Show Table of Contents
4.4. Using sudo with JBoss ON Operations
The time to use
sudo is for long-running operations, such as starting a service or a process, or for scripts which are owned by a resource user. The user which executes the script should be the same as the resource user because that user already has the proper authorization and permissions.
The user can really be the same, or the JBoss ON user can be granted
sudo rights to the given command.
When elevating the agent user's permissions, two things must be true:
- There can be no required interaction from the user, including no password prompts.
- It should be possible for the agent to pass variables to the script.
To set up
sudo for resource scripts:
- Grant the JBoss ON agent user
sudorights to the specific script or command. For example, to run a script as thejbossadminuser:[root@server ~]# visudo jbosson-agent hostname=(jbossadmin) NOPASSWD: /opt/jboss-eap/jboss-as/bin/*myScript*.sh
Using theNOPASSWDoption runs the command without prompting for a password.Important
JBoss ON passes command-line arguments with the start script when it starts an EAP instance. This can be done either by including the full command-line script (including arguments) in thesudoersentry or by using thesudo -uuser command in a wrapper script or a script prefix.The second option has a simplersudoersentry - Create or edit a wrapper script to use. Instead of invoking the resource's script directly, invoke the wrapper script which uses
sudoto run the script.Note
For the EAP start script, it is possible to set a script prefix in the connection settings, instead of creating a separate wrapper script:/usr/bin/sudo -u jbosson-agent
For example, for a start script wrapper,start-myScript.sh:#!/bin/sh # start-myScript.sh # Helper script to execute start-myConfig.sh as the user jbosson-agent # sudo -u jbosson-agent /opt/jboss-eap/jboss-as/bin/start-myConfig.sh
- Create the start script, with any arguments or settings to pass with the
run.shscript. For example, forstart-myConfig.sh:nohup ./run.sh -c MyConfig -b jonagent-host 2>&1> jboss-MyConfig.out &
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.