Centos 7 sudo -u <user> mkdir -p <path> stopped working - centos

I have an odd issue where as of recently I am unable to run mkdir -p for a different user running as root and get the following error:
[root#ip-192-168-1-146 ~]# sudo -u myuser mkdir -p /some/target/path
sudo: mkdir -p: command not found
When I test as the 'myuser' user the mkdir -p command works fine. I have additionally tried the following without success:
su - myuser -c "mkdir -p /some/target/path"
sudo -u myuser -i mkdir -p /some/target/path
sudo -u myuser -i -c "mkdir -p /some/target/path" <---dont think syntax is right on this but tried anyways.
Context: I am executing a script to setup my AWS EC2 instance that populates all defined directories. This has been working fine until recently. Not including my script here as the above command doesn't work by itself.
Env output for 'mysuser':
$ env
XDG_SESSION_ID=1
HOSTNAME=ip-192-168-1-146.ec2.internal
SHELL=/bin/bash
TERM=xterm-256color
HISTSIZE=1000
USER=myuser
LS_COLORS=rs=0:di=38;5;27:ln=38;5;51:mh=44;38;5;15:pi=40;38;5;11:so=38;5;13:do=38;5;5:bd=48;5;232;38;5;11:cd=48;5;232;38;5;3:or=48;5;232;38;5;9:mi=05;48;5;232;38;5;15:su=48;5;196;38;5;15:sg=48;5;11;38;5;16:ca=48;5;196;38;5;226:tw=48;5;10;38;5;16:ow=48;5;10;38;5;21:st=48;5;21;38;5;15:ex=38;5;34:*.tar=38;5;9:*.tgz=38;5;9:*.arc=38;5;9:*.arj=38;5;9:*.taz=38;5;9:*.lha=38;5;9:*.lz4=38;5;9:*.lzh=38;5;9:*.lzma=38;5;9:*.tlz=38;5;9:*.txz=38;5;9:*.tzo=38;5;9:*.t7z=38;5;9:*.zip=38;5;9:*.z=38;5;9:*.Z=38;5;9:*.dz=38;5;9:*.gz=38;5;9:*.lrz=38;5;9:*.lz=38;5;9:*.lzo=38;5;9:*.xz=38;5;9:*.bz2=38;5;9:*.bz=38;5;9:*.tbz=38;5;9:*.tbz2=38;5;9:*.tz=38;5;9:*.deb=38;5;9:*.rpm=38;5;9:*.jar=38;5;9:*.war=38;5;9:*.ear=38;5;9:*.sar=38;5;9:*.rar=38;5;9:*.alz=38;5;9:*.ace=38;5;9:*.zoo=38;5;9:*.cpio=38;5;9:*.7z=38;5;9:*.rz=38;5;9:*.cab=38;5;9:*.jpg=38;5;13:*.jpeg=38;5;13:*.gif=38;5;13:*.bmp=38;5;13:*.pbm=38;5;13:*.pgm=38;5;13:*.ppm=38;5;13:*.tga=38;5;13:*.xbm=38;5;13:*.xpm=38;5;13:*.tif=38;5;13:*.tiff=38;5;13:*.png=38;5;13:*.svg=38;5;13:*.svgz=38;5;13:*.mng=38;5;13:*.pcx=38;5;13:*.mov=38;5;13:*.mpg=38;5;13:*.mpeg=38;5;13:*.m2v=38;5;13:*.mkv=38;5;13:*.webm=38;5;13:*.ogm=38;5;13:*.mp4=38;5;13:*.m4v=38;5;13:*.mp4v=38;5;13:*.vob=38;5;13:*.qt=38;5;13:*.nuv=38;5;13:*.wmv=38;5;13:*.asf=38;5;13:*.rm=38;5;13:*.rmvb=38;5;13:*.flc=38;5;13:*.avi=38;5;13:*.fli=38;5;13:*.flv=38;5;13:*.gl=38;5;13:*.dl=38;5;13:*.xcf=38;5;13:*.xwd=38;5;13:*.yuv=38;5;13:*.cgm=38;5;13:*.emf=38;5;13:*.axv=38;5;13:*.anx=38;5;13:*.ogv=38;5;13:*.ogx=38;5;13:*.aac=38;5;45:*.au=38;5;45:*.flac=38;5;45:*.mid=38;5;45:*.midi=38;5;45:*.mka=38;5;45:*.mp3=38;5;45:*.mpc=38;5;45:*.ogg=38;5;45:*.ra=38;5;45:*.wav=38;5;45:*.axa=38;5;45:*.oga=38;5;45:*.spx=38;5;45:*.xspf=38;5;45:
MAIL=/var/spool/mail/myuser
PATH=/sbin:/bin:/opt/home/myuser/.local/bin:/opt/home/myuser/bin
PWD=/opt/home/myuser
LANG=en_US.UTF-8
HISTCONTROL=ignoredups
SHLVL=1
HOME=/opt/home/myuser
LOGNAME=myuser
LESSOPEN=||/usr/bin/lesspipe.sh %s
_=/bin/env
Env output for 'root':
$ env
XDG_SESSION_ID=1
HOSTNAME=ip-192-168-1-146.ec2.internal
SHELL=/bin/bash
TERM=xterm-256color
HISTSIZE=1000
USER=root
LS_COLORS=rs=0:di=38;5;27:ln=38;5;51:mh=44;38;5;15:pi=40;38;5;11:so=38;5;13:do=38;5;5:bd=48;5;232;38;5;11:cd=48;5;232;38;5;3:or=48;5;232;38;5;9:mi=05;48;5;232;38;5;15:su=48;5;196;38;5;15:sg=48;5;11;38;5;16:ca=48;5;196;38;5;226:tw=48;5;10;38;5;16:ow=48;5;10;38;5;21:st=48;5;21;38;5;15:ex=38;5;34:*.tar=38;5;9:*.tgz=38;5;9:*.arc=38;5;9:*.arj=38;5;9:*.taz=38;5;9:*.lha=38;5;9:*.lz4=38;5;9:*.lzh=38;5;9:*.lzma=38;5;9:*.tlz=38;5;9:*.txz=38;5;9:*.tzo=38;5;9:*.t7z=38;5;9:*.zip=38;5;9:*.z=38;5;9:*.Z=38;5;9:*.dz=38;5;9:*.gz=38;5;9:*.lrz=38;5;9:*.lz=38;5;9:*.lzo=38;5;9:*.xz=38;5;9:*.bz2=38;5;9:*.bz=38;5;9:*.tbz=38;5;9:*.tbz2=38;5;9:*.tz=38;5;9:*.deb=38;5;9:*.rpm=38;5;9:*.jar=38;5;9:*.war=38;5;9:*.ear=38;5;9:*.sar=38;5;9:*.rar=38;5;9:*.alz=38;5;9:*.ace=38;5;9:*.zoo=38;5;9:*.cpio=38;5;9:*.7z=38;5;9:*.rz=38;5;9:*.cab=38;5;9:*.jpg=38;5;13:*.jpeg=38;5;13:*.gif=38;5;13:*.bmp=38;5;13:*.pbm=38;5;13:*.pgm=38;5;13:*.ppm=38;5;13:*.tga=38;5;13:*.xbm=38;5;13:*.xpm=38;5;13:*.tif=38;5;13:*.tiff=38;5;13:*.png=38;5;13:*.svg=38;5;13:*.svgz=38;5;13:*.mng=38;5;13:*.pcx=38;5;13:*.mov=38;5;13:*.mpg=38;5;13:*.mpeg=38;5;13:*.m2v=38;5;13:*.mkv=38;5;13:*.webm=38;5;13:*.ogm=38;5;13:*.mp4=38;5;13:*.m4v=38;5;13:*.mp4v=38;5;13:*.vob=38;5;13:*.qt=38;5;13:*.nuv=38;5;13:*.wmv=38;5;13:*.asf=38;5;13:*.rm=38;5;13:*.rmvb=38;5;13:*.flc=38;5;13:*.avi=38;5;13:*.fli=38;5;13:*.flv=38;5;13:*.gl=38;5;13:*.dl=38;5;13:*.xcf=38;5;13:*.xwd=38;5;13:*.yuv=38;5;13:*.cgm=38;5;13:*.emf=38;5;13:*.axv=38;5;13:*.anx=38;5;13:*.ogv=38;5;13:*.ogx=38;5;13:*.aac=38;5;45:*.au=38;5;45:*.flac=38;5;45:*.mid=38;5;45:*.midi=38;5;45:*.mka=38;5;45:*.mp3=38;5;45:*.mpc=38;5;45:*.ogg=38;5;45:*.ra=38;5;45:*.wav=38;5;45:*.axa=38;5;45:*.oga=38;5;45:*.spx=38;5;45:*.xspf=38;5;45:
MAIL=/var/spool/mail/root
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
PWD=/root
LANG=en_US.UTF-8
HISTCONTROL=ignoredups
SHLVL=1
HOME=/root
LOGNAME=root
LESSOPEN=||/usr/bin/lesspipe.sh %s
_=/bin/env
mkdir is on the system:
[root#ip-192-168-1-146 ~]# ls /bin/mkdir
/bin/mkdir
[root#ip-192-168-1-146 ~]# which mkdir
/bin/mkdir
[myuser#ip-192-168-1-146 ~]$ which mkdir
/bin/mkdir
I am at a loss, if anyone has any suggestions I'ld be greatful. Again this has been working for few months now.
Thanks!

so...no idea how it happened but somehow I pasted a special character M-BM- in place of a proper space char.
The M-BM- characters are an ASCII representation of byte sequence 0xc2 0xa0, which is the UTF8 encoding of unicode character A0 - a non-breaking space character. This character can be inserted in both LibreOffice and Microsoft Word documents using the key sequence Ctrl+Shift+SPACE.
¯\(ツ)/¯

Related

Command not found when running as other user with sudo

I am trying to run psql with user postgres. When I run sudo su - postgres AND THEN psql from within the new session, it is working smoothly. In fact, the ~/.bashrc in that session with use postgres has the correct PATH.
However, if I run sudo -u postgres psql, I get sudo: psql: command not found. Even though the session where I am running this command (I use the FISH shell) has the correct PATH as well, and I can invoke psql without the full path with my user.
I need to invoke the command as sudo -u postgres psql, how can this behavior be explained?
Edit: if (from FISH) I switch to BASH and run sudo -u postgres psql, it works! I guess it has to do with the FISH path then...
Edit 2: The issue seems to be that the PATH is reset when using sudo.
➜ ~ psql
psql: error: connection to server on socket "/var/run/postgresql/.s.PGSQL.5432" failed: FATAL: role "opc" does not exist
➜ ~ sudo -u postgres psql
sudo: psql: command not found
➜ ~ echo $PATH
/home/opc/.local /home/opc/.local/bin /usr/pgsql-15/bin /usr/pgsql-15/bin /usr/local/bin /usr/bin /usr/local/sbin /usr/sbin
➜ ~ sudo echo $PATH
/home/opc/.local /home/opc/.local/bin /usr/pgsql-15/bin /usr/pgsql-15/bin /usr/local/bin /usr/bin /usr/local/sbin /usr/sbin
➜ ~ sudo -u postgres /usr/pgsql-15/bin/psql
could not change directory to "/home/opc": Permission denied
psql (15.1)
Type "help" for help.
postgres=#
But if I echo $PATH with sudo, it seems fine...
This is caused by a sudo configuration that has the "secure_path" setting. This causes sudo to reset $PATH to a hardcoded "known safe" value. This might be enabled by your distribution.
When you run sudo bash, that bash will read its settings, including .bashrc, and if you set $PATH in that it will then, of course, have that $PATH again.
But if you run a command without going through a shell that resets $PATH, you'll get the hardcoded setting.
It's possible to change that setting by running sudo visudo and changing the line that says
Defaults secure_path="some:path:here"
to
Defaults !secure_path
An alternative is to just run the command via the fully qualified path, like
sudo -u postgres (command -s psql)
One more comment about your tests:
sudo echo $PATH
This doesn't do what you want. The $PATH will be expanded by the shell that runs sudo, and so sudo won't ever see anything but the value of it. It is exactly equivalent to running sudo echo /home/opc/.local /home/opc/.local/bin /usr/pgsql-15/bin ....
You might want to use something like
sudo env
or
sudo sh -c 'echo $PATH'
instead.

shell script having embedded password inside it is not working as expected

I have developed a shell script whose job is to take the dump of postgres DB. Below is the snippet:
#!/bin/sh
today=$(date +"%Y-%m-%d")
yes "password" | sudo -S sudo su - postgres <<EOF
/usr/pgsql-11/bin/pg_dump -U postgres -d db_name > /home/db_backup/db_name_$today.sql
EOF
exit
However, this script is NOT running because of the below reason:
[sudo] password for user: Sorry, Try again
However, when I use sudo su - postgres and then provide password, it is working as expected. And interestingly, if now I run the above shell script after the login, it runs absolutely fine.
What I am missing here.
It is dangerous to store passwords in scripts, so please do not do it.
Modify your /etc/sudoers file by running sudo visudo and adding a line like this at the bottom:
%sudo ALL=(postgres) NOPASSWD: /usr/bin/psql
This allows anyone with sudo permission to run /usr/bin/psql to postgres on any host (ALL) with no password.
Now your script should work this way:
#!/bin/sh
today=$(date +"%Y-%m-%d")
sudo -b -n -H -u postgres /usr/pgsql-11/bin/pg_dump -U postgres -d db_name > /home/db_backup/db_name_$today.sql
Make sure postgres can write to the directory /home/db_backup/.

su: user sh does not exist

I'm trying to execute this code:
sudo su sh <(curl https://mirror.cyberpanel.net/install-test.sh || wget -O - https://mirror.cyberpanel.net/install-test.sh)
but get this output:
...
su: user sh does not exist
....
curl: (23) Failed writing body (0 != 8192)
.....
Cannot write to ‘-’ (Success).
Can anyone help resolve?
In the command su sh sh is a user name. If you want su to interpret it as a command to run add option -c:
sudo su -c "sh…"
See https://linux.die.net/man/1/su and https://www.sudo.ws/man.html
Save the file to disk first
url=https://mirror.cyberpanel.net/install-test.sh
curl -O "$url" || wget -O - "$url"
# Examine the contents of install-test.sh first, *then* run ...
sudo sh install-test.sh
"Examine" could me reading it yourself to verify that it doesn't do anything you don't want it to do, or comparing its MD5 checksum to an expected value.

cstore_fdw extension: FATAL: could not access file "‘cstore_fdw’": No such file or directory

I've installed the cstore_fdw extension in PostgreSQL 9.3.5 on OS X, and it looks as though there was no error in the process (/usr/local/pgsql/bin/ is incorrect path, but files were copied where they should be, as pg_config is symlinked in the $PATH):
XXX:cstore_fdw kjedrzejewski$ sudo PATH=/usr/local/pgsql/bin/:$PATH make install
/bin/sh /usr/local/Cellar/postgresql/9.3.5_1/lib/pgxs/src/makefiles/../../config/install-sh -c -d '/usr/local/Cellar/postgresql/9.3.5_1/lib'
/bin/sh /usr/local/Cellar/postgresql/9.3.5_1/lib/pgxs/src/makefiles/../../config/install-sh -c -d '/usr/local/Cellar/postgresql/9.3.5_1/share/postgresql/extension'
/bin/sh /usr/local/Cellar/postgresql/9.3.5_1/lib/pgxs/src/makefiles/../../config/install-sh -c -d '/usr/local/Cellar/postgresql/9.3.5_1/share/postgresql/extension'
/usr/bin/install -c -m 755 cstore_fdw.so '/usr/local/Cellar/postgresql/9.3.5_1/lib/cstore_fdw.so'
/usr/bin/install -c -m 644 ./cstore_fdw.control '/usr/local/Cellar/postgresql/9.3.5_1/share/postgresql/extension/'
/usr/bin/install -c -m 644 ./cstore_fdw--1.3.sql ./cstore_fdw--1.2--1.3.sql ./cstore_fdw--1.1--1.2.sql ./cstore_fdw--1.0--1.1.sql '/usr/local/Cellar/postgresql/9.3.5_1/share/postgresql/extension/'
XXX:cstore_fdw kjedrzejewski$
However, when I try to start Postgres, the extension cannot be loaded:
XXX:cstore_fdw kjedrzejewski$ pg_ctl -D /usr/local/var/postgres start
server starting
XXX:cstore_fdw kjedrzejewski$ FATAL: could not access file "‘cstore_fdw’": No such file or directory
Has anyone got any idea what may be wrong?
It looks like the quotes around your config value are smart quotes? They need to be normal quotes:
shared_preload_libraries='cstore_fdw'

Postgres cannot see my PGDATA environment variable

Can anyone explain this:
~$ echo $PGDATA
/Library/PostgreSQL/9.2/data
~$ cd /Library/PostgreSQL/9.2/
/Library/PostgreSQL/9.2$ sudo su postgres
bash-3.2$ echo $PGDATA
<blank line>
bash-3.2$ pg_ctl start
pg_ctl: no database directory specified and environment variable PGDATA unset
Try "pg_ctl --help" for more information.
bash-3.2$ export PGDATA="/Library/PostgreSQL/9.2/data"
bash-3.2$ pg_ctl start
server starting
bash-3.2$
The following is in my ~/.bashrc file:
export PGDATA="/Library/PostgreSQL/9.2/data"
I'm not mis-spelling the path in PGDATA:
~$ echo $PGDATA
/Library/PostgreSQL/9.2/data
export PGDATA="/Library/PostgreSQL/9.2/data"
sudo can't be assumed to keep the environment variables of its caller.
See its manpage for the details with your specific OS.
As far as I know, environment variables are attached to a shell, and as far as I can tell I'm in the same shell.
This works for me:
~$ cd /Library/PostgreSQL/9.2/
/Library/PostgreSQL/9.2$ sudo -E su postgres
...
-E The -E (preserve environment) option will override the
env_reset option in sudoers(5)). It is only available when
either the matching command has the SETENV tag or the
setenv option is set in sudoers(5).
I only understand the following:
The -E (preserve environment) option
Next comment:
When I su to postgres I do su - postgres. Notice the hyphen.
Here is what my man pages say about the hyphen:
-l Simulate a full login. The environment is discarded except for
HOME, SHELL, PATH, TERM, and USER. HOME and SHELL are modified
as above. USER is set to the target login. PATH is set to
``/bin:/usr/bin''. TERM is imported from your current environ-
ment. The invoked shell is the target login's, and su will
change directory to the target login's home directory.
- (no letter) The same as -l.
I don't see how that will preserve the PGDATA environment variable, and this is what happened when I tried the hyphen:
/Library/PostgreSQL/9.2$ sudo su - postgres
Password:
7studs-computer:~ postgres$ ls
bin pgAdmin3.app
data pg_env.sh
doc scripts
include share
installer stackbuilder.app
lib uninstall-postgresql.app
7studs-computer:~ postgres$ pg_ctl start
-bash: pg_ctl: command not found
7studs-computer:~ postgres$ ls
bin pgAdmin3.app
data pg_env.sh
doc scripts
include share
installer stackbuilder.app
lib uninstall-postgresql.app
7studs-computer:~ postgres$ cd bin
7studs-computer:bin postgres$ ls
clusterdb pg_config pgbench
createdb pg_controldata pltcl_delmod
createlang pg_ctl pltcl_listmod
createuser pg_dump pltcl_loadmod
dropdb pg_dumpall postgres
droplang pg_receivexlog postmaster
dropuser pg_resetxlog psql
ecpg pg_restore reindexdb
initdb pg_standby vacuumdb
oid2name pg_test_fsync vacuumlo
pg_archivecleanup pg_test_timing
pg_basebackup pg_upgrade
7studs-computer:bin postgres$ ./pg_ctl start
pg_ctl: no database directory specified and environment variable PGDATA unset
Try "pg_ctl --help" for more information.
7studs-computer:bin postgres$
So the hyphen doesn't work for me (OSX 10.6.8).