SchoofsKelvin
commented
2 years ago It's not easy, but it's possible:
- To access the file system as another user:
- Set
SFTP Sudoto<Default>(usessudo <command>) or a username (usessudo -u <username> <command>) - Enabling
SFTP Sudowill automatically setSFTP Commandto/usr/lib/openssh/sftp-serverif it isn't set - You can overwrite
SFTP Sudoto change the location ofsftp-serverif it isn't in that default location - When
SFTP Sudois active, the extension tries to detect `
- Set
- To run the terminal as another user:
- The
Terminal commanddefaults to$SHELL, but yoursudo su - usermight work too - You probably want to use
su -p -c "cdpwd; $SHELL"to keep the environment (-p) and working directory
- The
- To run tasks as another user:
- In the settings UI, change
Task commandin a similar way - Of course, you can change your task command to perform a
sudoitself
- In the settings UI, change
There's a special edge case that makes it that if SFTP Command starts with sudo, it'll strip the sudo part, e.g. sudo -u user command arg1 becomes command arg1, as the extension tries to auto-detect a potential [sudo] password for user: prompt and auto-answer it with the stored password or prompt you with one, since the SFTP "terminal" isn't visible and doesn't support user interaction. That might interfere with your sudo su, although just prefixing it with a space should make the extension ignore that special procedure.
You might be better off just configuring the extension to login as your target user. You can add the same key to the .ssh/authorized_keys of your target user in case you don't want to have a separate key. You can also use the SSH FS: Open remote SSH terminal or SSH FS: Add as Workspace folder command, select Create instant connection and enter user@configname to connect using an existing config configname but login as user instead, in case all this is just for not having extra configs. And ssh://user@configname/ is a valid URI for e.g. as a workspace folder, that works across restarts.
After a bit of experimenting, this Terminal command seemed to work:
# When the authenticated user has (Ba)sh as login shell
su test-user -lP -c "cd `pwd`;"'$SHELL'
# When the authenticated user has Fish as login shell
su test-user -lP -c "cd "(pwd)";"'$SHELL'Few notes:
- The command in
Terminal commandwill be run in the login shell of the same user as theUsernamefield - The
-loption is to start a login shell, which would reset the working directory, hence thecdbit - The
-Poption is to start a pseud-terminal, otherwise most shells won't actually properly work (since they require a TTY) - Since it's a login shell, environment variables are reset, including
$SHELLbeing the new user's login shell (which I run) - If you want to keep some environment variables:
- Replace
-lwith-w VAR1,VAR2,... - You can use
pif you replace$SHELLwith a hardcoded value instead of getting it from the login shell's environment - This technically wouldn't be a login shell anymore, if it matters. Some shells support
-lthough, e.g.bash -l
- Replace
rdsanchezdu
Hey there, I am trying to determine what are right combination of settings to use to connect via private key, but then work as
sudo su - user? When access the system manually, I just connect with the key, then entersudo su - userand go on about my business, but I have not been able to get that type of thing working with the plugin. Is this possible, or am I going in circles for no reason?Thanks, -MH