sudo using at failing.


 
Thread Tools Search this Thread
Top Forums UNIX for Advanced & Expert Users sudo using at failing.
# 1  
Old 06-11-2009
sudo using at failing.

Hi,

I'm hopin' ya can give me an idea or two here.

I'm writing a file transfer tracking program. Users login via FTP or https. These users have NO shell access. I'll get to that in a minute. When they upload or download a file, a script is invoked to log the transfer in a database, send an email to the appropriate people, and schedule the file for deletion. The files are owned by internal users. The scripts are spawned by external users, hence the need for sudo. Otherwise file permissions wouldn't allow deletion.

Here's the problem. When I schedule the file deletion it doesn't happen. If I delete the file immediately it works. Here's what I have:
Works:
Code:
# Delete file NOW
sudo /bin/rm -f "/$rootdir/$vendor/$outgoing/.$line"

Doesn't work:
Code:
# Schedule for deletion
echo "sudo /bin/rm -f \"/$rootdir/$vendor/$outgoing/.$line\"" | \
      sudo /usr/bin/at now + 2 minutes 2>/dev/null

The at parameters above are for testing. In reality the files would get deleted at midnight 2 days after download, or 30 days after upload. I've tried a hundred different variations on the at command.

Here's an example of the spooled at job:
Code:
#!/bin/sh
# atrun uid=0 gid=0
# mail     root 0
umask 22
HOME=/ftp/vendor1; export HOME
SHELL=/etc/ftponly; export SHELL
LOGNAME=root; export LOGNAME
USER=root; export USER
USERNAME=root; export USERNAME
PATH=/usr/bin:/bin; export PATH
SUDO_COMMAND=/usr/bin/at\ now\ +\ 2\ minutes; export SUDO_COMMAND
SUDO_USER=vendor1; export SUDO_USER
SUDO_UID=1010; export SUDO_UID
SUDO_GID=1000; export SUDO_GID
cd /usr/libexec/usermin/updown || {
         echo 'Execution directory inaccessible' >&2
         exit 1
}
${SHELL:-/bin/sh} << `(dd if=/dev/urandom count=200 bs=1 2>/dev/null|LC_ALL=C tr -d -c '[:alnum:]')`

sudo /bin/rm -f /ftp/vendor1/outgoing/file1.zip

Since the users don't have shell access... Could that be stopping the at job for working? What doesn't make sense to me is that it would work via a straight sudo, but not a queued instance.

Any ideas???

Thanks
# 2  
Old 06-12-2009
Start by typing
Code:
which sudo

And see if the path is included in PATH of your script...
# 3  
Old 06-12-2009
Yep, It's definitely in the path. I've tried it with and without the full path in the command line. In my haste in posting yesterday.

I forgot to mention that FTP users seem to have no problem here. I'm using vsftp as the server software. All instances of the at command are spawned as the user ftp-files, an internal user with shell privileges. Users that access the site via https however spawn all processes as the user they login as. I.E. external users with no shell privileges. Again the weird thing is that the immediate removal works at doesn't. Both means of access trigger the same script file, the only difference is the user name.

I've also noticed that depending on whether or not I use sudo for the at command itself the user under which it's spawned will change as well.

If nothing else, I've at least got to look forward to the "Brick Wall" until I get this figured out.Smilie

-----Post Update-----

It may not be right, but I've found a work around.

I had to call the script that spawns the at command via sudo. For whatever reason calling the at command directly wouldn't work sudo or not. I even tried just echoing text to a file. Nothing... Nothing in /var/log/anything. Just nothing.

Backing up one script and making the sudo call there worked. Although I still want to figure out why the direct call didn't work, I'll have to put it aside for now and finish my task.

Thanks for the input.

Last edited by mph; 06-12-2009 at 10:38 AM..
# 4  
Old 06-12-2009
Maybe user not in at.allow (or in at.deny...)?
# 5  
Old 06-12-2009
Now I KNEW there was a reason I asked the experts.

That never even crossed my mind. I can hear Jim Varney rolling over in his grave sayin' "Golly Bob howdy Vern, Why didn't ya think 'o' that"!!! SmilieSmilieSmilie

One thing that makes me think it mightn't be it. Would the at job be allowed to schedule itself if the user wasn't allowed to use at? Wouldn't there be some output to a log... somewhere???

I'll definitely test this out if I can this afternoon, if not Monday morning. (Trying not to work (well think too much) on the weekends). I'll be sure to post whatever I come up with.

THANKS!!!
# 6  
Old 06-12-2009
I imagine your "2>/dev/null" is supressing an error message, try redirecting it to a log file to debug.

Code:
# Schedule for deletion
echo "sudo /bin/rm -f \"/$rootdir/$vendor/$outgoing/.$line\"" | \
      sudo /usr/bin/at now + 2 minutes 2>/tmp/at.err

If that's not the problem, perhaps an strace command would help debug what at is up to:

Code:
# Schedule for deletion
echo "sudo /bin/rm -f \"/$rootdir/$vendor/$outgoing/.$line\"" | \
      sudo strace /usr/bin/at now + 2 minutes 2>/tmp/at.err

--
qneill

Last edited by qneill; 06-18-2009 at 04:02 PM..
# 7  
Old 06-12-2009
I've run in several times with and without piping to null and pipeing to a file, etc... Both the actual command and the at scheduling.

Strace might very well be the best option.

Thanks, I'll give it whack Monday!
Login or Register to Ask a Question

Previous Thread | Next Thread

9 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

sudo: sorry, you must have a tty to run sudo

Hi, Have a need to run the below command as a "karuser" from a java class which will is running as "root" user. When we are trying to run the below command from java code getting the below error. Command: sudo -u karuser -s /bin/bash /bank/karunix/bin/build_cycles.sh Error: sudo: sorry,... (8 Replies)
Discussion started by: Satyak
8 Replies

2. Shell Programming and Scripting

sudo: sorry, you must have a tty to run sudo

Hi All, I running a unix command using sudo option inside shell script. Its working well. But in crontab the same command is not working and its throwing "sudo: sorry, you must have a tty to run sudo". I do not have root permission to add or change settings for my userid. I can not even ask... (9 Replies)
Discussion started by: Apple1221
9 Replies

3. Shell Programming and Scripting

ssh foo.com sudo command - Prompts for sudo password as visible text. Help?

I am writing a BASH script to update a webserver and then restart Apache. It looks basically like this: #!/bin/bash rsync /path/on/local/machine/ foo.com:path/on/remote/machine/ ssh foo.com sudo /etc/init.d/apache2 reloadrsync and ssh don't prompt for a password, because I have DSA encryption... (9 Replies)
Discussion started by: fluoborate
9 Replies

4. Shell Programming and Scripting

ps -ef failing sometimes

Hi Everyone, we have a shell script "DLP_recv.sh" that has below command which is supposed to return the number of active instances of itself, which means of there is no other instance then commad would return 1 (for the current instance). The problem is that it sometimes it returns 0 which is... (3 Replies)
Discussion started by: guycool
3 Replies

5. AIX

sudo log and sudo auditing

Sudo In AIX, how to find out what commands have been run after a user sudo to another user? for example, user sam run 'sudo -u robert ksh' then run some commands, how can I (as root) find what commands have been run? sudo.log only contains sudo event, no activity logging. (3 Replies)
Discussion started by: jalite19
3 Replies

6. Cybersecurity

sudo /bin/sh or sudo su -

we are looking at changing the way we get root on our network. in our current system if an admin needs root access he just gets the root password and uses an su. some of our staff have decided that a sudo to "/bin/sh" will be easer. some of our staff think a sudo to "su -" will be better. I... (0 Replies)
Discussion started by: robsonde
0 Replies

7. UNIX for Dummies Questions & Answers

Unable to use the Sudo command. "0509-130 Symbol resolution failed for sudo because:"

Hi! I'm very new to unix, so please keep that in mind with the level of language used if you choose to help :D Thanks! When attempting to use sudo on and AIX machine with oslevel 5.1.0.0, I get the following error: exec(): 0509-036 Cannot load program sudo because of the following errors:... (1 Reply)
Discussion started by: Chloe123
1 Replies

8. Shell Programming and Scripting

ssh - rm failing

Hi, Please help me... I am creating a string of filenames with absolute path and deleting those files situated in the remote server using ssh .. but it doesnot work.. Can anyone help me... here is my code for FileName in ${myDire} do Tmp=`basename... (4 Replies)
Discussion started by: shihabvk
4 Replies

9. HP-UX

dd command failing

I am new to HP-UX. I have an 8GB drive that is my root drive, contained in a Volume Group. I would like to clone that drive to another drive, which is 18.4GB. The other drive is not in a volume group. I am using this simple command:# dd if=/dev/dsk/c0t6d0 of=/dev/dsk/c0t5d0The command... (4 Replies)
Discussion started by: emsecrist
4 Replies
Login or Register to Ask a Question