'inspec run a single control as sudo
I am using inspec to verify some AMIs that I am building, and in the main I want the controls in the profile to run as a normal user so I can test as a standard user would see things.
However there area couple of controls that I want to run as root (sudo) to check things like services.
I know I can pass --sudo to the exec command but that runs the whole profile as sudo. Is it possible to elevate a single control? (you would use become in Ansible). Or do I need to write two profiles and execute them independantly?
Solution 1:[1]
hmm, if its just a single control couldn't you just use su -l USERNAME -c COMMAND and capture the output? Might not be ideal to use the command resource, but this would give you access to the users' environment. i.e.:
root@machine:~# su -l ubuntu -c env
Solution 2:[2]
You can use below method to run sudo commands remotely via chef inspec:
history_file = ssh -o StrictHostKeyChecking=no -tt #{input('host')} sudo find / -name '.mysql_history'.strip
file_check = ssh -o StrictHostKeyChecking=no -tt #{input('host')} sudo ls -l #{history_file}.strip
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | shaftdiesel |
| Solution 2 | Jeremy Caney |