There are situations where you want to use the Exec Binding to trigger something. Sometimes you need the sudo privilege to do this. I would rather try some group specification to reduce the user rights to a minimum, but here is how i got openHAB to be able to execute sudo.
Try executing a command as openhab
sudo -u openhab sudo -l We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. [sudo] password for openhab:
As it is mentioned in this post there is no password.
So adding the user openhab to the sudoers with no password should help.
sudo visudo -f /etc/sudoers.d/010_pi-nopasswd
Adding following lines
openhab ALL=(ALL) NOPASSWD: ALL
Executing the sudo command now should display following.
As it is explained here this execution is necessary. see further below for more information.
sudo -u openhab sudo -l Matching Defaults entries for openhab on raspberrypi: env_reset, mail_badpass, secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin User openhab may run the following commands on raspberrypi: (ALL) NOPASSWD: ALL
Testing it from within OpenHAB, build a setting like explaind here and replace the thing command with
sudo nano /etc/openhab2/things/exec.things
Thing exec:command:remote-send [ command="sudo -l", interval=0, autorun=true]
Open the Karaf terminal execute the button on the page and follow the log
ssh -p 8101 openhab@localhost Password:habopen log:tail [INFO ] [marthome.event.ItemStateChangedEvent] - Remote_Send_Out changed from <xxx> to Matching Defaults entries for openhab on raspberrypi: env_reset, mail_badpass, secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin User openhab may run the following commands on raspberrypi: (ALL) NOPASSWD: ALL
So running a sudo command works. It should be advised to restrict the user rights of openhab to the commands you want to use like this. Have a look here for a small introduction.
sudo visudo -f /etc/sudoers.d/010_pi-nopasswd openhab ALL=(ALL) NOPASSWD: /path/to/file/to/execute/
If by any chance you see something like this
sudo: no tty present and no askpass program specified
in the log of OpenHAB you did not execute the sudo command for OpenHAB within a terminal as described above. I think as openhab is not enabled to login the first execution has to be done like explained or enabled by changing
sudo nano /etc/passwd openhab:x:111:116:openhab2 runtime user,,,:/var/lib/openhab2:/bin/bash
As i´m just getting familiar with this topic this are just my thoughts. I would apriciate every amendment or improvement by the pro openHAB user.
As explain in following link, on an example for reading the GPU temperature from a RPI, it is advised to find out why the command you want to execute need root rights. Find out to which group you need to add openhab to, instead of granting openhab all possible rights.