You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have acme.sh running as a service user (svc_acme). Sometimes I like to switch to that user to check on it, but I am currently forced to unset SUDO_USER before using acme.sh. Do we want to give the warning when userA runs acme.sh as userB?
use case
switch to service user
[john@example.dev]$ sudo su svc_acme --shell /usr/bin/bash
fail to list certificates
[svc_acme@example.dev]$ acme.sh --list
It seems that you are using sudo, please read this link first:
https://github.com/acmesh-official/acme.sh/wiki/sudo
The wiki page says that "Remember: Using sudo is not recommended" but I feel like this should be a responsible way to use acme.sh. I can give the acme user the ability to create any certificates I need, and then use file permissions to allow services access to only the certs they need. IE:
[svc_acme@cent john]$ acme.sh --upgrade
It seems that you are using sudo, please read this link first:
https://github.com/acmesh-official/acme.sh/wiki/sudo
[svc_acme@cent john]$ unset SUDO_USER
[svc_acme@cent john]$ acme.sh --version
v2.8.6
[svc_acme@cent john]$ acme.sh --upgrade
[Tue Dec 1 11:35:10 EST 2020] Installing from online archive.
[Tue Dec 1 11:35:10 EST 2020] Downloading https://github.com/acmesh-official/acme.sh/archive/master.tar.gz
[Tue Dec 1 11:35:11 EST 2020] Extracting master.tar.gz
[Tue Dec 1 11:35:11 EST 2020] Installing to /home/svc_acme/.acme.sh
[Tue Dec 1 11:35:11 EST 2020] Installed to /home/svc_acme/.acme.sh/acme.sh
[Tue Dec 1 11:35:11 EST 2020] Good, bash is found, so change the shebang to use bash as preferred.
[Tue Dec 1 11:35:12 EST 2020] OK
[Tue Dec 1 11:35:12 EST 2020] Install success!
[Tue Dec 1 11:35:12 EST 2020] Upgrade success!
[svc_acme@cent john]$ acme.sh --version
https://github.com/acmesh-official/acme.sh
v2.8.8
[svc_acme@cent john]$ exit
exit
➜ ~ sudo su svc_acme --shell /usr/bin/bash
[svc_acme@cent john]$ acme.sh --version
https://github.com/acmesh-official/acme.sh
v2.8.8
[svc_acme@cent john]$ acme.sh --upgrade
[Tue Dec 1 11:35:55 EST 2020] Already uptodate!
[Tue Dec 1 11:35:55 EST 2020] Upgrade success!
I have acme.sh running as a service user (svc_acme). Sometimes I like to switch to that user to check on it, but I am currently forced to unset SUDO_USER before using acme.sh. Do we want to give the warning when userA runs acme.sh as userB?
use case
switch to service user
fail to list certificates
sudo vars
sudo is not recommended
The wiki page says that "Remember: Using sudo is not recommended" but I feel like this should be a responsible way to use acme.sh. I can give the acme user the ability to create any certificates I need, and then use file permissions to allow services access to only the certs they need. IE:
The text was updated successfully, but these errors were encountered: