How to run commands as root on AWS instances? - amazon-web-services

I have a AWS instances but I can't login as root, just can login with my account. What are the command I can use to edit root's files?

as said above it is best to use sudo or
$ sudo su root
but, if you really like to login as root, open
$ /etc/ssh/sshd_config
and set PermitRootLogin to true
then you can login to the instance as root.
(also restart ssh daemon, # systemctl reload sshd)

If you need to run a command as root, you must prefix the command with sudo. Like,
sudo <command>

The best way is to use sudo with the user you got, like ec2-user, ubuntu, centos etc.
sudo command_you_would_like_to_run

Related

Where do I put `.aws/credentials` for Docker awslogs log-driver (and avoid NoCredentialProviders)?

The Docker awslogs documentation states:
the default AWS shared credentials file (~/.aws/credentials of the root user)
Yet if I copy my AWS credentials file there:
sudo bash -c 'mkdir -p $HOME/.aws; cp .aws/credentials $HOME/.aws/credentials'
... and then try to use the driver:
docker run --log-driver=awslogs --log-opt awslogs-group=neiltest-deleteme --rm hello-world
The result is still the dreaded error:
docker: Error response from daemon: failed to initialize logging driver: failed to create Cloudwatch log stream: NoCredentialProviders: no valid providers in chain. Deprecated.
For verbose messaging see aws.Config.CredentialsChainVerboseErrors.
Where does this file really need to go? Is it because the Docker daemon isn't running as root but rather some other user and, if so, how do I determine that user?
NOTE: I can work around this on systems using systemd by setting environment variables. But this doesn't work on Google CloudShell where the Docker daemon has been started by some other method.
Ah ha! I figured it out and tested this on Debian Linux (on my Chromebook w/ Linux VM and Google CloudShell):
The .aws folder must be in the root folder of the root user not in the $HOME folder!
Based on that I was able to successfully run the following:
pushd $HOME; sudo bash -c 'mkdir -p /.aws; cp .aws/* /.aws/'; popd
docker run --log-driver=awslogs --log-opt awslogs-region=us-east-1 --log-opt awslogs-group=neiltest-deleteme --rm hello-world
I initially figured this all out by looking at the Docker daemon's process information:
DOCKERD_PID=$(ps -A | grep dockerd | grep -Eo '[0-9]+' | head -n 1)
sudo cat /proc/$DOCKERD_PID/environ
The confusing bit is that Docker's documentation here is wrong:
the default AWS shared credentials file (~/.aws/credentials of the root user)
The true location is /.aws/credentials. I believe this is because the daemon starts before $HOME is actually defined since it's not running as a user process. So starting a shell as root will tell you a different story for tilde or $HOME:
sudo sh -c 'cd ~/; echo $PWD'
That outputs /root but using /root/.aws/credentials does not work!

GCE startup script: can't find $HOME after exporting in startup script

I am trying to run a GCE startup script that downloads all dependencies, clones a repository and runs a python program. Here is the code
#! /usr/bin/bash
apt-get update
apt-get -y install python3.7
apt-get -y install git
export HOME=/home/codingassignment
echo $HOME
cd $HOME
rm -rf sshlogin-counter/
git clone https://rutu2605:************#github.com/rutu2605/sshlogin-counter.git
nohup python3 -u ./sshlogin-counter/alphaclient.py > output.log 2>&1 &
When I run echo$HOME, it displays the path in the log file. However when I cd into it, it says directory not found
May 08 23:15:18 alphaclient google_metadata_script_runner[488]: startup-script: /home/codingassignment
May 08 23:15:18 alphaclient google_metadata_script_runner[488]: startup-script: /tmp/metadata-scripts701519516/startup-script: line 7: cd: /home/codingassignment: No such file or directory
That's because at the time when the script is executed, the /home/codingassignment directory doesn't exist yet. To quote the answer you referred to in the comment:
The startup script is executed as root when the user have been not created yet and no user is logged in
The user home directory for the codingassignment user is created later, when you try to login through SSH for example, if you're using the SSH button in Cloud Console or use the gcloud compute ssh command.
My suggestion:
a) Download the code to some "neutral" directory, like /assignment and set proper permissions for this folder so that the codingassignment user can access it later.
b) Try first creating the user with adduser - this might solve your problem. First create the user, then use su codingassignment to drop root permissions, if you don't need them when executing the script.

How to install AWS CLI for root user on Centos 7 - /usr/local/bin not in PATH for root user

When I install the AWS CLI for the root user on CENTOS 7, it installs it to /usr/local/bin as with other users. Problem is though, /usr/local/bin isn't in $PATH for the root user. At first I thought this was a bug in CENTOS, one that has been around for a very long time, but it's also possible its for reasons of security, I don't know.
What would be best practice then to install the AWS CLI for the root user?
To complement Chris'es answer, you can install the AWS CLI v2 in a folder visible to root, such as /usr/local/sbin as follows:
sudo yum install unzip
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install --bin-dir /usr/local/sbin
then confirm with:
aws --version
which should produce:
aws-cli/2.0.44 Python/3.7.3 Linux/3.10.0-1127.el7.x86_64 exe/x86_64.centos.7
This appears to a bug logged in CentOS since 2012 in CentOS 6 but as of yet has not been fixed.
Regarding running AWS CLI as root, you can still run it by running /usr/local/bin/aws although I get that this is not ideal. Additionally you should try to avoid running AWS CLI as root if possible, instead run it as a named user.
According to the documentation you can use either --bin-dir or -b to specify a different bin directory so you could check a path that both root and named users have in their $PATH variable.
What worked for me was
sudo ./aws/install --bin-dir /usr/bin

Password for ec2-user on AWS Cloud9

I am trying to run $ sudo su in the terminal of AWS Cloud9. I get prompted for the password for the ec2-user. Any ideas what this might be?
Might be worth noting that prior to coming up against this issue, when trying to yum install a package, I got 'packages excluded due to repository priority protections' so I ran yum erase yum-plugin-priorities as per https://serverfault.com/questions/312472/what-does-that-mean-packages-excluded-due-to-repository-priority-protections (I'm fairly sure I had to do that with sudo but wasn't prompted for the password).
First you need to set your password using command
$ sudo passwd ec2-user
Then you can use the new password where ever its required
I ran into the same problem which trying to install homebrew on my ec2#Cloud9 Env.
When requested for password, I didn't place any let the program wait for a while after which I could see the package homebrew got installed.
In the cloud9 (terminal) you have to change the users password with:
$ sudo passwd ec2-user
Changing password for user ec2-user.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
Use "sudo passwd root" or "sudo passwd"

-bash: createdb: command not found

I'm using a Mac and I already have installed PostgreSQL in my computer using the dmg provided by PostgreSQL (and not by Postgres.app).
I have installed it because I will go to use it with Django, and for to get the correct functionality with the framework, I had to do the next commands:
export PATH=/Library/PostgreSQL/9.5/bin/:"$PATH”
sudo ln -s /Library/PostgreSQL/9.5/lib/libssl.1.0.0.dylib /usr/lib
sudo ln -s /Library/PostgreSQL/9.5/lib/libcrypto.1.0.0.dylib /usr/lib
$ sudo mv /usr/lib/libpq.5.dylib /usr/lib/libpq.5.dylib.old
$ sudo ln -s /Library/PostgreSQL/9.5/lib/libpq.5.dylib /usr/lib
Then I executed the command:
./manage.py migrate
Getting at the terminal a message like this:
And knowing that I needed to create a user "erikb" in PostgreSQL.
I can enter in terminal the command:
sudo su - postgres
To enter to PostgreSQL, but when I wanted to create a DB o a new user, it sent me the next error: -bash: createuser: command not found
Does anyone know which could be the problem?
Regards.
You set the PATH variable in your user account, and then you su'd to a different user. That user does not inherit your environment, including your path.
You need to set the environment for that user, or else use the full path to the createdb command.
export PATH=/Library/PostgreSQL/9.5/bin/:$PATH
createdb erikb