ssh and change group id

I am trying to ssh to a remote host but execute as a different group id on
that host.

We have multiple group id's at our site. Everyone's default group id is
user. Then for specific needs, we have group ids with limited users in
them. I have a process than I trying to run on a remote machine at a
specific group id. For instance, I would like to do the following

ssh myname@myhost myprog --display mydisplay:0 --myparam 5

But I want the program to run with mygroup as the group id and not the
user group.

I have tried

ssh myname@myhost sg mygroup -c myprog --display mydisplay:0 -myparam 5
ssh myname@myhost "sg mygroup -c myprog --display mydisplay:0 -myparam 5"
ssh myname@myhost sg mygroup -c "myprog --display mydisplay:0 -myparam 5"
ssh myname@myhost sg mygroup -c 'myprog --display mydisplay:0 -myparam 5'

And other combinations. (It also doesn't work for rsh). I lose the command
line parameters for myprog.

I tested this with a simple script (myprog)

#!/bin/sh

echo `id`
echo $1
echo $2
echo $3
echo $4

sleep 5

I also used the chmod 2770 to set the sticky bit on group but the problem
here is that linux security unset's LD_LIBRARY_PATH and so the libraries
can't be found. I know I can use ld.so.conf.d to define the paths but we
are developing the program and the developers are on different versions on
the libraries so we use LD_LIBRARY_PATH to define the work area the user
is using.

If I issue the sg command locally (no ssh), then the parameters do get
passed to the script

sg mygroup -c "myprog --display mydisplay:0 --myparam 5"


Somewhere between ssh and sg, the command line parameters for my program
is getting lost.

On Tue, Aug 11, 2009 at 08:13:59PM -0400, Kyle S Hoyt wrote:
> I have tried
>
> ssh myname@myhost sg mygroup -c myprog --display mydisplay:0 -myparam 5
> ssh myname@myhost "sg mygroup -c myprog --display mydisplay:0 -myparam 5"
> ssh myname@myhost sg mygroup -c "myprog --display mydisplay:0 -myparam 5"
> ssh myname@myhost sg mygroup -c 'myprog --display mydisplay:0 -myparam 5'
>
> And other combinations. (It also doesn't work for rsh). I lose the command
> line parameters for myprog.

ssh myname@myhost "sg mygroup -c 'myprog ...'"

should work.  The key is you need to preserve the inner quotes long enough
to pass them along through the ssh to the remote shell.  In all the tries
you showed here, your quotes are stripped out by the local shell.  You need
a second set of quotes, or you need to escape the quotes with backslashes,
to keep them around long enough.

bah, this didn't make it to the list, but I _had_ replied with some
"helpful" guidance :-D


---------- Forwarded message ----------
From: Daniel Llewellyn <daniel@...>
Date: Wed, Aug 12, 2009 at 21:37
Subject: Re: ssh and change group id
To: Kyle S Hoyt <Kyle_S_Hoyt@...>


On Wed, Aug 12, 2009 at 01:13, Kyle S Hoyt<Kyle_S_Hoyt@...> wrote:
> ssh myname@myhost sg mygroup -c myprog --display mydisplay:0 -myparam 5
> ssh myname@myhost "sg mygroup -c myprog --display mydisplay:0 -myparam 5"
> ssh myname@myhost sg mygroup -c "myprog --display mydisplay:0 -myparam 5"
> ssh myname@myhost sg mygroup -c 'myprog --display mydisplay:0 -myparam 5'

nearly - you need to send the quotes to the _remote_ machine, but the
way you have it in your commandline(s) is that they will be
interpreted by the _local_ shell before sending to the server.

> If I issue the sg command locally (no ssh), then the parameters do get
> passed to the script
>
> sg mygroup -c "myprog --display mydisplay:0 --myparam 5"

you want this command to be sent _exactly_ as it appears over the
wire, including the " characters.

hint, shells "escape" characters with the backslash symbol: \
e.g. \n = new line

this should be enough information for you to determine what you need
to do, or what to lookup in google.

--
Regards,
    Daniel Llewellyn