First, THANK YOU for using visudo. I’m always amazed at how many people don’t and then argue with me after they trash their system that they like nano better.

Secondly, please don’t give OH permission to run anything with sudo without password. You may as well run OH as root. Replace the last ALL with the full path to the command that you want OH to be able to run without password, which in this case would be the path to your backup.sh script. This will allow the openhab user to only run that one command without a password, all others will require a password.

Hi Rich

Like so?

openhab ALL=(ALL) NOPASSWD: /etc/openhab2/scripts/backup.sh

That looks right.

Hi Rich

trying to expand on this to allow ‘openhab-cli backup’ be executed by the openhab user, rather than requiring a password for sudo.

I made this change:

openhab ALL=(ALL) NOPASSWD: /etc/openhab2/scripts/backup.sh
openhab ALL=(ALL) NOPASSWD: /usr/bin/openhab-cli

but it appears executing that from the command line still requires a password. Any thoughts?

By default the openhab-cli script is owned by root:root

How would i be able to have openhab user execute that?

I think you can list the commands all on one line separated by a comma.

openhab ALL=(ALL) NOPASSWD: /etc/openhab2/scripts/backup.sh, /usr/bin/openhab-cli

If that doesn’t work, you can create an alias. See

• https://help.ubuntu.com/community/Sudoers
• https://www.sudo.ws/man/1.8.17/sudoers.man.html

Thanks Rich, im not sure its working

kris@openhab2:~$ sudo -u openhab openhab-cli backup

#########################################
openHAB 2.x.x backup script
#########################################

Please run this script as root! (e.g. use sudo)
kris@openhab2:~$

if I run it as root, it works and doesnt ask for a password but I assume its using root:root

You are missing a sudo.

The sudo -u openhab part of the line runs the script as the openhab user. Then you want to run sudo openhab-cli backup to start as the openhab user and test that openhab can call that script with sudo.

sudo -u openhab sudo openhab-cli backup

Goodness!

OK. It appears the visudo modification didnt work. Time to look at an alias - i assume a command alias?

kris@openhab2:~$ sudo -u openhab sudo openhab-cli backup
[sudo] password for kris:
kris@openhab2:~$

I’m trying to replicate the @@ space replacement in executeCommandLine, but can’t get it working.
curl command works directly from openHab commandline, so user rights should be sufficient.
Running the rule doesn’t do what it should supposed to.

image.png2413×1349 211 KB

rule "Write NordPool energy prices to Influxdb"
		when 
			Item Renew_price changed
		then
			//executeCommandLine("curl@@-i@@-XPOST@@'http://192.168.50.30:8086/write?db=openhab_db'@@--data-binary@@'NP_Electricity_price_test@@value=999@@1435362189575692185'")
 			executeCommandLine("curl@@-i@@-XPOST@@'http://192.168.50.30:8086/write?db=openhab_db'@@--data-binary@@'NP_Electricity_price_test@@value=999@@1435362189575692185'")

            //logInfo("Write NordPool energy prices to Influxdb", results)
end

log:

2019-03-23 21:47:41.662 [INFO ] [lipse.smarthome.io.net.exec.ExecUtil] - executed commandLine '[curl, -i, -XPOST, 'http://192.168.50.30:8086/write?db=openhab_db', --data-binary, 'NP_Electricity_price_test, value=999, 1435362189575692185']'

what is the secret of passing the command with executeCommandLine?

Add a time out argument to the call to executeCommandLine in milliseconds and log out the result of the call. If curl is returning an error it is almost certainly printing an ear message and that will let you see the message.

i did change the rules to the following:

rule "Write NordPool energy prices to Influxdb"
		when 
			Item Renew_price changed
		then
			//executeCommandLine("curl -i -XPOST 'http://192.168.50.30:8086/write?db=openhab_db' --data-binary 'NP_Electricity_price_test value=999 1435362189575692185'",5000)
 			executeCommandLine("curl@@-i@@-XPOST@@'http://192.168.50.30:8086/write?db=openhab_db'@@--data-binary@@'NP_Electricity_price_test@@value=999@@1435362189575692185'@@",1000)
            logInfo("Write NordPool energy prices to Influxdb","results")
end

log:

2019-03-24 11:02:36.577 [vent.ItemStateChangedEvent] - Renew_price changed from ON to OFF

==> /var/log/openhab2/openhab.log <==

2019-03-24 11:02:36.707 [INFO ] [e NordPool energy prices to Influxdb] - results

command did not execute, as previously.

I’m trying to follow your reference documentation:
https://community.openhab.org/t/how-to-solve-exec-binding-problems/18131

I have updated my rule a bit to get the results.

rule "Write NordPool energy prices to Influxdb"
		when 
			Item Renew_price changed
		then
			//executeCommandLine("curl -i -XPOST 'http://192.168.50.30:8086/write?db=openhab_db' --data-binary 'NP_Electricity_price_test value=919 1435362189575692186'",5000)
 			val results = executeCommandLine("curl@@-i@@-XPOST@@'http://192.168.50.30:8086/write?db=openhab_db'@@--data-binary@@'NP_Electricity_price_test@@value=919@@1435362189575692186'", 1000)
            logInfo("NPpriceDB.rules",results)
end

log:

2019-03-24 13:10:31.717 [INFO ] [arthome.model.script.NPpriceDB.rules] - curl: (1) Protocol "'http" not supported or disabled in libcurl

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current

                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0curl: (6) Could not resolve host: value=919

curl: (6) Could not resolve host: 1435362189575692186'

Same rule without spaces @@ replacement:

rule "Write NordPool energy prices to Influxdb"
		when 
			Item Renew_price changed
		then
			val results = executeCommandLine("curl -i -XPOST 'http://192.168.50.30:8086/write?db=openhab_db' --data-binary 'NP_Electricity_price_test value=919 1435362189575692180'",5000)
 			//val results = executeCommandLine("curl@@-i@@-XPOST@@'http://192.168.50.30:8086/write?db=openhab_db'@@--data-binary@@'NP_Electricity_price_test@@value=919@@1435362189575692186'", 1000)
            logInfo("NPpriceDB.rules",results)
end

gives timestamp error.
log:

2019-03-24 13:23:35.246 [INFO ] [arthome.model.script.NPpriceDB.rules] -   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current

                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0

100   162  100   105  100    57  17549   9526 --:--:-- --:--:-- --:--:-- 21000

HTTP/1.1 400 Bad Request

Content-Type: application/json

Request-Id: 43562332-4e27-11e9-8309-b827eb81a147

X-Influxdb-Build: OSS

X-Influxdb-Error: unable to parse '"NP_Electricity_price_test value=919 1435362189575692180"': bad timestamp

X-Influxdb-Version: 1.7.4

X-Request-Id: 43562332-4e27-11e9-8309-b827eb81a147

Date: Sun, 24 Mar 2019 11:23:35 GMT

Content-Length: 105

{"error":"unable to parse '\"NP_Electricity_price_test value=919 1435362189575692180\"': bad timestamp"}

also I see that quotation marks have switched from single quote to double quote.

this one worked:

rule "Write NordPool energy prices to Influxdb"
		when 
			Item Renew_price changed
		then
			val results = executeCommandLine("curl@@-i@@-XPOST@@http://192.168.50.30:8086/write?db=openhab_db@@--data-binary@@NP_Electricity_price_test value=919 1435362189575692180@@",5000)
 			//val results = executeCommandLine("curl@@-i@@-XPOST@@'http://192.168.50.30:8086/write?db=openhab_db'@@--data-binary@@'NP_Electricity_price_test@@value=919@@1435362189575692186'", 1000)
            logInfo("NPpriceDB.rules",results)
end

log:

2019-03-24 14:11:59.474 [INFO ] [arthome.model.script.NPpriceDB.rules] -   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current

                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0

100    55    0     0  100    55      0   3358 --:--:-- --:--:-- --:--:--  3666

HTTP/1.1 204 No Content

Content-Type: application/json

Request-Id: 06646066-4e2e-11e9-85d2-b827eb81a147

X-Influxdb-Build: OSS

X-Influxdb-Version: 1.7.4

X-Request-Id: 06646066-4e2e-11e9-85d2-b827eb81a147

Date: Sun, 24 Mar 2019 12:11:59 GMT

I removed all internal quote marks and I don’t understand how this could work as curl command needs those according to syntax. Totally illogical solution…

I don’t think the double quotes you are seeing are coming from your command. I think curl is adding them to say “I can’t parse the stuff between the double quotes”. Beyond that I won’t be if much more help. I don’t use curl that much. I don’t use executeCommandLine that much either so I’m out of ideas for how to help.

Hej there,

looking at our code, I was wondering about the timers behavior if you don’t send arguments like “now.plusMinutes(5)”. When will the timer expire?

Thank you

Sorry, that’s going back a while…
Which code?

For what it’s worth, I just got executeCommandLine running under Centos 7 with selinux enabled. These are my notes:

To execute commands in rules using executeCommandLine (“command”, [timeout]), you need to add the openhab and the desired commands
to the sudoers file using:

visudo

At the bottom of the file add:

#add openhab
openhab i7NUC=(root) NOPASSWD: /usr/bin/echo, etc…

Then edit the entry for openhab in /etc/passwd to set the shell as bash:

openhab:x:996:994::/var/lib/openhab2:/bin/bash

Then change the uid and gid logon thresholds to allow openhab to sudo in /etc/login.defs

UID_MIN 996
.
.
.
GID_MIN 994

Then update the pam auth stuff via:

authconfig --update

Next add the following lines to /etc/pam.d/sudo

Fixing ssh “auth could not identify password for [username]”

auth sufficient pam_permit.so

NOTE!!  If you need to do things like > or |, write a script and send it the command line parameters, adding the full script path to the sudoers file via visudo

Same problem. most of my calls to executeCommandLine now longer work today.

I have not updated OH runtime or bindings, but I keep finding v2.5.10 bindings installed, and my system is still at 2.5.2.