Is there a way to give user crontab permission to use reboot command?
I want crontab to activate a python script that uses geckodriver and then reboots the device when the script finishes. The problem currently is that geckodriver won't run as root and my non-root crontab gives the error below when the script tries to use reboot command:
Failed to set wall message, ignoring: Interactive authentication required.
Failed to reboot system via logind: Interactive authentication required.
Failed to start reboot.target:Interactive authentication required.
See system logs and 'systemctl status reboot.target' for details.
If it's not possible to give non-root cron job permission to reboot, is there some other handy way to circumvent the problem? I guess one solution could be to separate the reboot part of the script as second script and include that in root crontab to be ran after the first script.
I'm using Ubuntu 18.10
Related
I have an issue.
my project is about to view streaming video and control motors or sound by web page (on local IP). I am using Raspberry PI Web Camera Interface. My python scripts only run when click the button (The buttons are on the web page). My sound button works well when I run my script on thonny or terminal but it doesn't work on boot.
Here is my code; ses.py
#!/usr/bin/env python3
from gpiozero import Button
from signal import pause
import time,sys
import subprocess
button = Button(21) # This button is not button on the web page
def play_music():
subprocess.run(["mpg321"],"/home/pi/003.mp3"])
subprocess.run('raspi-gpio set 21 op dh',shell=True)
try:
button.when_pressed = play_music
pause()
except KeyboardInterrupt:
sys.exit()
By the way buttons which is on the web page run .sh file and this .sh file run the python scripts
I write sudo python3 /home/pi/ses.py & > /home/pi/Desktop/log.txt 2>&1 in /etc/rc.local to start on boot.
the log file is empty.
My web gui is here, i have no real button. the buttons what i write about is on this photo. a .sh file run When i click the Ses-2 button, and this .sh file run my ses.py
I write sudo python3 /home/pi/ses.py & > /home/pi/Desktop/log.txt 2>&1 in /etc/rc.local to start on boot.
I guess you did not get that memo, but rc.local has been deprecated for a few years now. I think you may still be able to use it, but it's probably more trouble than it's worth... but here's a guide to help you get started if you're determined to use it.
N.B. This answer uses the CLI/terminal, so if you're not comfortable with that, you can stop reading now.
Other than rc.local you have two other mainstream alternatives for starting your script:
create a systemd "unit"
use cron
cron is generally easier than systemd. I'm all about instant gratification, so let's use that:
a cron job is typically one single line in your crontab file. That line includes a schedule, and a command. cron runs your command at the scheduled time - pretty straightforward.
to create your cron job, you must edit your crontab file. This is done like so:
$ crontab -e
when you open your crontab for the first time the system will prompt you to select an editor. If you're unsure which one to use, choose nano (pico?)
if you need root privileges (and it seems you do) to run your Python script, you should open root's crontab; the only thing to remember w/ scripts run by cron is do not use sudo in your script.:
$ sudo crontab
let's set up the schedule :
In your crontab editor, enter the following at the bottom of the crontab... the #reboot schedule will cause your command to be executed each time your RPi is booted.
#reboot
now that you've completed the schedule, let's enter the command:
#reboot /usr/bin/python3 /home/pi/ses.py > /home/pi/Desktop/log.txt 2>&1
save your crontab & exit the editor; you are ready to test:
$ sudo reboot
Some other things:
cron has some shortcomings relative to systemd. One is that cron does not know whether or not all of the resources needed to execute your script are ready when it is started (cron is actually started by systemd, but that's a longer story).
If you see any evidence in your /home/pi/Desktop/log.txt file that a resource was unavailable when cron tried to run it, the solution is simple: sleep. Edit your cron job to sleep a while before running the command:
#reboot sleep 10; /usr/bin/python3 /home/pi/ses.py > /home/pi/Desktop/log.txt 2>&1
another "shortcoming" is that cron does not run your jobs in the same environment that you have in your login or interactive shell. This can cause some surprises, but a bit of diligence in using full path specifications will generally keep things on track.
finally, note that I have removed your & background invocation in your command. I did this because all cron jobs run in the background... however, I'm not familiar with your application so other adjustments may be required.
So - that's it - end of answer... look forward to hearing your feedback.
SOLVED
I solved the problem. I created a .desktop file with this code sudo nano /etc/xdg/autostart/ses.desktop then i wrote these lines;
[Desktop Entry]
Name=ses
Exec=/usr/bin/python3 /home/pi/ses.py
and
reboot
I have a python script that does some Database operations from an ec2 server by SSHing into another server using paramiko. The script runs fine when I run it directly from the server as ec2-user but when I run the same from Jenkins I get a permission error on /home/ec2-user/.ssh/id_rsa file.
used python3.8 /home/ec2-user/db_refresh.py command to run the script from Jenkins
After some reading and with the help of whomai command, I found that's expected since Jenkins runs the scripts as Jenkins user and no one part from the owner has permissions to read private keys in ~/.ssh/ folder.
I could change the permission so that everyone can read ec2-user's private key but I think that would be a terrible idea(As far as I've read) and I think ssh wouldn't even work if anyone apart from the owner has read permission to that private key(I remember reading it somewhere but not sure)
sshcon = paramiko.SSHClient()
sshcon.connect(MYSQL_HOST, username=SSH_USERNAME, key_filename='/home/ec2-user/.ssh/id_rsa')
That is how SSH into my database server using paramiko.
Can I run my scripts from jenkins as ec2-user or is there some other way that I can overcome this.
In the end, it turned to be quite simple(stupid me)
I just created a key pair for Jenkins user and used it for doing my operations.
One thing to note is since jenkins is service account normal su jenkins won't work. I had to do this sudo su -s /bin/bash jenkins.
While setting up deployment through jenkins for my django project, I got stuck where I had to restart apache2 service to reflect the new changes to the client side. I am not sure how to provide user password after running systemctl reload apache2.service command.
I tried below options but no luck.
1) systemctl reload apache2.service
Result:
Failed to reload apache2.service: Interactive authentication required.
See system logs and 'systemctl status apache2.service' for details.
Build step 'Execute shell' marked build as failure
2) sudo systemctl reload apache2.service
Result :
sudo: no tty present and no askpass program specified
Build step 'Execute shell' marked build as failure
3) Also not sure whether sshpass will help in this case
Attached screenshot taken from jenkins job.
As noted in a comment before, you have an problem with permissions here.
I assume that your Jenkins instance is running under user "jenkins", which cannot execute admin (root) commands. So you need to login via SSH into the machine and make sure that the user "jenkins" can execute this command with sudo.
You can find help for editing the sudoers file here: How To Edit the Sudoers File on Ubuntu and CentOS. I would recommend you to only to allow certain commands.
If you decide that the "jenkins" user needs to enter a password use the following command:
echo password | sudo -S systemctl reload apache2.service
Of cause you should store that password in a secure way and mask it within the build. The Jenkins Credentials Plugin can help you with this.
I am trying use Google Earth Engine's Python API on my 'Windows 10 Home' computer, for which Google recommend I set up a docker container (https://developers.google.com/earth-engine/python_install).
Following the instructions here (https://developers.google.com/earth-engine/python_install-datalab-local), I have downloaded Docker Toolbox and successfully run the docker run hello-world command.
However, when I try to run the following code:
set "GCP_PROJECT_ID=YOUR_PROJECT_ID"
set "CONTAINER_IMAGE_NAME=gcr.io/earthengine-project/datalab-ee:latest"
set "HOME=%HOMEDRIVE%%HOMEPATH%"
set "WORKSPACE=%HOME%\workspace\datalab-ee"
mkdir "%WORKSPACE%"
cd %WORKSPACE%
I get the following error on the 5th line: mkdir: cannot create directory '%WORKSPACE': Permission denied.
Does anyone know what's causing this? I have only ever use Anaconda Prompt and am not used to the syntax of this terminal.
Also, just to clarify, I entered the correct project ID into the terminal for line 1, but have not shared it here.
Problem solved. I was using the Docker Quickstart Terminal. Switched to Windows Command Prompt and everything running fine.
You may need to add yourself to the docker user group.
Run the following command in your shell or terminal window:
sudo usermod -a -G docker ${USER}
where user is the google user with which I log in to the console, after executing the command it is necessary to restart the terminal.
In order to use pigpio Module in Python (remote GPIO for Raspberry Pi ), pigpiod has to be loaded to memory on each RPi.
what is the right way to to it ? during Ubuntu's boot or a part of Python's script ?
since It needs sudo pigpiod- how is it done (both Ubuntu and Python )?
An alternative it to use the reboot option within cron
Run:
crontab -e
then add the entry:
#reboot /pathtoexecutable
This will run the process every time the system boots.
I haven't used pigpiod, but I'm assuming it's a daemon (a long running Linux process) that you want to start at boot. The standard way to do that in most modern Linux systems (including Raspberri Pi, I think) is to use systemd. Give the following commands a try:
systemctcl start pigpiod # start it now
systemctl enable pigpiod # start it each boot
systemctl status pigpiod # make sure it started
# https://www.digitalocean.com/community/tutorials/how-to-use-journalctl-to-view-and-manipulate-systemd-logs
journalctl -u pigpiod # Use this to see logs.
If systemctl complains about not being able to find the service, you'll have to create a service file for it. This is a text file you place in a directory that tells systemd how to deamonize the process. Here is a blog post where someone does this, and Google should find you others if it doesn't help.
Then you should be able to connect with Python.
Answered in gpiozero documentation