However I get following message from ScriptResponse:
sudo: a terminal is required to read the password; either use the -S option to read class="afterFrom marked"> from standard input or configure an askpass helper
sudo: a password is required
@Wolfgang_S and @Oliver2 : Thank you ver much for your help… I am only now able to relpy as I was abroad…
I’m not sure if I fully understand what I need to do, I am correct that I only change
rule "Refresh"
when
Time cron "0 16 5 * * ? *"
then
var ScriptResponse = executeCommandLine(Duration.ofSeconds(60), "/home/openhabian/oh-bkup.sh")
end
to
rule "Refresh"
when
Time cron "0 16 5 * * ? *"
then
var ScriptResponse = executeCommandLine(Duration.ofSeconds(60), "openhab ALL= NOPASSWD: /home/openhabian/oh-bkup.sh")
end
and then I test it with:
sudo su -s /bin/bash openhab
/home/openhabian/oh-bkup.sh
However, it seems that I’m too stupid to succeed on this. So what I did was:
sudo visudo -f /etc/sudoers.d/myoverride: an editor is opening with no entries.
I add openhab ALL= NOPASSWD: /home/openhabian/oh-bkup.sh as only line
I save the file
I open shell with sudo su -s /bin/bash openhab
I enter /home/openhabian/oh-bkup.sh
Then following appears:
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
[sudo] password for openhab:
None of my passwords works… and anyway I would expect that script is executed without asking for a password.
using sudoers file is probably the better way here, but just to provide an alternative, you could use key-based authentication and copy it over ssh (e.g. using scp or rsync).
It’s silly to do it this way on the same host though, but it is nevertheless an alternative. However I’m guessing your NAS is a mounted directory of a remote NAS? If it supports ssh, then you could scp / rsync directly to it rather than to the mounted directory.
If your sudoers file isn’t working - do the usual linux troubleshooting, i.e. nothing to do with openhab. Check file ownership and file mode. Use debug / verbose mode, check logs, etc.
it executes the script. However, first I have to enter the password for sudo. When executing the script via the rule I still get this message in the log (i.e. requiring password)
sudo: a terminal is required to read the password; either use the -S option to read class="afterFrom marked"> from standard input or configure an askpass helper
sudo: a password is required
It is not magic. Short explanation:
The line you added to visudo does the following: From now on if you run sudo it looks up myoverride file and checks if it finds a match of
user (openhab in our case)
command (oh-bkup.sh in our case)
If it matches, sudo does not ask for a password. Could be regarded as a security issue if someone gets write access to that sh-script. He could do almost anything now without being asked for a password.
executeCommandline just needed to be configured correctly (sudo oh-bkup.sh) so that the entire script will be run under sudo (and without password).
If you reinstall openhab, no, you don’t need to do these changes
If you flash a new image, then certainly yes.
