Distro
Posts: 7
Joined: Wed Apr 29, 2015 9:13 am

Executing root commands from java

Wed May 06, 2015 10:47 am

Hi everyone!

I am developing a project in which a webservice published in a TomCat server (axis2 plugin) is used, and, when it is consumed should reboot the RPi. Here the code of the command used for rebooting:

Code: Select all

java.lang.Runtime.getRuntime().exec("sudo reboot");
In the sudoers document I have allowed the Pi user for calling admin commands without any password requeriment.

Code: Select all

pi ALL=(ALL) NOPASSWD:ALL
I don't know why, but when I consume the webservice, it executes properly, but is not able to reboot.

The same thing when I try to modify "interfaces", it fails to change network settings.

I have tried it in Ubuntu and it work fine, so I think it must be a problem refered to the RPi's configuration.

Please, anyone could help me?
Many thanks.

ghans
Posts: 7882
Joined: Mon Dec 12, 2011 8:30 pm
Location: Germany

Re: Executing root commands from java

Wed May 06, 2015 11:18 am

I doubt that Tomcat runs as user "pi". I recommend to read the sudo documentation and carefully only enable the "reboot" command
for the user your webservice runs as.

ghans
• Don't like the board ? Missing features ? Change to the prosilver theme ! You can find it in your settings.
• Don't like to search the forum BEFORE posting 'cos it's useless ? Try googling : yoursearchtermshere site:raspberrypi.org

Distro
Posts: 7
Joined: Wed Apr 29, 2015 9:13 am

Re: Executing root commands from java

Wed May 06, 2015 1:27 pm

Dear ghans,

You are right. The problem related to the reboot command is solved.

Tomcat7 (our version) runs as a user called tomcat7. With just adding this line to the "interfaces" archive
tomcat7 user is allowed to use all the root commands.

Code: Select all

tomcat7 ALL=(ALL) NOPASSWD:ALL
Thank you very much for your help.

ghans
Posts: 7882
Joined: Mon Dec 12, 2011 8:30 pm
Location: Germany

Re: Executing root commands from java

Mon May 11, 2015 10:18 am

Please consider restricting the tomcat7 user to the two necessary commands instead giving it passwordless root privs !

http://askubuntu.com/questions/159007/h ... a-password

Start with good security practices today.

ghans
• Don't like the board ? Missing features ? Change to the prosilver theme ! You can find it in your settings.
• Don't like to search the forum BEFORE posting 'cos it's useless ? Try googling : yoursearchtermshere site:raspberrypi.org

Distro
Posts: 7
Joined: Wed Apr 29, 2015 9:13 am

Re: Executing root commands from java

Mon May 11, 2015 10:26 am

Hi Ghans,

I only gave permission to execute the reboot function without asking for password. As you say, I thought it
would be better if that user only has a limited amount of no-password root commands.

Best regards. Thanks!

User avatar
joan
Posts: 14959
Joined: Thu Jul 05, 2012 5:09 pm
Location: UK

Re: Executing root commands from java

Mon May 11, 2015 10:29 am

Your earlier post shows tomcat7 being granted total access which is very dangerous. A casual reader may think this is a sensible solution so your earlier post may be misleading.

Distro
Posts: 7
Joined: Wed Apr 29, 2015 9:13 am

Re: Executing root commands from java

Mon May 11, 2015 10:44 am

So, this is how I gave permissions to tomcat7 user (the user which apache TomCat 7 server runs on to execute a root command without being asked for the root password:

Editing "sudoers" document with the most secure method: typing the following command on the terminal => visudo

Code: Select all

Cmnd_Alias REBOOT_CMDS = /sbin/reboot

Code: Select all

tomcat7 ALL=(ALL) NOPASSWD: REBOOT_CMDS
I hope it fits everyone,

Regards.

Return to “Java”