Exec node as root?

Good morning,
forgive google translator.
What is the correct way to run a command as root via the exec node?

I have a Raspberry Pi and I want it to execute "sudo shutdown now" by pressing the physical button, pin value = 0.

Thanks.

Usually sudo /sbin/shutdown now works on the pi in an exec node. I suspect you forgot that you need full paths inside an exec node.

If it doesn't:
sudo visudo
// add after the last line of the file (#includedir /etc/sudoers.d):
pi ALL=(ALL) NOPASSWD:ALL
// use your default username instead of pi.

2 Likes

Please don't do that if you ever want to expose Node-RED or any other service on the Pi to the Internet.

You can specify certain commands to be run without a password rather than everything, that is a lot more secure.

Here is an example:

pi ALL=(ALL) NOPASSWD:/usr/bin/apt update, /usr/bin/apt upgrade, \
                      /usr/bin/systemctl status *.service, \
                      /usr/bin/systemctl restart nrmain, \
                      /usr/bin/du -sh /var/lib/influxdb/data/, \
                      /usr/bin/du -sh /var/lib/influxdb/* \
                      /usr/sbin/dumpe2fs *

Note that I run Node-RED under a service name called nrmain. Note the wildcards.

2 Likes

There's a node for this:
node-red-contrib-rpi-shutdown

Just my 2 cents :wink:

Might as well use an exec node as all the node does is wrap an exec call to sudo shutdown and sudo reboot.
On a standard raspberry pi os installation sudo doesn’t require the password and with nodered installed with the recommended script you can just do things like sudo shutdown -r now from an exec node node problem. If you changed it or use a distribution that requires the password for a sudo command the node will not work either.

2 Likes

But I'm pretty sure that unless the command you plan to run is in the .node-red directory you need to use the full path in the exec node command.

I haven't installed the latest Raspbian or PiOS, what ever they changed the name to, but the last one I did still had the pi ALL=(ALL) NOPASSWD:ALL

No not true for me. I can run it without no problem.

This is convenient but dangerous. But then if you are still using the pi user, you probably haven't changed the default password either!

Just remember that the Pi with Rasbian is set up for convenience in the classroom not for security. The default Pi configuration and indeed the default Node-RED configuration should NEVER be directly open to the Internet.

If the systemd service file running Node-RED is set up to use user pi as it should be, then Node-RED should get the pi users environment I believe.

Still, it is good practice to use absolute paths for things when running them from anywhere other than a terminal.

As a hint, the command whereis commandname will show you where a command actually exists.

2 Likes

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.