OpenHAB sudo [Exec Binding]

Sure, you have to use sudo:

openhab@openhab2:/lib/systemd/system$ sudo openhab-cli backup /home/kris/OH2Backup.zip
                                      ^^^^

The setting “NOPASSWD” in sudoers is to enable the user openhab to use the command “sudo” without password for a specific command, but you always have to call sudo.

2 Likes

Spoke too soon thats shown in the openhab console.

if i run the command in the rule , from the CLI it works just fine

sudo -u openhab sudo openhab-cli backup /home/kris/OH2Backup.zip

05:21:14.425 [INFO ] [.smarthome.model.script.Server Backup] - Backup Executed Sorry, user openhab is not allowed to execute '/usr/bin/sudo /etc/openhab2/scripts/backup.sh' as openhab on openhab2.ddns.net.

You don’t need to use sudo -u openhab in a rule, just use

sudo openhab-cli backup /home/kris/OH2Backup.zip

Again, works via CLI butnot the rule

05:32:59.112 [INFO ] [.smarthome.model.script.Server Backup] - Backup Executed Sorry, user openhab is not allowed to execute '/usr/bin/sudo /etc/openhab2/scripts/backup.sh' as openhab on openhab2.ddns.net.

rule "Backup OH2 ready for RClone, in the proceeding rule"
when
        Time cron "0 0 1 ? * * *"
then
        logInfo("Server Backup", "OH2 is being backed up")
        executeCommandLine("sudo openhab-cli backup /home/kris/OH2Backup.zip")
end

I have the following commands:

Thing exec:command:openHabRestart [command="sudo systemctl restart openhab2.service", interval=0, autorun=false]
Thing exec:command:openHabBackup  [command="sudo openhab-cli backup /var/lib/openhab2/backups/backup.zip", interval=0, autorun=false]

wich work fine when I add this line to sudoers:

openhab ALL=(ALL) NOPASSWD: ALL

But I don’t know how “dangerous” this could be in fact of an internet attac or something else. I don’t understand how I can give the user “openhab” permission to only run these commands. Can you please help me?

Thank you!

Yes, this is posiibly dangerous. Better set the correct command, see

1 Like

I hesitate to open a new topic but it’s exactly the same topic and i have almost tried everything in this thread

the openhab service getting restarted without reason

2019-10-30 12:46:33.818 [vent.ItemStateChangedEvent] - PR1_SensorLuminance_LastUpdate changed from 2019-10-30T11:40:31.000+0200 to 2019-10-30T12:46:33.755+0200

==> /var/log/openhab2/openhab.log <==
        at org.apache.felix.scr.impl.Activator.loadComponents(Activator.java:382) ~[?:?]
        at org.apache.felix.scr.impl.Activator.access$200(Activator.java:49) ~[?:?]
        at org.apache.felix.scr.impl.Activator$ScrExtension.start(Activator.java:264) ~[?:?]
        at org.apache.felix.scr.impl.AbstractExtender.createExtension(AbstractExtender.java:196) ~[?:?]
        at org.apache.felix.scr.impl.AbstractExtender.modifiedBundle(AbstractExtender.java:169) ~[?:?]
        at org.apache.felix.scr.impl.AbstractExtender.modifiedBundle(AbstractExtender.java:49) ~[?:?]
        at org.osgi.util.tracker.BundleTracker$Tracked.customizerModified(BundleTracker.java:482) ~[?:?]
        at org.osgi.util.tracker.BundleTracker$Tracked.customizerModified(BundleTracker.java:415) ~[?:?]
        at org.osgi.util.tracker.AbstractTracked.track(AbstractTracked.java:232) ~[?:?]
        at org.osgi.util.tracker.BundleTracker$Tracked.bundleChanged(BundleTracker.java:444) ~[?:?]
        at org.eclipse.osgi.internal.framework.BundleContextImpl.dispatchEvent(BundleContextImpl.java:908) ~[?:?]
        at org.eclipse.osgi.framework.eventmgr.EventManager.dispatchEvent(EventManager.java:230) ~[?:?]
        at org.eclipse.osgi.framework.eventmgr.ListenerQueue.dispatchEventSynchronous(ListenerQueue.java:148) ~[?:?]
        at org.eclipse.osgi.internal.framework.EquinoxEventPublisher.publishBundleEventPrivileged(EquinoxEventPublisher.java:213) ~[?:?]
        at org.eclipse.osgi.internal.framework.EquinoxEventPublisher.publishBundleEvent(EquinoxEventPublisher.java:120) ~[?:?]
        at org.eclipse.osgi.internal.framework.EquinoxEventPublisher.publishBundleEvent(EquinoxEventPublisher.java:112) ~[?:?]
        at org.eclipse.osgi.internal.framework.EquinoxContainerAdaptor.publishModuleEvent(EquinoxContainerAdaptor.java:168) ~[?:?]
        at org.eclipse.osgi.container.Module.publishEvent(Module.java:476) ~[?:?]
        at org.eclipse.osgi.container.Module.start(Module.java:467) ~[?:?]
        at org.eclipse.osgi.internal.framework.EquinoxBundle.start(EquinoxBundle.java:383) ~[?:?]
        at org.eclipse.osgi.internal.framework.EquinoxBundle.start(EquinoxBundle.java:402) ~[?:?]
        at org.apache.karaf.features.internal.service.BundleInstallSupportImpl.startBundle(BundleInstallSupportImpl.java:165) ~[?:?]
        at org.apache.karaf.features.internal.service.FeaturesServiceImpl.startBundle(FeaturesServiceImpl.java:1153) ~[?:?]
        at org.apache.karaf.features.internal.service.Deployer.deploy(Deployer.java:1036) ~[?:?]
        at org.apache.karaf.features.internal.service.FeaturesServiceImpl.doProvision(FeaturesServiceImpl.java:1062) ~[?:?]
        at org.apache.karaf.features.internal.service.FeaturesServiceImpl.lambda$doProvisionInThread$13(FeaturesServiceImpl.java:998) ~[?:?]
        at java.util.concurrent.FutureTask.run(FutureTask.java:266) [?:?]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:?]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:?]
        at java.lang.Thread.run(Thread.java:748) [?:?]
Caused by: java.util.concurrent.TimeoutException: Total timeout 5000 ms elapsed
        at org.eclipse.jetty.client.HttpDestination$TimeoutTask.onTimeoutExpired(HttpDestination.java:527) ~[?:?]
        at org.eclipse.jetty.io.CyclicTimeout$Wakeup.run(CyclicTimeout.java:282) ~[?:?]
        at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) ~[?:?]
        at java.util.concurrent.FutureTask.run(FutureTask.java:266) ~[?:?]
        at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180) ~[?:?]
        at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293) ~[?:?]
        ... 3 more
2019-10-30 12:38:13.728 [INFO ] [.googletts.internal.GoogleTTSService] - Using cache folder /var/lib/openhab2/cache/org.openhab.voice.googletts
2019-10-30 12:38:15.093 [WARN ] [.googletts.internal.GoogleTTSService] - Audio format OGG_OPUS is not yet supported.

i constated that when checking the openhab service status this error

  [14:26:36] openhab@openhabian:~/config/org/openhab$ sudo systemctl status openhab2
● openhab2.service - openHAB 2 - empowering the smart home
   Loaded: loaded (/usr/lib/systemd/system/openhab2.service; enabled; vendor preset: enabled)
   Active: active (running) since Wed 2019-10-30 13:19:01 IST; 1h 15min ago
     Docs: https://www.openhab.org/docs/
           https://community.openhab.org
 Main PID: 25800 (java)
   CGroup: /system.slice/openhab2.service
           ├─21072 arping -w 5 -c 1 -I wlan0 209.58.128.135
           └─25800 /usr/bin/java -Dopenhab.home=/usr/share/openhab2 -Dopenhab.conf=/etc/openhab2 -Dopenhab.runtime=/usr/share/openhab2/runtime -Dopenhab.userdata=/var/lib/openhab2 -Dopenha

oct. 30 14:31:34 openhabian sudo[20140]: pam_unix(sudo:session): session closed for user root
oct. 30 14:31:44 openhabian sudo[20240]:  openhab : TTY=unknown ; PWD=/var/lib/openhab2 ; USER=root ; COMMAND=/usr/bin/python /etc/openhab2/scripts/Switcher-V2-Python/switcher.py 2
oct. 30 14:31:44 openhabian sudo[20240]: pam_unix(sudo:session): session opened for user root by (uid=0)
oct. 30 14:31:48 openhabian sudo[20240]: pam_unix(sudo:session): session closed for user root
oct. 30 14:32:48 openhabian sudo[20595]:  openhab : TTY=unknown ; PWD=/var/lib/openhab2 ; USER=root ; COMMAND=/usr/bin/python /etc/openhab2/scripts/Switcher-V2-Python/switcher.py 2
oct. 30 14:32:48 openhabian sudo[20595]: pam_unix(sudo:session): session opened for user root by (uid=0)
oct. 30 14:32:52 openhabian sudo[20595]: pam_unix(sudo:session): session closed for user root
oct. 30 14:33:52 openhabian sudo[20909]:  openhab : TTY=unknown ; PWD=/var/lib/openhab2 ; USER=root ; COMMAND=/usr/bin/python /etc/openhab2/scripts/Switcher-V2-Python/switcher.py 2
oct. 30 14:33:52 openhabian sudo[20909]: pam_unix(sudo:session): session opened for user root by (uid=0)
oct. 30 14:33:56 openhabian sudo[20909]: pam_unix(sudo:session): session closed for user root

see below sudo visudo

This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults        env_reset
Defaults        mail_badpass
Defaults        secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root    ALL=(ALL:ALL) ALL

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

# See sudoers(5) for more information on "#include" directives:

#includedir /etc/sudoers.d

dataplicity ALL=(ALL) NOPASSWD: /sbin/reboot
#openhab ALL=NOPASSWD: /etc/openhab2/scripts/*

i have created a file

sudo visudo -f /etc/sudoers.d/nopasswordneeded
with only this row but i am still getiing this issue

openhab ALL=(ALL) NOPASSWD: ALL

i know that i should limit the scope of the openhab user as below but it do not work

openhab openhabian ALL=(ALL) NOPASSWD: /usr/bin/python /etc/openhab2/scripts/w_gil_work.py
openhab openhabian ALL=(ALL) NOPASSWD: /usr/bin/python /etc/openhab2/scripts/w_gil_home.py
openhab openhabian ALL=(ALL) NOPASSWD: /usr/bin/python /etc/openhab2/scripts/w_karen_work.py
openhab openhabian ALL=(ALL) NOPASSWD: /usr/bin/python /etc/openhab2/scripts/w_karen_home.py
openhab openhabian ALL=(ALL) NOPASSWD: /usr/bin/python /etc/openhab2/scripts/w_netanyatoraanana.py
openhab openhabian ALL=(ALL) NOPASSWD: /usr/bin/python /etc/openhab2/scripts/w_raananatonetanya.py
openhab openhabian ALL=(ALL) NOPASSWD: /usr/bin/python /etc/openhab2/scripts/Switcher-V2-Python/switcher.py

Any ideas?

Hi all,

I know this is old topic but it is very related to what I am trying to do.
I am trying to restart service that is running on the same rPi 4 as the openhabian but I can’t doesn’t work.
I created file in the etc/sudoers.d containing the following:

openhab ALL=(ALL) NOPASSWD: /bin/systemctl start ring
openhab ALL=(ALL) NOPASSWD: /bin/systemctl restart ring
openhab ALL=(ALL) NOPASSWD: /bin/systemctl status ring

I did try to execute the commands as openHab user via the ssh connection and it works fine:

  1. Login as openhab as described above
  1. I do not get any prompts for password when I execute the commands defined in the openhab sudoers file via ssh connection. The commands execute correctly:

    [01:07:07] openhab@openHABianDevice:/etc/sudoers.d$ sudo systemctl restart ring
    [01:20:33] openhab@openHABianDevice:/etc/sudoers.d$ sudo /usr/bin/systemctl status ring
    ● ring.service - Ring Service
       Loaded: loaded (/lib/systemd/system/ring.service; enabled; vendor preset: enabled)
       Active: active (running) since Thu 2021-01-28 01:20:33 CET; 3s ago
     Main PID: 17152 (python3)
        Tasks: 1 (limit: 4915)
       CGroup: /system.slice/ring.service
               └─17152 /usr/bin/python3 /opt/ring/ring.py
    
  2. I configured the exec binding as follows (I tried different variations of the commands with or without the path /bin/ or /usr/bin/ before sudo and systemctl). All the commands were whitelisted:

      Thing exec:execRingStart:remote-send [
                 command="sudo systemctl restart ring",
                 interval=0,
                 autorun=true]
    
      Thing exec:execRingStatus:remote-send [
                 command="sudo systemctl status ring",
                 interval=0,
                 autorun=true]
    

My rules are as follows:

rule "ring:Service restart"
when
    Item itmRingHeartbeatON received update OFF or
    Time cron "0 0/5 * 1/1 * ? *"   // Test every 5 minutes
then
    //if (itmRingHeartbeatON.state != ON) {
        Ring_Remote_Send.sendCommand(ON)
        logInfo("FILE","ring:Service restart| Restart ring service")
        
        Thread::sleep(3000)
        logInfo("FILE","ring:Service restart| Result :" + Ring_Remote_Send_Out.state)
        Ring_STSRemote_Send.sendCommand(ON)

        Thread::sleep(3000)
        logInfo("FILE","ring:Service restart| Result :" + Ring_STSRemote_Send_Out.state)
   // }
end


rule "ring:Service restart2"
when
    Item TestSwitch received update ON
then
    val results = executeCommandLine("/bin/sudo /bin/systemctl restart ring")
    logInfo("Test", results)

end

When I execute the first rule nothing happens (I don’t see any errors in the log, but also the service is not restarted)

2021-01-28 01:05:00.289 [INFO ] [openhab.event.ItemCommandEvent      ] - Item 'Ring_Remote_Send' received command ON
2021-01-28 01:05:00.291 [INFO ] [penhab.event.ItemStatePredictedEvent] - Item 'Ring_Remote_Send' predicted to become ON
2021-01-28 01:05:03.307 [INFO ] [openhab.event.ItemCommandEvent      ] - Item 'Ring_STSRemote_Send' received command ON
2021-01-28 01:05:03.310 [INFO ] [penhab.event.ItemStatePredictedEvent] - Item 'Ring_STSRemote_Send' predicted to become NULL

when I execute the 2nd which is there only for testing, I get exception:

2021-01-28 01:18:04.957 [WARN ] [rg.openhab.core.io.net.exec.ExecUtil] - Error occurred when executing commandLine '[/bin/sudo /bin/systemctl restart ring]'
java.io.IOException: Cannot run program "/bin/sudo /bin/systemctl restart ring": error=2, No such file or directory
	at java.lang.ProcessBuilder.start(ProcessBuilder.java:1128) ~[?:?]
	at java.lang.ProcessBuilder.start(ProcessBuilder.java:1071) ~[?:?]
	at org.openhab.core.io.net.exec.ExecUtil.executeCommandLine(ExecUtil.java:59) [bundleFile:?]
	at org.openhab.core.model.script.actions.Exec.executeCommandLine(Exec.java:40) [bundleFile:?]
	at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
	at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?]
	at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
	at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
	at org.eclipse.xtext.xbase.interpreter.impl.XbaseInterpreter.invokeOperation(XbaseInterpreter.java:1176) [bundleFile:?]
	at org.eclipse.xtext.xbase.interpreter.impl.XbaseInterpreter.invokeOperation(XbaseInterpreter.java:1151) [bundleFile:?]
	at org.eclipse.xtext.xbase.interpreter.impl.XbaseInterpreter._invokeFeature(XbaseInterpreter.java:1137) [bundleFile:?]
	at org.eclipse.xtext.xbase.interpreter.impl.XbaseInterpreter.invokeFeature(XbaseInterpreter.java:1082) [bundleFile:?]
	at org.openhab.core.model.script.interpreter.ScriptInterpreter.invokeFeature(ScriptInterpreter.java:151) [bundleFile:?]
	at org.eclipse.xtext.xbase.interpreter.impl.XbaseInterpreter._doEvaluate(XbaseInterpreter.java:992) [bundleFile:?]
	at org.eclipse.xtext.xbase.interpreter.impl.XbaseInterpreter._doEvaluate(XbaseInterpreter.java:955) [bundleFile:?]
	at org.eclipse.xtext.xbase.interpreter.impl.XbaseInterpreter.doEvaluate(XbaseInterpreter.java:236) [bundleFile:?]
	at org.openhab.core.model.script.interpreter.ScriptInterpreter.doEvaluate(ScriptInterpreter.java:226) [bundleFile:?]
	at org.eclipse.xtext.xbase.interpreter.impl.XbaseInterpreter.internalEvaluate(XbaseInterpreter.java:216) [bundleFile:?]
	at org.eclipse.xtext.xbase.interpreter.impl.XbaseInterpreter._doEvaluate(XbaseInterpreter.java:917) [bundleFile:?]
	at org.eclipse.xtext.xbase.interpreter.impl.XbaseInterpreter.doEvaluate(XbaseInterpreter.java:276) [bundleFile:?]
	at org.openhab.core.model.script.interpreter.ScriptInterpreter.doEvaluate(ScriptInterpreter.java:226) [bundleFile:?]
	at org.eclipse.xtext.xbase.interpreter.impl.XbaseInterpreter.internalEvaluate(XbaseInterpreter.java:216) [bundleFile:?]
	at org.eclipse.xtext.xbase.interpreter.impl.XbaseInterpreter._doEvaluate(XbaseInterpreter.java:459) [bundleFile:?]
	at org.eclipse.xtext.xbase.interpreter.impl.XbaseInterpreter.doEvaluate(XbaseInterpreter.java:240) [bundleFile:?]
	at org.openhab.core.model.script.interpreter.ScriptInterpreter.doEvaluate(ScriptInterpreter.java:226) [bundleFile:?]
	at org.eclipse.xtext.xbase.interpreter.impl.XbaseInterpreter.internalEvaluate(XbaseInterpreter.java:216) [bundleFile:?]
	at org.eclipse.xtext.xbase.interpreter.impl.XbaseInterpreter.evaluate(XbaseInterpreter.java:202) [bundleFile:?]
	at org.openhab.core.model.script.runtime.internal.engine.ScriptImpl.execute(ScriptImpl.java:80) [bundleFile:?]
	at org.openhab.core.model.script.runtime.internal.engine.DSLScriptEngine.eval(DSLScriptEngine.java:125) [bundleFile:?]
	at org.openhab.core.automation.module.script.internal.handler.ScriptActionHandler.lambda$0(ScriptActionHandler.java:62) [bundleFile:?]
	at java.util.Optional.ifPresent(Optional.java:183) [?:?]
	at org.openhab.core.automation.module.script.internal.handler.ScriptActionHandler.execute(ScriptActionHandler.java:59) [bundleFile:?]
	at org.openhab.core.automation.internal.RuleEngineImpl.executeActions(RuleEngineImpl.java:1179) [bundleFile:?]
	at org.openhab.core.automation.internal.RuleEngineImpl.runNow(RuleEngineImpl.java:1031) [bundleFile:?]
	at org.openhab.core.automation.internal.RuleEngineImpl.runNow(RuleEngineImpl.java:1047) [bundleFile:?]
	at org.openhab.core.automation.rest.internal.RuleResource.runNow(RuleResource.java:314) [bundleFile:?]
	at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
	at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?]
	at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
	at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
	at org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:179) [bundleFile:1.0.9]
	at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:96) [bundleFile:1.0.9]
	at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:201) [bundleFile:1.0.9]
	at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:104) [bundleFile:1.0.9]
	at org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:59) [bundleFile:1.0.9]
	at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:96) [bundleFile:1.0.9]
	at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308) [bundleFile:1.0.9]
	at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) [bundleFile:1.0.9]
	at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:267) [bundleFile:1.0.9]
	at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234) [bundleFile:1.0.9]
	at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208) [bundleFile:1.0.9]
	at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160) [bundleFile:1.0.9]
	at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:216) [bundleFile:1.0.9]
	at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:301) [bundleFile:1.0.9]
	at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:220) [bundleFile:1.0.9]
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:707) [bundleFile:3.1.0]
	at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:276) [bundleFile:1.0.9]
	at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:852) [bundleFile:9.4.20.v20190813]
	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:544) [bundleFile:9.4.20.v20190813]
	at org.ops4j.pax.web.service.jetty.internal.HttpServiceServletHandler.doHandle(HttpServiceServletHandler.java:71) [bundleFile:?]
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) [bundleFile:9.4.20.v20190813]
	at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:536) [bundleFile:9.4.20.v20190813]
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) [bundleFile:9.4.20.v20190813]
	at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235) [bundleFile:9.4.20.v20190813]
	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1581) [bundleFile:9.4.20.v20190813]
	at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233) [bundleFile:9.4.20.v20190813]
	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1307) [bundleFile:9.4.20.v20190813]
	at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doHandle(HttpServiceContext.java:293) [bundleFile:?]
	at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188) [bundleFile:9.4.20.v20190813]
	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:482) [bundleFile:9.4.20.v20190813]
	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1549) [bundleFile:9.4.20.v20190813]
	at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186) [bundleFile:9.4.20.v20190813]
	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1204) [bundleFile:9.4.20.v20190813]
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) [bundleFile:9.4.20.v20190813]
	at org.ops4j.pax.web.service.jetty.internal.JettyServerHandlerCollection.handle(JettyServerHandlerCollection.java:80) [bundleFile:?]
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) [bundleFile:9.4.20.v20190813]
	at org.eclipse.jetty.server.Server.handle(Server.java:494) [bundleFile:9.4.20.v20190813]
	at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:374) [bundleFile:9.4.20.v20190813]
	at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:268) [bundleFile:9.4.20.v20190813]
	at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311) [bundleFile:9.4.20.v20190813]
	at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) [bundleFile:9.4.20.v20190813]
	at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117) [bundleFile:9.4.20.v20190813]
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336) [bundleFile:9.4.20.v20190813]
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313) [bundleFile:9.4.20.v20190813]
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171) [bundleFile:9.4.20.v20190813]
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129) [bundleFile:9.4.20.v20190813]
	at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:367) [bundleFile:9.4.20.v20190813]
	at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:782) [bundleFile:9.4.20.v20190813]
	at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:918) [bundleFile:9.4.20.v20190813]
	at java.lang.Thread.run(Thread.java:834) [?:?]
Caused by: java.io.IOException: error=2, No such file or directory
	at java.lang.ProcessImpl.forkAndExec(Native Method) ~[?:?]
	at java.lang.ProcessImpl.<init>(ProcessImpl.java:340) ~[?:?]
	at java.lang.ProcessImpl.start(ProcessImpl.java:271) ~[?:?]
	at java.lang.ProcessBuilder.start(ProcessBuilder.java:1107) ~[?:?]
	... 89 more

Any ideas?
Thanks

It’s generally better to start a new thread (including all of the information that’s requested in the template) and reference any old threads that may be relevant. There are many threads that are relevant to what you want to do, but I’ll point you to the tutorial I wrote for OH2.

executeCommandLine is part of the core, so if you just want to send a shell command then you don’t actually need the Exec Binding. You just need your second rule.

I’m guessing that you’re on OH3, in which case you aren’t using the proper syntax. It’s one of a few breaking changes that you need to keep in mind when looking at old discussions that were written for OH2.

Thanks @rpwong,
You are right, I am on OH3 so, putting the quotes solved the problem with my 2nd rule

val results = executeCommandLine("sudo", "systemctl", "restart", "ring")

Good stuff.

No one’s going to mind if you start a new thread and link to an old one you think might be useful, but when you revive an old thread you’ll find that people are less likely to jump in since they don’t want to read the whole thing. Luckily, I was able to guess that you’re on OH3 and quickly spot the problem. :wink:

1 Like

Thanks, will do so the next time

Hi all!

I can’t solve my “sudo” problem even though I’ve been trying for many hours. I am using openHAB 2.5.11-1
I use the following Exec Binding Definition in my things file:

Thing exec: command: ipc_ns_read [command = "perl /opt/TM/x.pl",transform="REGEX((.*?))", Interval = 3, timeout = 5, autorun = true] 

It works great! Now I’m trying to use “sudo” in my command because I’ll need that later.

Thing exec: command: ipc_ns_read [command = "sudo perl /opt/TM/x.pl",transform="REGEX((.*?))", Interval = 3, timeout = 5, autorun = true] 

The return value of the item is:

"We trust you have received the usual lecture from the local System ........ etc."

Calling the script from the command line as user openhabian works without any problems:

openhabian @ openHABianDevice: ~ $ sudo perl /opt/TM/x.pl

The following line is entered in /etc/sudoers.d/openhabian:

openhabian ALL = (ALL: ALL) NOPASSWD: ALL

I don’t understand why it works from the shell command line and not in the exec binding. Does anyone have a helpful idea?

Thanks Tom

Perhaps it’s not running under user openhabian. The end of the “lecture” message will tell you.

Thanks for your response!

The end of the lecture is sudo: no tty present and no askpass program specified

I do not understand what this means about the running user.
If I create a new file in my script it is created under the user ‘openhabian’

Oh yes, that’s less helpful than I imagined.

You logged into the console is not necessarily the same user that the openhab service is running under.

Oh! Can you help me to find out which user the openhab service is running?
I thought the user who created a file is the right one.

Thanks, Tom

No, I don’t know *nix systems.

If you look further up the thread you joined, you’ll see that ‘openhab’ would be a good guess.

I’d like to add a beautiful way to debug the command when something doesn’t work. The exec binding includes an output channel that contains the last output.
By binding output to an item, you will se the output of the executed command in the common log.
By using the expire binding, it can reset afterwards so that the same output will show up for each execution in the log.
Working example for OH3, where the service now is called “openhab.service” without the “2”:

Prerequisite: Install the exec binding.

Terminal:

> sudo visudo /etc/sudoers.d/010_pi-nopasswd
Cmnd_Alias SHUTDOWN_CMDS = /bin/systemctl restart openhab.service
openhab ALL=(ALL) NOPASSWD: SHUTDOWN_CMDS

misc/exec.whitelist:

sudo /bin/systemctl restart openhab.service

things/system.things

Thing exec:command:openhab_restart [command="sudo /bin/systemctl restart openhab.service", interval=0, autorun=true]

items:

Switch openhab_restart "Restart Openhab" {channel="exec:command:openhab_restart:run"}
String openhab_restart_output "Restart Openhab" {channel="exec:command:openhab_restart:output",expire="1s,command=done"}
Number openhab_restart_exit "Restart Openhab" {channel="exec:command:openhab_restart:exit",expire="1s,command=0"}

sitemap:

Switch item=openhab_restart mappings=[ON="Restart"]
3 Likes

An other root cause for this message can be the sequence of defined entries in sudoers file.
if the output of

sudo -u openhab sudo -l

shows

Matching Defaults entries for openhab on pi:
    env_reset, mail_badpass, secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin, env_keep+=NO_AT_BRIDGE

User openhab may run the following commands on pi:
    (ALL) NOPASSWD: /home/alexa/sip.sh
    (ALL : ALL) ALL

instead of

Matching Defaults entries for openhab on pi:
    env_reset, mail_badpass, secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin, env_keep+=NO_AT_BRIDGE

User openhab may run the following commands on pi:
    (ALL : ALL) ALL
    (ALL) NOPASSWD: /home/alexa/sip.sh

then a password is required to be entered.
In case the second output is shown a password needs to be entered for any other command to be executed than sip.sh.