After a year of learning I’m setting up my new openHAB / Homematic environment with openHABian (btw: BIG KUDOS to the team, you need to setup openHAB manually first to appreciate openHABian).
I’ve learned last year, that it isn’t a good idea to power up Homematic and openHAB same time uncoordinated, because Homematic is getting problems, when openHAB tries to establish the gateway while Homematic startup hasn’t finished yet. Therefore I have a script, that stops openHAB via ssh, starts Homematic, wait a few minutes and starts openHAB via ssh again. This procedure requires a change in /etc/sudoers, like …
That worked well for a year… Unfortunately in my freshly setup openHABian the NOPASSWD directive is ignored in openHABian so I have to implement a dirty work around, which involves having my supersecret password plaintext in a script:
How did you change that? the official sudo way is to use the edit command visudo to avoid any issues and be successfully reloaded. You need to log out and in again for the changes to take effect, IIRC.
Of course I’ve used visudo and I’ve logged out as well. More than that, I’ve copy-pasted the lines from my running configuration where this procedure worked well.
No. OS base has changed since last year (to Raspbian Buster), possibly they changed something there, but there was no intentional change in openHABian (no unintentional one, either) on sudo functionality.
Btw you don’t have to use aliases, and you don’t have to restrict commands available to your use (not much point in that anyway on a single user machine …) so you can use simple lines like
[10:42:07] root@openhabianpi:/etc/sudoers.d# cat 010_pi-nopasswd
pi ALL=(ALL) NOPASSWD: ALL
openhabian ALL=(ALL) NOPASSWD: ALL
I’d suggest to use systemd to create a dependency of Homematic to start on openHAB being up and running. Cannot explain systemd in a nutshell here though, so take your time to google/read up on that yourself.
But this does not apply to user openhab.And sudo rights given to openhab should be limited to just the commands needed. Otherwise anyone with access to your OH REST API can execute any command as root on that machine.
Good idea! I will considerate that for Version 3 of my home automation. But at first hand a system should work as supposed to and I’m still curious why openHABian’s Buster doesn’t behave like my Mosquitto broker’s Buster.