run sub-script as normal user within a script run by root

Hello.

I run the following script as user root from a terminal in a kde environment. I start it using :

sudo /path/to/script/main.sh
#!/bin/bash
#
########################
#
#    {config_script}
#
#    /xxx/yyyyyyy/main.sh
#
#    §2019_08_11§
#
#    ¨version:34¨
#
#    ɸminor_version:0-0-0ɸ
#
########################

# # ensure running as root
if  "$(id -u)" != "0" ]; then
    echo
    echo
    echo "This script must be run as root user"
    echo
    echo
    exit 255
fi

#
# TASK 1
#
/xxx/yyyyyyy/task_1.sh

#
# TASK 2
#
/xxx/yyyyyyy/task_2.sh

#
# TASK 3
#
/xxx/yyyyyyy/task_3.sh

.....................
.....................
.....................
.....................

#
# TASK n
#
/xxx/yyyyyyy/task_n.sh


Some sub-script ‘zzzzz’ within script ‘xxxxxx’ (run as root user) must be run as normal user ‘userA’ .
Or some command must be run as normal user ‘userA’ .

As an real example, I need to create a firefox profile for ‘userA’ .
To do so, within the caller script ‘xxxxxxxx’ I call a script named : create_firefox_profile_user.sh

runuser -l userA  -c '/path/to/script/create_firefox_profile_user.sh  "userA" '  
#!/bin/bash
#
#
########################
#
#    {config_jcd}
#
#    /xxx/yyyyyyy/create_firefox_profile_user.sh 
#
#    §2019_08_11§
#
#    ¨version:34¨
#
#    ɸminor_version:0-0-0ɸ
#
########################

CUR_USER="$1"
echo "Creating firefox profile for user $CUR_USER"
firefox -P

I got an error :

Error: no DISPLAY environment variable specified

Changing the command to :

DISPLAY=":0"  firefox -P

suppress the error.

Is there a more academic way to run script as another user without the error concerning the dispaly variable.
Is there other environment variables that are not set from the point of view of the user currently changed.

Any help and/or comments are welcome.

You are having this problem, mainly because “sudo” does not pass on the DISPLAY and XAUTHORITY environment variables. If you use “su -” to get a root shell, then those variables are passed. Or you can modify “/etc/sudoers” and tell it to pass DISPLAY and XAUTHORITY.

Maybe you could work around this by changing it to this


firefox -P --headless

and use ’ su - ’ like nrickert suggests, then


sudo -u YOUR_USER /path/to/script.sh

Hi
Not sure what tasks your performing, but a lot can be preconfigured in /usr/lib64/firefox/defaults/pref/ for example all my about:config options are done via a customized all-openSUSE.js file.

I’m not clear on what you’re trying to do but my personal SOP is to…

Start your script as your normal User, particularly if it’s in the security context of your logged in User (if another user you can sudo to the other User for executing the script in that User’s security context).
Store the script’s results in variables.
Then sudo or su to root and execute your “master script” and as necessary retrieve values from the variables.

It generally makes more sense to increase your security context as your flow proceeds, rather than escalating and de-escalating security contexts…

HTH,
TSU

Thank you for tour answer which is interesting.
But does not answer my question.

My question is more general.
My question is not limited to firefox.
Any way thank you for helping.

That just open a terminal in the current ‘firefox profile’ ( should be a new profile created before ).

I don’t think that can help me to create a new profile for a new user within my running script.

Any way thank you for helping

> If you use “su -” to get a root shell, then those variables are passed

**exec su - -c** "${0} ${CMDLN_ARGS}"  --> Create a new profile for **user ROOT**
**exec su root -c** "${0} ${CMDLN_ARGS}"  --> Create a new profile for **user 'user_install'**

USER : user_install

ID : 0

CUR_USER = root

running : 25-2_create_profile_firefox
Running Firefox as root in a regular user’s session is not supported. ($XDG_RUNTIME_DIR is /run/user/1000 which is owned by user_install.)

Same message with :

**exec su -c** "${0} ${CMDLN_ARGS}"

It seems that there is no other solution than mine posted in my question ?

Any help is comment/welcome

Hi
Why not switch to the user to create what ever your doing with your scripts, or why not use profile.d to run them when the user logs in?

I think you’ll need to re-phrase your question if you’re looking for a specific answer to a specific situation.

My answer suggested two ways to execute your script as a normal User…

  • Start running your script as the logged in User
  • Sudo to the User in your script.

TSU

Because this script is use to configure with one-click, any new computer with a minimal common config for everybody.
This script is run from an usb stick and started with sudo because i am updating some files in /etc, /var, /usr and in ‘/home/INST’ (myself) and in ‘/home/some_new_user’ for the future new user.
During the execution some task must be run for myself, and for the future user of this new computer.
So the script is run as root and from time to time some task are run under these two user accounts.
These tasks are run only once.

Any comment is welcome

I found this on stackoverflow.com

SUB_CMD=$( printf '%q ’ “$SRC_DIR/25-2_create_profile_firefox” ‘user_install’ )
CMD=“runuser -l user_install -c “$SUB_CMD””


That helps me to pass correctly the parameters when using runuser.

Any comments are welcome