I added the line into /etc/sudoers.d/iphonedetect
openhab osmc-Nigel = (root) NOPASSWD: /etc/openhab/iphonedetect.sh
the content from iphonedetect.sh is currently
sudo echo “Abwesend”
Now when i set an item to
String sphone_christin “[%s]” (gMobiles) { exec=“<[/etc/openhab/iphonedetect.sh:12000:REGEX((.*?))]”}
and the resulting content is
We trust you have received the usual lecture from the local System Administrator…
We have reached the end of my knowledge but it looks like the sudo command is asking for some sort of acknowledgement or something like that.
Did you put openhab in group sudo?
adduser openhab sudo should do it…
I checked it at home and yes I already did …
The user
openhab' is already a member ofsudo’
maybe it’s an issue with osmc?
Okay finally got it. The openhab user needed to be changed in /etc/passwd from
openhab:x:109:113:openHAB runtime user,:/var/lib/openhab:/bin/false
to
openhab:x:109:113:openHAB runtime user,:/var/lib/openhab:/bin/bash
1 Like
You have to sudo once as user openhab manually, so that you can accept the agreement:
su openhab
#enter your password
sudo ls -l ~/
It doesn’t matter which command is sudoed 
Hi
The million dollar question is…
When OpenHab2 is installed on a Debian Linux system, what is the password for the created user ‘openhab’ ?
I’m trying to create two exec commands.
systemctl restart openhab2
and
reboot
Both require higher privileges than the normal user has.
Simple answer: There is no password for user openhab.
You have to use sudo.
- create your user (this is not openhab!). You have to be root to successfully create users. so
su
adduser usernameand answer the quesstions (you only need to set password and Full Name) - Add user to sudoers by adding them to usergroup
sudo
adduser username sudoto permit sudo access for user<username> - Login as user
username. -
sudo rebootand type your password, set for userusernameVoilà.
user openhab is not for common login, but only to execute openHAB2 (and all things, that openHAB2 will do)
Thanks Udo
I’m happy creating new users in Linux 
The problem I have is that if I’m trying to get the OpenHab2 instance to run a exec command that requires authentication (for example “reboot”, “systemctl restart openhab2” or “shutdown -r now”) the output from the command suggests that an interactive authentication is required.
FYI, executing a command line script to restart the Velbus TCP server works perfectly.
What I think we are all asking is…
“How can the OpenHab2 instance, that is running under the username “openhab” run exec commands that require root privileges.”
Can the OpenHab2 instance be started by a user with root privileges or can the user openhab be granted root privileges?
Add the openhab user to the sudo group. Or edit the sudoers file using visudo.
Thanks Rich
I followed your very detailed topic.
I’ve rebooted manually and upgraded to the latest OpenHab2 snapshot version and I keep getting the same exec output text.
I’ve added sudo to the beginning of the command and now I’m getting this output
sudo : no tty present and no askpass program specified sudo : no tty present and no askpass program specified
It’s not a big deal.
I can live without this feature, or I’ll try the “old method” that is mentioned in your topic.
Many thanks,
Stuart
- You have to configure sudo (for user openhab) not to ask for password.
- you have to use sudo as user openhab once through the console, as sudo will once ask for the knowledge, that with great power comes great responsibility.
The first point can be covered by using visudo and add a line like that:
openhab ALL=(ALL:ALL) NOPASSWD: /sbin/reboot, /sbin/poweroff
That will allow user openhab to use /sbin/reboot and /sbin/poweroff without typing a password. You have to use absolute paths, and it’s not a good idea to just allow all commands to be executed
the second point is a bit tricky, as openhab per default has no bash to login (for security reasons), so you have to force login:
sudo su -s /bin/bash openhab
sudo will ask you for yorur password (as openhab has none, and you can’t login without a password)
su will provide a login, using /bin/bash as console for user openhab. As su is started as user root, there will be no question about passwords.
Now you are logged in in a console as user openhab. just start sudo once:
sudo ls /
and sudo will give you a short message:
openhab@openhab2:/root$ sudo ls
Wir gehen davon aus, dass der lokale Systemadministrator Ihnen die
Regeln erklärt hat. Normalerweise läuft es auf drei Regeln hinaus:
#1) Respektieren Sie die Privatsphäre anderer.
#2) Denken Sie nach, bevor Sie tippen.
#3) Mit großer Macht kommt große Verantwortung.
[sudo] Passwort für openhab:
(Sorry, german version…)
In fact, you won’t be able to execute this command, as it’s not in the nopasswd list, but the message is sent once, and that’s all. Try
sudo /sbin/reboot
and see if it works as intended.
1 Like
You can simply use sudo -u openhab /bin/bash. You don’t need the su.
Well, somewhere in there is the information I needed to get it to work.
Thank you gentlemen 
There were a lot of occasions where the SSH session I was working in (as root) was giving out error messages.
What I can say…
I now have an exec binding command that appears to reboot my machine
The exec binding command that worked is :-
sudo systemctl reboot -i
So that command, in combination with the sudoers configuration has worked.
Now I need to set the same feature up in two client’s machines.
Next stop is to try a similar command to get OpenHab2 to restart.
I will try
sudo systemctl restart openhab2 -iThe openhab restart command won’t work. The problem is when you run a command it runs in a shell. When you execute restart the shells opened by OH get terminated and any child process of those shells get terminated. Ultimately what happens in the restart command gets terminated before it has a chance to finish the restart of OH and OH never restarts. You need something outside of OH to restart the OH machine or restart the OH service.
1 Like
Excellent tip
I’ll forget trying to restart Openhab2 then
I’m a firm believer in the policy of “1 machine for 1 purpose”, so a reboot command will be more than enough.
FYI
Restarting VelServ is very rarely needed, so that is just a nice extra.
Thanks again for all your help.
You will have to use nohup…`I’m not sure though, where to place it…
nohup sudo systemctl restart openhab2
or
sudo nohup systemctl restart openhab2
?