计算引擎启动脚本无法以非root用户身份执行 [英] compute engine startup script can't execute as a non-root user

问题描述

将问题归结为最简单的情况，我使用具有以下启动脚本的Compute Engine:

Boiling my issue down to the simplest case, I'm using Compute Engine with the following startup-script:

#! /bin/bash
sudo useradd -m drupal
su drupal
cd /home/drupal
touch test.txt

此命令后，我可以确认drupal用户存在，测试文件也是如此.但是，我希望测试文件的所有者是"drupal"(因此为su).但是，当我将其用作启动脚本时，我仍然可以确认ROOT是文件的所有者:

I can confirm the drupal user exists after this command, so does the test file. However I expect the owner of the test file to be 'drupal' (hence the su). However, when I use this as a startup script I can still confirm ROOT is the owner of the file:

是我的

su drupal

不起作用. sudo su drupal也没有任何区别.我正在使用Google Container OS，但在Debian 8映像上也会发生同样的情况.

did not work. sudo su drupal also does not make any difference. I'm using Google Container OS, but same happens on a Debian 8 image.

推荐答案

sudo su不是在shell中运行的命令-它会启动一个新的shell.

sudo su is not a command run within a shell -- it starts a new shell.

该新外壳不再运行您的脚本，而正在运行该脚本的旧外壳在新脚本继续运行之前等待退出.

That new shell is no longer running your script, and the old shell that is running the script waits for the new one to exit before it continues.

sudo su命令将启动一个新的shell.旧的shell等待旧的shell退出并继续执行其余代码. 您的脚本在旧" shell中运行，这意味着这些命令:

The sudo su command will start a new shell. The old shell waits for the old one to exit and continues executing the rest of the code. Your script is running in the 'old' shell, which means these commands:

cd /home/drupal
touch test.txt

仍以root用户身份执行，因此这些文件的所有者也是root用户.

are still executed as root and thus the owner of these files is root as well.

您可以将脚本修改为此:

You can modify your script to this:

#! /bin/bash
sudo useradd -m drupal
sudo -u drupal bash -c 'cd ~/; touch text2.txt'

，它应该可以工作. -u标志按照用户指定的命令执行命令，在这种情况下为'drupal'

and it should work. The -u flag executes the command as the user specified, in this case 'drupal'

这篇关于计算引擎启动脚本无法以非root用户身份执行的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！