Ask Your Question

how execute commands as one user in puppet but then exit out of that user back to root"

asked 2015-05-14 18:10:03 -0600

tonyroma gravatar image

user { "user1": ensure => present, group => 0, } ->

exec { 'switchUser': command => "su user1", path => "/usr/bin/", } ->

do stuff with user

exit out of user to switch back to root

do stuff with root...

(how would i actually do the exit out of user command)

edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted

answered 2015-05-18 04:15:42 -0600

Martijn Heemels gravatar image

It seems to me you're trying to use Puppet as a scripting language, which it is not. The resources are not executed like lines in a batch file, instead use them to define the state you want things to be in. The Exec type doesn't really fit in that way of thinking and should usually be avoided for that reason. Think of each resource being processed as a separate entity, independent of the others, only linked by the actual state of the system and by the relationships you define between them (require, notify, etc.).

The Exec type has the 'user' attribute built-in, so just use that. The default user is 'root' so if you set this attribute to another user, the command is automatically executed as that user. This has no effect on other resources, so they will still be executed as 'root'.

user { 'user1':
    ensure => 'present',
    group => '0',

exec { "doStuff":
    user => 'user1',
    path => '/usr/bin/',
    require => User['user1'],

If you need to perform multiple Execs as the same user, just be sure to specify the 'user' attribute for each Exec.

Note: the Require of user1 in Exec is not technically necessary since Puppet will auto-require the user if it's managed via Puppet and specified by name. I prefer to be explicit though. The way you did it with arrows will also work.

Tip: Only use the Exec resource type if you can't find a more suitable resource type in Puppet. It will often seem like the easiest solution, but Exec can get confusing and complex pretty quickly since you effectively have to recreate all the logic that's built into Puppet's more advanced resource types. There's often a better way (though not always).

edit flag offensive delete link more


Thank you!.. I saw this a bit late so my work around was by doing command => "su User -c 'mkdir /home/UserDir/UserFile'",

tonyroma gravatar imagetonyroma ( 2015-05-18 09:19:11 -0600 )edit

answered 2015-05-17 13:26:53 -0600

JohnsonEarls gravatar image

updated 2015-05-17 13:27:44 -0600

The only way I can think of to do this is to have your class generate a puppet .pp file then use a single exec to run puppet apply of that .pp file as the user in question:

file { "/tmp/dostuff.pp":
    ensure => file,
    source => "...",
    user => "..."

exec { "puppet apply /tmp/dostuff.pp":
    path => [ ... ],
    user => "...",
    require => File["/tmp/dostuff.pp"]
edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2015-05-14 18:10:03 -0600

Seen: 1,905 times

Last updated: May 18 '15