Release Automation

Expand all | Collapse all

Run As a different user

  • 1.  Run As a different user

    Posted 04-20-2015 11:33 AM

    Hello,

            I have a scenario where my agent is running as user A and i want to perform some installations / tasks as a different user, say user B. Now, user B is a local user on that linux machine.

    Also, I do not know the password for that particular user, so i cannot use the set credentials. (i know them for now, but wouldn't when it is moved to production)

     

    Now, what i tried doing is, setup ssh keys between the agent user. user A and user B using ssh-keygen -t rsa and added the key to the authorized_keys for user B.

     

    Later i configured an action which has the credentials set as userB@hostname with a blank password. I expected this to work.

    But it says cannot open an ssh connection, auth failed.

     

    Is there a way i can run a process as a different user without knowing the other user's password? Is the ssh keys setup the right approach to try to execute an action as a different user?!

    Has anybody experienced a scenario such as this?! I would be grateful for any help...

     

     

    Some more information.

     

    When i read up on the way the user credentials work when specified on an action. It mentions that it uses SSH to connect to verify the user credentials.

    Where does it SSH to to verify the user?!

     

    From my understanding the execution server passes on the workflow to the Agent and the agent executes them.

     

    For example. I have an execution server which has 1 agent.

    The agent is running under a specific user. Say, user A, i want to perform some installation / import of DB using a user B which is a local user on the same machine as the agent is.

    I do not know the password of user B so I setup an SSH keypair between user A and user B on the same machine.

     

    Then i specify an action which is doing a directory listing. Now, the action would run under user A unless i specify credentials. Since i do not have credentials so I just set the username as user B@ localhost /hostname hoping that the verification of the user B happens only locally.

     

    Is this even the right approach?!

     

     

    Thanks and Warm Regards,

    Hrishi

     

    Message was edited by: Hrishikesh Deodhar



  • 2.  Re: Run As a different user

    Posted 05-01-2015 06:32 AM

    Hi 


    You might want to check what faculty is available on the machine. 


    The quickest way is to use expect utility and run using bash

    #!/usr/bin/expect
     set timeout 20
    
    set user [lindex $argv 0] 
     set password [lindex $argv 1] 
    
    spawn su $user 
    
    expect "Password:" 
    
    send "$password\r";
     
    interact