Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Sourcing Env file with eval works with ksh but not BASH
Top Forums Shell Programming and Scripting Sourcing Env file with eval works with ksh but not BASH Post 302954150 by waavman on Friday 4th of September 2015 02:26:16 PM
Old 09-04-2015
Don,
Like you mentioned when "" is used with the eval command or when ; is placed after the BASEPATH assignment in envfile.txt, xtrace output shows that BASH executes the commands one after the other in the proper order. Else we cannot determine in what order it is executing looking at the xtrace output

As for the setuid solution I have come up with I understand that it is not a completely secure solution. Other users can view the envfile.txt contents by running the setuid script using eval `/tmp/filereader.pl /tmp/envfile.txt`.
But i just tbought until I come up with a more secure solution this would be at least safer than having no Setuid script at all and giving read permission to all to /tmp/envfile.txt and using . /tmp/envfile.txt inside the shell script.
When I refer to confidential information inside envfile.txt I am referring to database passwords etc. which are assigned to environment vairables that will be used within the script.

Corona,

As for your suggestion that i create a shell script filreader.sh owned by master account that has read access to envfile.txt and which is shielded from read/execute access by other users and which has inside it
Code:
. /tmp/envfile.txt

Now inside the main script test.sh that other userids can execute i include

Code:
sudo - masteraccount /somepath/filereader.sh

This would work.
But again it would expose a threat in that other user ids can use a simple hack in the form of a script like this which prints the contents of envfile.txt

Code:
set -x
sudo - masteraccount /somepath/filereader.sh

So the other optionwould be to add this in test.sh
Code:
. /tmp/envfile.txt

and then revoke read permission to other userids on /tmp/envfile.txt and revoke execute permission to other userids on test.sh and GRANT SUDO access to test.sh rather than create a separate filereader.sh and granting sudo access to the filereader.sh

So other users can then run

Code:
sudo - masteraccount test.sh

But I think if other users write a script like this with the set -x option, they can expose envfile.txt contents here as well. So I am not sure if this is secure as well.

Code:
set -x
sudo su - masteraccount test.sh


thanks
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

script sourcing problem (ksh)

I have a script "abc.sh" in /tmp which has exit 0 as its last line when I run this script from /tmp/xyz/def.sh script as . ../abc.sh then the script executes but the control doesn't return to def.sh script for subsequent commands in def.sh but if I invoke the abc.sh from inside the... (3 Replies)
Discussion started by: rakeshou
3 Replies

2. Shell Programming and Scripting

eval in bash

hi everyone i've been reading learning the bash and there is somrthing i don;t understand what does eval do i know that it run a command or script twice but i don;t see in what for cases i can use this could somebody explain this to me (3 Replies)
Discussion started by: jetfreggel
3 Replies

3. UNIX for Advanced & Expert Users

Ksh - Env. Variables ??

Hey all, I have been using Ksh and in that I am setting Environment variables. To set Env. Variables I have created my own file "BuildScript.sh" in which i have written : export CLASSPATH=/somedir/some other dir/file:. export PATH=/some dir/file:. But when i am calling this... (4 Replies)
Discussion started by: varungupta
4 Replies

4. Shell Programming and Scripting

KSH script eval(?) to set variable

first of all, thanks to all on this board, it has been a huge resource to answer most of my questions! I am stuck on something that should really be simple, and was looking for some help.. I am using KSH on solaris and working on a script to move containers from server to server. Where i am... (4 Replies)
Discussion started by: tksol
4 Replies

5. Shell Programming and Scripting

Eval Tricky Manipulation of Arry in KSH - Help

Hi, Could any one share the intelligence to track this problem. I have any array BT_META_36 and it prints properly with contents of array. # print "BT_META_36=${BT_META_36}" # BT_META_36=cab3,cab4:HDS:052,07A cab3,cab4:HDS:052,07A Now I have a BT_META_36 assigned to a variable.... (0 Replies)
Discussion started by: ajilesh
0 Replies

6. UNIX for Dummies Questions & Answers

[solved] Where & what bash env file, Mac OS?

Hi! I wanted to simplify my bash prompt, so I edited my etc/bashrc file. I thought this was the file that would override any other env files. When I opened it, I saw that the way it was setup was not what my prompt looked like, although I forget exactly what was there. But i edited it the way I... (1 Reply)
Discussion started by: sudon't
1 Replies

7. Shell Programming and Scripting

Setting up env variable in ksh

I am facing a very strange issue. I have script in ksh with #!/bin/ksh as shebang. This script has function which sets the env variable before running other functions of the script. by set_up_env() { CONFIG_FILE="/opt/app/tools/deepmarking/latestVersion/script/UploadEnv" if then ... (7 Replies)
Discussion started by: Tuxidow
7 Replies

8. Shell Programming and Scripting

Sourcing .cshrc (C shell) environment variables to bash

I have tried with the following: csh -c 'source ~/.cshrc; exec bash' # works perfectly (cat ~/.cshrc; echo exec bash) | csh # not working And, using sed, I successfully retrieved the environment variables from ~/.cshrc sed -rn 's/setenv\s+(\S+)\s+(.*)$/export \1=\2/p' ~/.cshrc but now... (6 Replies)
Discussion started by: royalibrahim
6 Replies

9. UNIX for Advanced & Expert Users

Dot sourcing differences in ksh, AIX vs Linux vs Solaris

Why does dot sourcing of ksh functions behave so differently between AIX, Solaris, and Linux? How can I make Linux behave the way I want in the test I show below? I have a library of interdependent functions I have developed and use in ksh in AIX. They also run in Solaris. Now I am migrating... (9 Replies)
Discussion started by: charles_n_may
9 Replies

10. UNIX for Beginners Questions & Answers

Sourcing file from parent directory bash

"Debian 9 64x - LXDE" I try to source a file from my parent directory: #!/bin/bash #source.bash . ../links.bash but i get "file not found". I tried . "../links.bash" and . '../links.bash'. I got on all methods the same result. If i use the absolute path it works, but i don't want to... (4 Replies)
Discussion started by: int3g3r
4 Replies

LEARN ABOUT PHP

pam_env

PAM_ENV(8)							 Linux-PAM Manual							PAM_ENV(8)

NAME

       pam_env - PAM module to set/unset environment variables

SYNOPSIS

       pam_env.so [debug] [conffile=conf-file] [envfile=env-file] [readenv=0|1] [user_envfile=env-file] [user_readenv=0|1]

DESCRIPTION

       The pam_env PAM module allows the (un)setting of environment variables. Supported is the use of previously set environment variables as
       well as PAM_ITEMs such as PAM_RHOST.

       By default rules for (un)setting of variables is taken from the config file /etc/security/pam_env.conf if no other file is specified.

       This module can also parse a file with simple KEY=VAL pairs on separate lines (/etc/environment by default). You can change the default
       file to parse, with the envfile flag and turn it on or off by setting the readenv flag to 1 or 0 respectively.

       Since setting of PAM environment variables can have side effects to other modules, this module should be the last one on the stack.

OPTIONS

       conffile=/path/to/pam_env.conf
	   Indicate an alternative pam_env.conf style configuration file to override the default. This can be useful when different services need
	   different environments.

       debug
	   A lot of debug information is printed with syslog(3).

       envfile=/path/to/environment
	   Indicate an alternative environment file to override the default. This can be useful when different services need different
	   environments.

       readenv=0|1
	   Turns on or off the reading of the file specified by envfile (0 is off, 1 is on). By default this option is on.

       user_envfile=filename
	   Indicate an alternative .pam_environment file to override the default. This can be useful when different services need different
	   environments. The filename is relative to the user home directory.

       user_readenv=0|1
	   Turns on or off the reading of the user specific environment file. 0 is off, 1 is on. By default this option is off.

MODULE TYPES PROVIDED

       The auth and session module types are provided.

RETURN VALUES

       PAM_ABORT
	   Not all relevant data or options could be gotten.

       PAM_BUF_ERR
	   Memory buffer error.

       PAM_IGNORE
	   No pam_env.conf and environment file was found.

       PAM_SUCCESS
	   Environment variables were set.

FILES

       /etc/security/pam_env.conf
	   Default configuration file

       /etc/environment
	   Default environment file

       $HOME/.pam_environment
	   User specific environment file

SEE ALSO

       pam_env.conf(5), pam.d(5), pam(7).

AUTHOR

       pam_env was written by Dave Kinchlea <kinch@kinch.ark.com>.

Linux-PAM Manual						    01/16/2014								PAM_ENV(8)
All times are GMT -4. The time now is 04:52 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy