Emit upstart events as regular user

1

I want to create a situation where something unprivileged user does (via SSH) triggers an event that causes an upstart job do perform some action. The activities rely on filesystem changes, so I welcome alternative methods.

Basically I want to have something like:

description "Foo job"
exec foo
start on foo

and then have the user trigger the event like foo. When I say "user", I actually mean a git hook script that is run automatically when git pushes to a repository on the host via SSH.

I've tried simply running initctl emit foo, but that only works when I do so as root.

I also cannot use user jobs for this particular case, because I want the job in question to restart servers and create directory structures where user emitting the event has no access.

Any ideas on how I could accomplish this without giving user unnecessary privileges?

EDIT: Just to add a requirement I forgot to mention. This has to be scriptable, so entering passwords is not an option.

user128580

Posted 2013-01-22T20:23:47.360

Reputation:

Answers

2

To answer my own question, sudoers file can be modified to allow users to run specific commands complete with arguments. So for the situation in question, something like this will do the job:

Cmnd_Alias EMIT_CMD = /sbin/initctl emit foo
user ALL=(ALL) NOPASSWD: EMIT_CMD

This can be placed either in /etc/sudoers, or in a file in /etc/sudoers.d if your opreating system is configured that way.

Once sudo is configured, the unprivileged user will be able to call initctl command without password, but only with the specified arguments, and any other set of arguments will fail since the user is (hopefully) not in the sudoers list in any other capacity.

user128580

Posted 2013-01-22T20:23:47.360

Reputation:

Asked: 2013-01-22T20:23:47.360

Viewed: 791 times

Active: 2013-01-22T21:00:27.750