Google Git
Sign in
gerrit / gerrit / 8002ecf05dd3e2cd9489b9631e36fd164c90fc6a / . / Documentation / cmd-suexec.txt
blob: 9808edcb0887f3727f2772791569c1ff3cb0a2cc [file] [log] [blame]
Yuxuan 'fishy' Wang61698b12013-12-20 12:55:51 -0800[diff] [blame]1= suexec
Nasser Grainawi21f8fb42010-04-14 16:55:18 -0600[diff] [blame]2
Yuxuan 'fishy' Wang61698b12013-12-20 12:55:51 -0800[diff] [blame]3== NAME
David Shevitzc47f2362018-09-27 10:55:35 -0700[diff] [blame]4suexec - Execute a command as any registered user account.
Nasser Grainawi21f8fb42010-04-14 16:55:18 -0600[diff] [blame]5
Yuxuan 'fishy' Wang61698b12013-12-20 12:55:51 -0800[diff] [blame]6== SYNOPSIS
Michael Ochmanne2d76a12016-06-23 17:07:37 +0200[diff] [blame]7[verse]
Yuxuan 'fishy' Wangd85b6872013-11-15 11:47:46 -0800[diff] [blame]8--
Michael Ochmanne2d76a12016-06-23 17:07:37 +0200[diff] [blame]9_ssh_ -p <port>
Shawn O. Pearce47769242011-06-14 16:40:48 -0700[diff] [blame]10 -i SITE_PATH/etc/ssh_host_rsa_key
Michael Ochmanne2d76a12016-06-23 17:07:37 +0200[diff] [blame]11 "Gerrit Code Review@localhost"
12 _suexec_
Shawn O. Pearce47769242011-06-14 16:40:48 -0700[diff] [blame]13 --as <EMAIL>
14 [--from HOST:PORT]
15 [--]
16 [COMMAND]
Yuxuan 'fishy' Wangd85b6872013-11-15 11:47:46 -0800[diff] [blame]17--
Nasser Grainawi21f8fb42010-04-14 16:55:18 -0600[diff] [blame]18
Yuxuan 'fishy' Wang61698b12013-12-20 12:55:51 -0800[diff] [blame]19== DESCRIPTION
Shawn Pearce08ae5772013-06-11 13:47:21 -0700[diff] [blame]20The suexec command permits executing any other command as any other
Shawn O. Pearce47769242011-06-14 16:40:48 -0700[diff] [blame]21registered user account.
Nasser Grainawi21f8fb42010-04-14 16:55:18 -0600[diff] [blame]22
Shawn Pearce08ae5772013-06-11 13:47:21 -0700[diff] [blame]23suexec can only be invoked by the magic user `Gerrit Code Review`,
24or any user granted granted the link:access-control.html#capability_runAs[Run As]
25capability. The run as capability is permitted to be used only if
26link:config-gerrit.html[auth.enableRunAs] is true.
27
Yuxuan 'fishy' Wang61698b12013-12-20 12:55:51 -0800[diff] [blame]28== OPTIONS
Nasser Grainawi21f8fb42010-04-14 16:55:18 -0600[diff] [blame]29
Shawn O. Pearce47769242011-06-14 16:40:48 -0700[diff] [blame]30--as::
Nasser Grainawi21f8fb42010-04-14 16:55:18 -0600[diff] [blame]31 Email address of the user you want to impersonate.
Shawn O. Pearce47769242011-06-14 16:40:48 -0700[diff] [blame]32
33--from::
34 Hostname and port of the machine you want to impersonate
35 the command coming from.
36
Nasser Grainawi21f8fb42010-04-14 16:55:18 -0600[diff] [blame]37COMMAND::
38 Gerrit command you want to run.
39
Yuxuan 'fishy' Wang61698b12013-12-20 12:55:51 -0800[diff] [blame]40== ACCESS
Shawn O. Pearce47769242011-06-14 16:40:48 -0700[diff] [blame]41Caller must be the magic user Gerrit Code Review using the SSH
Shawn Pearce08ae5772013-06-11 13:47:21 -0700[diff] [blame]42daemon's host key, or a key on this daemon's peer host key ring,
43or a user granted the Run As capability.
Nasser Grainawi21f8fb42010-04-14 16:55:18 -0600[diff] [blame]44
Yuxuan 'fishy' Wang61698b12013-12-20 12:55:51 -0800[diff] [blame]45== SCRIPTING
Nasser Grainawi21f8fb42010-04-14 16:55:18 -0600[diff] [blame]46This command is intended to be used in scripts.
47
Yuxuan 'fishy' Wang61698b12013-12-20 12:55:51 -0800[diff] [blame]48== EXAMPLES
Nasser Grainawi21f8fb42010-04-14 16:55:18 -0600[diff] [blame]49
50Approve the change with commit c0ff33 as "Verified +1" as user bob@example.com
Michael Ochmannb99feab2016-07-06 14:10:22 +0200[diff] [blame]51----
David Shevitzc47f2362018-09-27 10:55:35 -0700[diff] [blame]52$ sudo -u gerrit ssh -p 29418 \
53 -i site_path/etc/ssh_host_rsa_key \
54 "Gerrit Code Review@localhost" \
55 suexec \
56 --as bob@example.com \
57 -- \
58 gerrit approve --verified +1 c0ff33
Michael Ochmannb99feab2016-07-06 14:10:22 +0200[diff] [blame]59----
Nasser Grainawi21f8fb42010-04-14 16:55:18 -0600[diff] [blame]60
61GERRIT
62------
63Part of link:index.html[Gerrit Code Review]
Yuxuan 'fishy' Wang99cb68d2013-10-31 17:26:00 -0700[diff] [blame]64
65SEARCHBOX
66---------