In my custom pattern I need to run a script file on a Linux server. The file gets uploaded in my pattern via MID-server but the file needs to be executed as user_x.
But I just found out that I can't switch user using sudo su user_x command and that I need to run it like this:
sudo -u user_x myUploadedFile.shHow is that done in the pattern? Here are my steps:
So, what do I do in step 3 to execute the file using the sudo -u command?
Thanks!
Edit: Found this thread, and it's basically the same but without a resolution. Adding the sudo -u command in the file did not solve the issue. Running a command on linux under sudo -u
Ok. So I asked around and got some feedback and tried a new approach and it seems to be doing what I want. Here's a screen shot of what the step in pattern looks like:
The output from Discovery Log gives me this:
Parse Command Output
2020-10-15 21:09:09: Executing SSH command: sudo -u <user_x> "/tmp/<foldername>/myUploadedFile.sh"
2020-10-15 21:09:11: Command result: sudo: unable to execute /tmp/<foldername>/myUploadedFile.sh: Permission denied
2020-10-15 21:09:11: Command failed with status 1
2020-10-15 21:09:11: Execution time: 2235 ms
I need to make sure correct permissions are set to file but this looks promising!
Ok. So I asked around and got some feedback and tried a new approach and it seems to be doing what I want. Here's a screen shot of what the step in pattern looks like:
The output from Discovery Log gives me this:
Parse Command Output
2020-10-15 21:09:09: Executing SSH command: sudo -u <user_x> "/tmp/<foldername>/myUploadedFile.sh"
2020-10-15 21:09:11: Command result: sudo: unable to execute /tmp/<foldername>/myUploadedFile.sh: Permission denied
2020-10-15 21:09:11: Command failed with status 1
2020-10-15 21:09:11: Execution time: 2235 ms
I need to make sure correct permissions are set to file but this looks promising!
Hi Henrik!
The way you have done it will absolutely work!
Just a few words on best practice around this:
The way you have hardcoded the username will make you have to update the pattern, and release a new version to Prod and so on, if the oracle team wants to change user at some point.
1. Best practice is to set up an Applicative credentials in the credentials table for the CI type that the pattern is connected to (or you can change CI type in the 'Parse Command Output' operation by clicking 'Advanced Details'). In your case the Applicative credential would be for 'Oracle Instance'.
https://docs.servicenow.com/bundle/paris-servicenow-platform/page/product/credentials/reference/applicative-creds.html
2. Use the 'Change User' operation to get access to the Applicative Credentials.
3. Then in the 'Parse Command Output' operation - in the command it self use the variable $$username$$. This will be populated in runtime with the username of the user that is in the applicative credentials.
If you be any reason need to send the password as well you will use the $$password$$ variable.
4. Then use the 'Unchange user' operation, and the rest of the pattern will be executed as the normal plattform user again.
In this case you just change the user in the Applicative Credential Record if it needs to change, and nothing is hardcoded in the pattern.
BR
Chat
