I am desperately trying to use Node-Red to shutdown or restart my Debian system.
Was trying to use the exec node with the command: sudo shutdown now
And even though I used sudo visudo to add the permission to run this command without password, it doesn't run successfully.
Node-Red always tells me it's missing the rights for this command to execute.
tried both variants:
'user_name ALL=(ALL) NOPASSWD: /sbin/poweroff, /sbin/reboot, /sbin/shutdown'
or
'ALL ALL=(ALL) NOPASSWD: /sbin/poweroff, /sbin/reboot, /sbin/shutdown'
As it's a Debian system I used the convenient script to install Node-Red under my user account, no root account. ps axu tells me the systemd of Node-Red is running under my username.
Maybe the underlying node.js is running as a different users process and that's why it's not being granted the privileges to run the shutdown command?
Node-Red error message:
"sudo: no tty present and no askpass program specified"
Tried to run sudo -S shutdown now and this looked good at first, but then the process just waits forever for the password from stdin... process owner is root in this case... should be the normal user right?
I hope someone here knows how to just simply shutdown the local machine when a certain flow is triggered. Can't believe nobody ever has had this issue before.
Hope you guys can shed some light and help me with my problem.
Thanks for your help.
Used your node, even though it's no different from mine and I tried it on both my debian server and the Raspberry Pi (debian system as well).
The weird thing is, it's working fine with the Raspberry Pi but refuses to work with the native debian server.
EDIT: No docker container, just plain native installed through the Node-Red install script for debian.
Weird, but which shutdown returns nothing on the debian machine...
newbow@Debian:~$ which shutdown
newbow@Debian:~$
If I try this same on the RPi it gives me the path to the command:
pi@raspberrypi:~ $ which shutdown
/usr/sbin/shutdown
pi@raspberrypi:~ $
There is somthing fishy about that I think.
Anyhow, here is the /etc/sudoes file of the debian server:
#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL:ALL) ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
# See sudoers(5) for more information on "#include" directives:
# includedir /etc/sudoers.d
This is the additional file in /etc/sudoers.d/shutdown :
I was trying different variants, that's why there are things commented out.
# User newbow is allowed to execute halt and reboot without password
# newbow ALL=(ALL) NOPASSWD: usr/sbin/poweroff, usr/sbin/reboot, usr/sbin/shutdown
newbow ALL=(ALL) NOPASSWD: ALL
No I did not use visudo. I am not touching the /etc/sudoers file itself.
I read that you're supposed to create a file in /etc/sudoers.d/ instead, which I did.
This file contains my deviating permissions (see post above, were I answered Colin).
Hmm, I only ever use visudo, that file/those files are too easy to mess up. On my old Pi servers, I just always allowed every command to be run without a password. But now I've moved to a better server, I have also improved security and only allow certain commands with certain parameters. So the list runs to multiple lines. I didn't really need to but it is good discipline and good learning.
That's the point here, I also just want to allow the shutdown, nothing more. Security is important for me as well. But visudo only allows to edit the /etc/sudoers file. The thing is though, that I always read you're not supposed to edit the file directly but create a file in /etc/sudoers.d/ with 0440 permission and define your alternate rules there.
If you run sudo shutdown -h now in a terminal, as the node-red user does it ask for the password?
I too have never used the sudoers.d files, nor have I seen any recommendations to do that.
Do that first. Get it working and then move the working code to /etc/sudoers.d/.
I never shut down my server unless I absolutely have to. I certainly don't want to allow that from Node-RED. However, the other sudo-based commands I listed work fine without a password and I've certainly done it on a Pi.
If my other suggestions aren't working, I suggest that you use the newer systemctl poweroff and systemctl reboot commands instead. These are probably better anyway.
