Running commands as root

You can configure your app to run commands as the root (sudo) user at app startup.

Create a simple QRadar app that displays a list of UNIX users in the QRadar app’s container. The adduser command adds a new user at startup (testuser) that appears in the UNIX user list. Because the adduser command requires root (sudo) priviledges, the app must use the as_root feature.

Tip: Running commands or doing work at app startup is not a best practice. Instead, design apps to run commands or do work at image build time.


This tutorial requires the following dependencies:

  • QRadar app SDK version 2

Create the app

Create a new folder for the app:

mkdir AsRootApp && cd AsRootApp

Use the QRadar app SDK to initialize the app code:

qapp create

Write the manifest

Edit the manifest.json file to make it more relevant to the app:

  "name": "As Root",
  "description": "App showing using the as_root feature",
  "version": "1.0",
  "image": "qradar-app-base:2.0.0",
  "areas": [
      "id": "QAsRoot",
      "text": "As Root",
      "description": "As Root area showing list of all UNIX users",
      "url": "index",
      "required_capabilities": []
  "uuid": "<your unique app UUID>"

This manifest defines an area called QAsRoot that will serve the app user interface.

Write the Jinja template

Delete app/templates/hello.html and create a new file called app/templates/users.html using the following code:

<!DOCTYPE html>
    <title>As Root</title>

    <p id="description">
        This app has added a new user called 'testuser' using 'as_root', the UNIX users in the app container are:
    <ul id="user-list">

This Jinja template provides the entire user interface for the app, primarily displaying all UNIX users in a list in the app’s Docker container.

Create the app endpoint

Add the app HTTP endpoints by editing app/

import pwd
from flask import Blueprint, render_template

# pylint: disable=invalid-name
viewsbp = Blueprint('viewsbp', __name__, url_prefix='/')

# Simple endpoint that renders and serves 'users.html', displaying all UNIX
# users on the system
def users():
    # Get all UNIX users and store their names in a list
    user_list = []
    for user in pwd.getpwall():
    # Render users.html using the retrieved user list
    return render_template('users.html', users=user_list)

This sets up the app endpoint to retrieve the list of UNIX users and then injects the user list into the Jinja template.

Write the Create User startup script

Add a new script called container/run/

# Create a new user called 'testuser', with a home directory (/home/testuser)
as_root adduser testuser -m

Add a new file called container/run/ordering.txt:


These two files define the startup behaviour of the app. The ordering.txt file points to the file to run on startup (, and adds a new user called testuser.

The script uses the as_root feature, which allows apps to run commands as the root (sudo) user at startup.

Test the app locally

You can now test the app by running the app locally using the QRadar App SDK:

qapp run

The QRadar app SDK reports the port that the app is running on, so you can access the app at http://localhost:<app port>.


The as_root feature provides app developers the ability to run commands as the root user at app startup.


The as_root option is only available at app start up, if it is used during normal runtime operation, it will fail.


Only use the as_root option when necessary. Its use is subject to strict validation when submitted to X-Force Exchange. You might need to justify a necessary reason for using it.