Openhab2 - Linux Script

I wrote a linux script to reboot my odroid running ubuntu.
I set up an item and a rule to run it.

The script is:

#!/bin/bash
sudo reboot "System is going down for reboot"

If i run this directly from the shell, it reboots my odroid.
If i run this via a rule:

executeCommandLine("bash /etc/openhab2/ShutDown.sh")

It says it ran in the openhab log, but it never reboots.

I have the permissions set on this thing as: rwsrwxrwx. The owner and the group is openhab.
It used to be rwxrwxrwx. A friend suggested I follow this:
http://linuxg.net/how-to-set-the-setuid-and-setgid-bit-for-files-in-linux-and-unix/

I have no idea why this script won’t run; others I have will.

I think that the openhab user does not have shutdown privileges by default (not even a bash shell). The executeCommandLine entries in the rule are being executed as the openhab user.

By the way: the owner of the script should be root (so that it is running with root privileges when it is executed by any other user)

You could add the user to the sudoers group (usermod -aG sudo openhab) but the system will still ask you for a password when you try to reboot the machine.

(deleted)
Warning: This is making the openhab user root effectively… not very secure…

For more info:
https://debian-administration.org/article/33/Giving_ordinary_users_root_privileges_selectively

Thanks! One thing that is confusing:
Then in the users section we will define a user who will be able to execute this command:

skx ALL = SHUTDOWN

Is the “users section” they refer to the User Privilege section or the User Alias section?

User Privilege

It actually doesn’t really matter where you place it within the /etc/sudoers file (you edit this file by: sudo visudo)
If it is there, it will work

Just a little “anecdote”: I’ve deliberately not added this solution to the official linux docs article as this is really not what one should do lightly. Most of the time, there is a way to accomplish something without using sudo / special privileges.

@milty456 In the case of shutdown, you could use sudo but restrict the privilege to the shutdown command only, another solution would be to add the s-bit to make only this one command executable by non-privileged users (no sudo needed). https://ubuntuforums.org/showthread.php?t=963124

Thanks…I’ve tried the sbit thing…see original post with the link…that didn’t work either.

Also tried DIMs suggestion of sudoers and it doesnt’ work.

Essentially i want to push a button on a sitemap to reboot my odroid from time to time.
Obviously it needs certain privileges and a button push means i can’t enter the password so it has to be able to run the script that has the reboot command.

I also didn’t implement the ALL i did this:

openhab ALL = NOPASSWD: REBOOT

Just to be clear, setting the owner of a script to root does not mean that other users who execute it become root when they run it. It just lets you set the permissions so that only root can run it.

Setting the s-bit like @ThomDietrich recommends is how one makes a script run as another user.

Ok well beside trying everything i’ve read to no avail, i’ve horked something up big time.

i was editing sudoers with sudo nano sudoers
and it was fine; i could edit it.

i noticed sudoers.d
i went in there and typed visudo
it opened up some file…it was weird
i exited out

Now, when i try to sudo nano sudoers i get this

i can’t even execute a sudo reboot at this point,i get the same error

maybe its this? need some linux expertise to help me recover from this
https://www.symantec.com/security_response/vulnerability.jsp?bid=1959

think i got it back to where i was(not being able to execute script from OH2)
I had to log in as root and get that file out of the sudoers.d directory
seems to have fixed my current issue of not being able to do anything.
this stuff is dangerous

i wrote that you should use visudo to modify that file (it actually checks the file syntax before actually overwriting the sudoers file).

try the following (as root):

cp /etc/sudoers /etc/sudoers.bak
vim /etc/sudoers.bak
(fix the wrong syntax)
cp  /etc/sudoers.bak /etc/sudoers
visudo

If you can log in as root…
If not… the solution is more complex (but exists)

OH NOOOOOOOOOOOOOOOOOOOOOOO

You my friend are borked.

So if you introduce an error to the sudoers files you basically kill sudo on your system. And if your system doesn’t allow login as root you have to go to extreme measures to fix this. I had an ssh session fail on me while editing sudoers on an Ubuntu machine. I had to boot to a live cd, chmod the running environment over to the hard drive and visudo to fix the problem.

Oh good, looks like you recovered much easier than I did.

Ok, i have a new issue
I logged in with root
i did visudo

and now im stuck…it opens this…and I can’t exit out of it…this is the exact same way i got into the previous situation…i closed out the terminal and it caused it…how do i exit this and not save so i dont do this again?

I think i got out of that mess too…i guess the default editor is joe editor…some weird editor
i got out of it and it didn’t save anything so i think im good

That is what visudo does for you. If you exit out of the editor the changes do not get saved.

However, you still need to identify your error (look for “–”) and fix it to fully correct the problem.

Ok… i think that I will delete all my previous posts in this thread (with pointers to modify the sudoers file) to avoid people bricking their linux systems Careful with this stuff people !

On the other hand… if you don’t break something… you won’t learn how it works

I agree…and I’m breaking a lot…next issue…trying to fix the sudoers file
Appreciate everyones help…cause i fell like im drowning here.
when i run:
visudo sudoers i get this now:

what is it asking me to do?

simple visudo is enough (not visudo sudoers)

A small suggestion: Keep one session open to your system as root (don’t logout from it or reboot the system before testing it) and take a small break to cool down.

Then, open up a new session as root to modify stuff and keep as backup the first logged in root session.