Reputation: 1962
inspec run a single control as sudo
I am using inspec to verify some AMIs that I am building, and in the main I want the controls in the profile to run as a normal user so I can test as a standard user would see things.
However there area couple of controls that I want to run as root (sudo) to check things like services.
I know I can pass --sudo to the exec command but that runs the whole profile as sudo. Is it possible to elevate a single control? (you would use become in Ansible). Or do I need to write two profiles and execute them independantly?
Upvotes: 2
Views: 1009
Answers (2)
Reputation: 1
You can use below method to run sudo commands remotely via chef inspec:
history_file = ssh -o StrictHostKeyChecking=no -tt #{input('host')} sudo find / -name '.mysql_history'.strip
file_check = ssh -o StrictHostKeyChecking=no -tt #{input('host')} sudo ls -l #{history_file}.strip
Upvotes: 0
Reputation: 506
hmm, if its just a single control couldn't you just use su -l USERNAME -c COMMAND and capture the output? Might not be ideal to use the command resource, but this would give you access to the users' environment. i.e.:
root@machine:~# su -l ubuntu -c env
Upvotes: 1
Related Questions
- How to write a Chef Inspec test for the Chef Infra 'sudo' resource?
- Possible to use Chef variables within Inspec?
- How create context with InSpec?
- Running a command as a specific user in Test Kitchen
- Run the chef-client as non root user
- Can't run Chef as root
- Run sudo commands in Chef resource block
- how to run chef resource as certain user
- Specify Chef run list
- Need to run a Custom chef recipe to be run with sudo priviliges