Run a ruby block as another user?


#1

Hi list,

I’m using the ruby_block resource to write the contents of a secure databag
item into /home/deploy/.ssh (a private key). Problem is, that directory has
restricted permissions, and the key is not saved. Here’s the code I’m using:

ruby_block “write_key” do
block do
require 'fileutils’
f = ::File.open("/home/deploy/.ssh/id_deploy",“w”)
f.print(secrets[“deploy_key”])
f.close
FileUtils.chown(“deploy”,“deploy”,"/home/deploy/.ssh/id_deploy")
end
not_if do ::File.exists?("/home/deploy/.ssh/id_deploy"); end
end

Is there a way to tell ruby_block to run as another user? Or is there a
better way to do that?

Thanks!

  • Marcelo.

#2

I’m surely missing something, but I got to ask: have you considered this?

file “/home/deploy/.ssh/id_deploy” do
content secrets[“deploy_key”]
owner "deploy"
group "deploy"
end

On Thu, Nov 22, 2012 at 11:13 PM, Marcelo de Moraes Serpa <
celoserpa@gmail.com> wrote:

Hi list,

I’m using the ruby_block resource to write the contents of a secure
databag item into /home/deploy/.ssh (a private key). Problem is, that
directory has restricted permissions, and the key is not saved. Here’s the
code I’m using:

ruby_block “write_key” do
block do
require 'fileutils’
f = ::File.open("/home/deploy/.ssh/id_deploy",“w”)
f.print(secrets[“deploy_key”])
f.close
FileUtils.chown(“deploy”,“deploy”,"/home/deploy/.ssh/id_deploy")
end
not_if do ::File.exists?("/home/deploy/.ssh/id_deploy"); end
end

Is there a way to tell ruby_block to run as another user? Or is there a
better way to do that?

Thanks!

  • Marcelo.

#3

OK, got it solved. The path was wrong :confused: My fault. Andrea, thanks for the
snippet, this is much simpler and does the exact same thing!

Cheers,

  • Marcelo.

On Thu, Nov 22, 2012 at 4:18 PM, Andrea Campi
andrea.campi@zephirworks.comwrote:

I’m surely missing something, but I got to ask: have you considered this?

file “/home/deploy/.ssh/id_deploy” do
content secrets[“deploy_key”]
owner "deploy"
group "deploy"
end

On Thu, Nov 22, 2012 at 11:13 PM, Marcelo de Moraes Serpa <
celoserpa@gmail.com> wrote:

Hi list,

I’m using the ruby_block resource to write the contents of a secure
databag item into /home/deploy/.ssh (a private key). Problem is, that
directory has restricted permissions, and the key is not saved. Here’s the
code I’m using:

ruby_block “write_key” do
block do
require 'fileutils’
f = ::File.open("/home/deploy/.ssh/id_deploy",“w”)
f.print(secrets[“deploy_key”])
f.close
FileUtils.chown(“deploy”,“deploy”,"/home/deploy/.ssh/id_deploy")
end
not_if do ::File.exists?("/home/deploy/.ssh/id_deploy"); end
end

Is there a way to tell ruby_block to run as another user? Or is there a
better way to do that?

Thanks!

  • Marcelo.