Shutdown Computer with Node-Red

Hi there,

I am desperately trying to use Node-Red to shutdown or restart my Debian system.
Was trying to use the exec node with the command: sudo shutdown now
And even though I used sudo visudo to add the permission to run this command without password, it doesn't run successfully.
Node-Red always tells me it's missing the rights for this command to execute.

tried both variants:
'user_name ALL=(ALL) NOPASSWD: /sbin/poweroff, /sbin/reboot, /sbin/shutdown'
or
'ALL ALL=(ALL) NOPASSWD: /sbin/poweroff, /sbin/reboot, /sbin/shutdown'

As it's a Debian system I used the convenient script to install Node-Red under my user account, no root account.
ps axu tells me the systemd of Node-Red is running under my username.
Maybe the underlying node.js is running as a different users process and that's why it's not being granted the privileges to run the shutdown command?

Node-Red error message:

"sudo: no tty present and no askpass program specified"

Tried to run sudo -S shutdown now and this looked good at first, but then the process just waits forever for the password from stdin... process owner is root in this case... should be the normal user right?

I hope someone here knows how to just simply shutdown the local machine when a certain flow is triggered. Can't believe nobody ever has had this issue before.

Hope you guys can shed some light and help me with my problem.

Thanks!
Newbow

That's weird.

I use the exec node to shut down my RasPies.

Though not Debian they are of the same stock.

This is the exec node.

[{"id":"7a2fa446.881fb4","type":"exec","z":"45b9510b.47e11","command":"sudo shutdown -h now","addpay":false,"append":"","useSpawn":"false","timer":"","oldrc":false,"name":"Shut down","x":870,"y":208,"wires":[[],[],["4585d71e.2c0468"]]}]

Just send a message into it and the machine shuts down.

1 Like

On my debian system:

home@home:~$ whereis shutdown
shutdown: /usr/sbin/shutdown /usr/share/man/man8/shutdown.8.gz /usr/share/man/man2/shutdown.2.gz

/usr/sbin/shutdown not /sbin/shutdown

2 Likes

Thanks for your help.
Used your node, even though it's no different from mine and I tried it on both my debian server and the Raspberry Pi (debian system as well).
The weird thing is, it's working fine with the Raspberry Pi but refuses to work with the native debian server.

I am not sure what's going on here ¯_(ツ) _/¯

Thanks,

changed that in the /etc/sudoes.d/shutdown file but no change whatsoever.
Even tried to execute the full path to the command, but no luck.

Are you running in Docker or maybe some other container?

What does
which shutdown
show?

Copy/paste the full contents of /etc/sudoers and all files in /etc/sudoers.d

1 Like

Did you use visudo to make the change?

1 Like

EDIT: No docker container, just plain native installed through the Node-Red install script for debian.

Weird, but which shutdown returns nothing on the debian machine...

newbow@Debian:~$ which shutdown
newbow@Debian:~$

If I try this same on the RPi it gives me the path to the command:

pi@raspberrypi:~ $ which shutdown
/usr/sbin/shutdown
pi@raspberrypi:~ $

There is somthing fishy about that I think.

Anyhow, here is the /etc/sudoes file of the debian server:

#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults        env_reset
Defaults        mail_badpass
Defaults        secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root    ALL=(ALL:ALL) ALL

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

# See sudoers(5) for more information on "#include" directives:

# includedir /etc/sudoers.d

This is the additional file in /etc/sudoers.d/shutdown :
I was trying different variants, that's why there are things commented out.

# User newbow is allowed to execute halt and reboot without password
# newbow ALL=(ALL) NOPASSWD: usr/sbin/poweroff, usr/sbin/reboot, usr/sbin/shutdown
newbow ALL=(ALL) NOPASSWD: ALL

No I did not use visudo. I am not touching the /etc/sudoers file itself.
I read that you're supposed to create a file in /etc/sudoers.d/ instead, which I did.
This file contains my deviating permissions (see post above, were I answered Colin).

Hmm, I only ever use visudo, that file/those files are too easy to mess up. On my old Pi servers, I just always allowed every command to be run without a password. But now I've moved to a better server, I have also improved security and only allow certain commands with certain parameters. So the list runs to multiple lines. I didn't really need to but it is good discipline and good learning.

Same for me. Use whereis instead.

No. I'm using Debian Buster on an old Lenovo laptop for my home server.


That is what I have and it is working fine. The home user runs Node-RED on bootup and the listed commands work fine from within Node-RED.

That's the point here, I also just want to allow the shutdown, nothing more. Security is important for me as well. But visudo only allows to edit the /etc/sudoers file. The thing is though, that I always read you're not supposed to edit the file directly but create a file in /etc/sudoers.d/ with 0440 permission and define your alternate rules there.

How did you install NR? Using the script, or manual install via npm?

Did you try to shut it down with Node-Red? Does is work?

Damn I really don't like to reinstall and setup my server again to get this working, but this seems like the only option here...

If you run sudo shutdown -h now in a terminal, as the node-red user does it ask for the password?
I too have never used the sudoers.d files, nor have I seen any recommendations to do that.

Do that first. Get it working and then move the working code to /etc/sudoers.d/.

I never shut down my server unless I absolutely have to. I certainly don't want to allow that from Node-RED. However, the other sudo-based commands I listed work fine without a password and I've certainly done it on a Pi.

If my other suggestions aren't working, I suggest that you use the newer systemctl poweroff and systemctl reboot commands instead. These are probably better anyway.