Simple shell_command not working

I want to unmount my Hard Drive (which is connected to my Raspberry Pi) with a simple shell_command through Home Assistant:

umount /dev/sda1

It works perfectly if I do it through terminal and it also works perfectly if I change to virtual enviroment in HASS with source /srv/hass/hass_venv/bin/activate and run same command there.

Here is my shell_command.yaml :

  unmount: '/home/hass/.homeassistant/shell_commands/unmount.sh'
  unmount1: "umount /dev/sda1"
  unmount2: "eject /dev/sda1"

unmount.sh file (only one line):

umount /dev/sda1

It doesn’t work through script (unmount), it doesn’t work through in single or double quotes, with eject or umount. There is no error in log, nothing happens.

Any help would be really appreciated, I don’t know what I am missing.

Remember that when you execute shell commands from HA, you do so as the HASS user…

Yes…that seems to be the problem. @Tinkerer gave me some advice how to solve it here (at the end of the topic):

Do you know how I could give user HASS needed permissions?

Ok, I have to ask on this one. Why are you mounting a drive through HA?

I don’t need to mount my HDD through HA, I just want to unmount it through HA.

To explain. This is and external HDD with external power supply, it’s connected directly to my Pi.

I want to create an automation that does the following things:

Movie TIme automation:

1. Turns on the RF outlet
   With this HDD start and mounts on my Pi by itself
2. Starts KODI on my Pi
3. Turns on Hyperion TV Ambilight
4. Turns on my TV
5. Selects correct HDMI source
6. Turns off the lights
7. etc.

Movie time over automation:

1. Closes KODI
2. Unmounts HDD - my problem
3. Switches off RF outlet (this is where HDD power supply is connected)
4. etc

I’ve manage to integrate everything except unmounting HDD…and launching KODI through shell_commands is also a problem, but it at least works in a way.

I cannot simply turn off RF outlet before unmounting, because there could be data corruption on HDD.

Ok, now I understand. You could try sending them through sudo

sudo umount /dev/sda1
sudo eject /dev/sda1

That might work

Thank you for your suggestion, but unfortunately it doesn’t work. It’s the same as before. Nothing happens, there is no error in log as well.

I thought HASS could not run commands with sudo otherwise…?

In case I am doing a stupid mistake and I don’t see it. In my shell_commands.yaml I have the following:

  unmount1: "sudo umount /dev/sda1"
  unmount2: "sudo eject /dev/sda1"

Then in HASS I go to Services, select shell_command domain and service unmount1 or unmount2, then “Call Service” to test it quickly…

I forgot, I added the hass user to the sudousers file (that’s not the right now, but I can’t login right now to check). Otherwise sudo is asking for a password I think.

I tried to set umount commands on command_line switches as command_on and commands defenitely fail (with or without sudo). This time they are properly logged:

17-01-13 19:33:52 homeassistant.components.switch.command_line: Command failed: umount /dev/sda1
17-01-13 19:34:10 homeassistant.components.switch.command_line: Command failed: sudo umount /dev/sda1

Any ideas?

You were correct, I am getting permission errors:

hass@Home-Assistant:/home/pi$ umount /dev/sda1
umount: /media/pi/MyBook: umount failed: Operation not permitted

Did you add hass to sudousers with this command?

sudo adduser hass sudo

no it’s a sudo file that allows hass to use sudo without challenging for a password. Look at the man pages for sudo it should point you there. If not, I’ll be able to check my system in a couple of hours and can reply with the information.

I think, I need to edit /etc/sudoers file, but I am unsure how, so I would appreciate it, if you could tell me when you are able to check your system.

Thanks again!

This explains how to add a new user to sudoers:

But please read this before you do:

https://github.com/home-assistant/home-assistant.github.io/pull/997

actually try the following.
I’m doing it logged in as pi not as hass. that way I don’t have to enter the sudo password when I create the file we need.

cd /etc/sudoers.d

create a file named 010_hass-nopasswd you’ll need to use sudo to do this.
sudo (whatever editor you like) 010_hass-nopasswd

in the file put the following line
hass ALL=(ALL) NOPASSWD: ALL

I think that should do it and you won’t be prompted for the password under hass anymore.

But please read the github reference on why this isn’t really the proper approach.

Thank you @turboc for your help. I added hass to sudoers and now everything is working!

@rpitera Thank you for pointing me to github discussion. I agree that adding hass to sudoers is not the right way to solve the problem, I don’t know any other way to do it. Also, all future commands with sudo wil now work as well, I won’t have to deal with specific problems and permissions every time.

SmartValley,
For home use that is probably fine. But in the business world, using sudo like we have set it up allows normally unauthorized users to install applications that could impact everyone on the system, instead of just being limited to their account.
I think the best solution will be for someone with a lot more unix/linux and HA knowledge than me, to figure out how to let hass run apps in needs to run without having to use sudo, but also making it so that we can work in the system without having to go into the hass user to do everything. I don’t know how to do it, like it said, it will take someone with a lot more unix/linux and HA knowledge than me to pull it off.

I had to point you to that discussion or I wouldn’t be doing my job as a mod. As long as you understand the implications, then the evaluation of the risk is up to you - and BTW, not judging! I just wanted to make sure that I made you aware of it.

I originally did a similar thing with perms on my certificates until I could find a proper solution so I know where you’re coming from.

If you want to go the sudoers route, the best approach would be to specify the exact command(s) that the hass user is allowed to run:

As pi user, run:

sudo sudoers

and add the following lines to the bottom:

# Allow user hass to run specific commands
hass ALL=(ALL) NOPASSWD: /bin/umount /dev/sda1
hass ALL=(ALL) NOPASSWD: /usr/bin/eject /dev/sda1

Thanks, that would defenitely be a better solutin than addng hass to suders