Run command as not-root

Hi everyone

At work, I have to run a command in an AWS instance. In that particular instance only exists the root user. The command should not be executed with root privileges (it executes mpirun, which is not recommended to run as sudo or the machine might break), so I was wondering if there is a way to block or disable the sudo privileges while the command is running. As mentioned, the only user existing there is root, so I suppose “sudo -u” is not an option.

Does anyone know how to do it? Thanks in advance!

@linux

    • nirogu@social.vivaldi.netOP
      link
      fedilink
      arrow-up
      0
      ·
      1 year ago

      @Oisteink in another comment (https://social.vivaldi.net/users/nirogu/statuses/111342629815373353) I explained why I’d prefer not to create another user, as it would require a lot of work to configure everything again for that command to work (it’s a big process). I was thinking of hiding my sudo permissions from the program or something like that, if possible, because many things in the instance are only configured to be used with the root user, even if they don’t require sudo. Anyway, I’m seeing that it might not be possible so creating a new user could be the only option 🙁

      • Oisteink@feddit.nl
        link
        fedilink
        arrow-up
        4
        ·
        1 year ago

        Read your other post and it seems to me that a rebuild of the system to accommodate non-root users would be my preferred solution. Trying to “work around“ issues like this are prone to break as the system is updated/changed. And you’re back to trying to figure out what’s changed and makes your script break.

        • nirogu@social.vivaldi.netOP
          link
          fedilink
          arrow-up
          2
          ·
          1 year ago

          @Oisteink yep, that seems the right thing to do. Honestly, most of the real problem was lazyness to reconfigure everything, and that’s why I published the question. But now I’m convinced that that’s the only way lol
          Thanks for the help!

          • Oisteink@feddit.nl
            link
            fedilink
            arrow-up
            3
            ·
            1 year ago

            Laziness sparks innovation, and there could possibly be some other way to drop privileges. There’s loads of stuff I learn about Linux still - and my first install was summer 94

            Keep at it!

          • nickwitha_k (he/him)@lemmy.sdf.org
            link
            fedilink
            arrow-up
            2
            ·
            1 year ago

            You’re not wrong for trying to find another solution. Unfortunately, I think, in this case, your up against fundamental Linux permissions. One possibility would be running the work in a container with reduced capabilities but, it really is going to depend on what behaviors you’re trying to avoid.

            Overall, it’s likely a better idea to re-install because noone should be running stuff directly as root in the majority of production scenarios.

      • Oisteink@feddit.nl
        link
        fedilink
        arrow-up
        3
        ·
        edit-2
        1 year ago

        Linux privilege only understands user id’s and group id’s. These are mapped through /etc/passwd and /etc/groups. You will see in passwd that the root user has UID 0. Any account you create with UID 0 will have root privileges. So running the command specifying any user with UID!=0 will run without those privileges.

        It’s also possible to set user on execution with setuid - but that won’t work on scripts only binary executables.

        https://en.wikipedia.org/wiki/Setuid

        https://en.wikipedia.org/wiki/User_identifier

        https://en.wikipedia.org/wiki/Group_identifier