Reputation: 11464
Change the default user and group from root to something attribute-driven in Chef
I'm using chef-solo with vagrant
Chef defaults to root for everything. I want to only use root for a couple of things but use a functional user for everything else.
I'm basically installing a few of packages to standard locations (should be done as root). And, then I'm compiling a bunch of stuff to a non-standard location. I want this entire tree to be owned by non-root user/group. Can I set the default user/group to an attribute?
More broadly, why does chef want to act as root and why is changing the default user to non-root not a more common request?
Specifically, the bash resource can take a user but this is not a full login of the user. So, the home dir is still root's home dir (which the user can not write to), the group of files created is still root. So,
bash "foo" do
user node[:globals][:username]
code <<-EOH
# do stuff
EOH
end
do stuff is not a full login as user.
This question is related to https://serverfault.com/questions/402881/execute-as-vagrant-user-not-root-with-chef-solo and the bug mentioned there that is a won't fix: http://tickets.opscode.com/browse/CHEF-1523 I guess I need to look closer, maybe at the environment attribute to execute: http://wiki.opscode.com/display/chef/Resources#Resources-Execute
Upvotes: 0
Views: 2688
Answers (1)
Reputation: 1646
Most chef resources take a user (or owner) and group attributes to change the default. You can create the directory, setting the owner, group and mode to anything, you can execute (compile?) as a non-root user.
Check the resources your using for these attributes. It's possible to store usernames in attributes or environments and then use those values in your recipe resource blocks as the user to run commands or create resources as.
A good reference for default resources: https://docs.chef.io/resource_directory.html
ie
directory '/tmp/what?' do
owner node[:username]
group node[:group]
mode 00755
end
or
execute 'gcc somefile.cc' do
user node[:user]
group node[:group]
end
If there's a specific action you can't figure out, point it out.
Upvotes: 1
Related Questions
- Chef: How do I override default attributes in roles?
- Chef role and environment default_attributes not accessible
- Run the chef-client as non root user
- How to override default attributes in Chef using roles
- Multi-VM Vagrantfile with shared chef settings but different roles
- Test Kitchen - How can I pass the local user login in as a Chef attribute?
- Overriding Chef Attributes In Role File
- Chef: How to use different OS default users based on environment (Vagrant, EC2)?
- How to override "not default" attribute by vagrant with chef-solo?
- Vagrant requires attributes in roles.json that break existing Chef project