Using su and sudo

The su command (as used by IBM® UrbanCode Deploy) enables a user to start a shell as another user (process steps can be considered individual shells).

When you configure a process step (see Processes), you can tell IBM UrbanCode Deploy to use impersonation for the step. By default, su is used but you can use sudo instead. To configure impersonation, you supply the user name that is required by the target host. When the impersonation-configured process step runs, the su or sudo command runs the step as the impersonated user. Each step that needs user impersonation must be configured independently.

Before sudo can be used, impersonation privileges must be defined in the /etc/sudoers file. When you configure sudoers, ensure that the impersonating user does not need to supply a password. Typically, you would configure the /etc/sudoers file like the following example:

Defaults:X !requiretty 
X ALL=(Y) NOPASSWD: ALL 

where X and Y are user names. Configured this way, user X can run any command as user Y without supplying a password.

su and sudo maintain a record in the system logs of all of their activity. su can be used without configuring the sudoers file. For information about su/sudo, see the UNIX or Linux documentation.

Note: For UNIX or Linux agents, the password option is ignored.
To customize the su and sudo commands, you can set the following properties on the agent, in the installed.properties file:
Table 1. Agent properties for the su and sudo commands
Property Default value Description
com.urbancode.shell.impersonation.unix.sudoFormat %s -n -u %u %c Syntax of the sudo command
com.urbancode.shell.impersonation.unix.sudoGroupFormat %s -n -u %u -g %g %c Syntax of the sudo command when a group is specified
com.urbancode.shell.impersonation.unix.suFormat %s - %u -c %c Syntax of the su command
Tip: To set these properties on new agents, create a generic process that updates the installed.properties file and run the process on new agents.
You can use the following variables in these properties:
Table 2. Variables for the su and sudo commands
Variable Value
%s The location of the su or sudo executable
%u The user
%g The group
%c The command to run

Feedback