Application processes in root360 environments are run as the Unix-user |
Application processes in root360 environments are run as the Unix-user www-data
. Likewise, all application files (such as the files in your apache or nginx document roots) are owned by www-data
.
To run a command as this user, use
sudo -u www-data command
As an example: to list the currently installed cronjobs on an application instance, you can use
sudo -u www-data crontab -l
Here is a more interesting example, an rsync command that copies data from <local-source-path>
to /mnt/nfs/<destination-path>
on a root360 natgw so that the resulting files are owned by www-data
instead of your project user <project-user>
:
rsync -rv --rsync-path 'sudo -n -u www-data rsync' <local-source-path> <project-user>@<natgw-ip-destination>:/mnt/nfs/<destination-path>
To get even more complex, this command below copies from a local instance to an instance behind a root360 natgw, which is useful to copy data owned by www-data
between application instances of your prod and test/stage environments. Take care to use ssh -A
to connect to the source instance so that it can access your private key which it needs to connect to the other natgw.
$ rsync -rv --rsync-path 'sudo -n -u www-data rsync' -e 'ssh -J <remote-project-user>@<remote-bastion-host-ip>' <local-source-path> <remote-project-user>@<remote-application-instance-ip>:<destination-path>
www-data does not have its own home directory. When you call commands with sudo -u www-data
, you inherit $HOME
from the calling user. In some cases you may want to manually set $HOME:
project-user $ HOME=/tmp/home; sudo -u www-data echo $HOME /tmp/home |
Pick one level and also add as tag to page
INTERMEDIATE