jrochkind
commented
4 years ago I believe this isn't special to TTY::Command, it would be the same if you used the built-into ruby constructs like system.
It's just about permissions on unix. You need to figure out a way to set up your permissions so whatever process the ruby app is running under has permission to execute the the command you want. (It's not about "the controller", it's the unix account the whole process the ruby app, perhaps a Rails app, is running under).
This is a sysadmin task that is outside the scope of TTY::Command to do anything about or support. But you may want to look into the /etc/sudoers file on linux. https://www.hostinger.com/tutorials/sudo-and-the-sudoers-file/ . There may be other better solutions as well.
I am running the following command in my controller, doing an IP lookup to get ASN and other details to determine whether to add to IPTABLES as a DROP. The goal is to dynamically populate the IP address. Here's my code so far testing with a statically defined IP
cmd = TTY::Command.new cmd.run('iptables -A INPUT -s 77.111.246.10 -j DROP', user: 'root')
I am getting the following error. It appears IPTABLES want the controller to be set as root. Is there a way to define root user with password to get around this?
TTY::Command::ExitError (Running
sudo -u root -- sh -c 'iptables -A INPUT -s 77.111.246.10 -j DROP'failed with exit status: 1 stdout: Nothing writtenWithout user defined in the command I get an exit status: 3
Perhaps the rails 5 app is using a different user and therein lies the rub.
Would appreciate any help as we are trying to automate bans of certain IPs vs dealing with it manually.
Thank you for any feedback.