0

I am trying to start a shell script using SSH operator in Apache Airflow with SSH operator defined like this:

task1= SSHOperator(
    ssh_conn_id="ssh_dev_conn",
    command=t1_ssh,
    task_id="task1",
    dag=dag
)

Command is defined like this:
t1_ssh = """
sudo su - db_user
echo whoami
/home/scripts/script1.sh
"""

According to user permissions only db_user is allowed to start this script, so I am trying to login with that user and with next command I am trying to run the script but I am getting permission denied error message. Echo whoami is returning different user, not db_user, and conclusion is that SSH operator makes new connection for every command so I need to find out how to login with db_user and then run the script in the next command?

First I want to ask is, is it possible with BashOperator instead SSH operator? But I need to establish SSH connection to ssh_dev_conn...

If BashOperator is not solution, is there any way to log as db_user in Linux which has permission to run scripts, and then run script with other command?

Following one-line is not solution because of administration rules: sudo -u db_user /home/scripts/script1.sh

I need solutions for Airflow and Airflow v2. I found example on Airflow: How to SSH and run BashOperator from a different server but it doesn't include sudo command with other user, and it shows example of simple command which works fine, but not for my example.

Olaf Kock
  • 46,930
  • 8
  • 59
  • 90
punky
  • 125
  • 2
  • 12
  • Remember, shell commands run one at a time. And when `sudo su - db_user` has exited, you're no longer `db_user` but instead are back to your original user account. – Charles Duffy May 10 '22 at 16:17
  • What you probably want here is something like a heredoc. `sudo -u db-user -i <<'EOF'`, then `whoami` and `/home/scripts/script1.sh`, then your `EOF`. That way the `whoami` and the `/home/scripts/script1.sh` are stdin to the shell running as `db-user` started by `sudo`. (There's no good reason to use `su` here at all). – Charles Duffy May 10 '22 at 16:18
  • Tried this solution from your second comment, but I am receiving following message: WARNING - We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. – punky May 11 '22 at 19:50
  • But it works with sudo su - db_user ... thank you for hint. It works for simple commands, but for line where I want to start script I am getting pemission denied error. I am getting same message when starting script without bash command in terminal, so I think adding bash before script path will solve problem... at least I hope. – punky May 11 '22 at 20:09
  • re: second comment, you _do_ need adequate permissions in `/etc/sudoers` for the usage mode to be allowed; the error message implies you don't have those permissions right now. – Charles Duffy May 11 '22 at 20:11

0 Answers0