Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Sourcing Env file with eval works with ksh but not BASH
Top Forums Shell Programming and Scripting Sourcing Env file with eval works with ksh but not BASH Post 302954429 by waavman on Tuesday 8th of September 2015 12:30:35 AM
Old 09-08-2015
Hi Corona

The Key point here I was not aware of is that SUDO does not inherit shell options like -x. That helps thanks.

Since I do not have root access to modify /etc/sudoers at work I tested this out on my Mac Pro that runs underlying OS Darwin 10.8 BSD/OSX based Linux.

First as root I added the following entry to /etc/sudoers so that user 'otheruser' has sudo permission to run the command owned by admin account. Note that on Mac OS, in addition to admin there is also root user.

Code:
otheruser ALL=(ALL) NOPASSWD: /Users/admin/test_xtrace_withsudoaccess.ksh

As admin user 'admin' I created the following files which have no read/execute permission to group and others

Code:
$ cat testenvfile.txt 
export ADMINHOMEDIR="/Users/admin"

Code:
$ cat test_xtrace_withsudoaccess.ksh 
#!/bin/ksh
. /Users/admin/testenvfile.txt

Then I created following script with 'otheruser' which just sources above admin script without using Sudo

Code:
$ cat call_adminusers_restrictedsudocommand.ksh 
#!/bin/ksh
set -x
. /Users/admin/test_xtrace_withsudoaccess.ksh

Obviously it fails like below due to no read/execute permission

Code:
$./call_adminusers_restrictedsudocommand.ksh 
+ . /Users/admin/test_xtrace_withsudoaccess.ksh
./call_adminusers_restrictedsudocommand.ksh[3]: .: /Users/admin/test_xtrace_withsudoaccess.ksh: cannot open [Permission denied]

Then I updated this 'otheruser' script to use sudo instead of directly calling it as below

Code:
$ cat call_adminusers_restrictedsudocommand.ksh 
#!/bin/sh
set -x
sudo /Users/admin/test_xtrace_withsudoaccess.ksh

Now when I invoked this script by 'otheruser' I got the following output which shows that even though the admin script got execute fine, envfile.txt contents are hidden as sudo does not inherit -x oiption

Code:
$./call_adminusers_restrictedsudocommand.ksh 
+ sudo /Users/admin/test_xtrace_withsudoaccess.ksh


On the other hand when I used xtrace option set -x within a script owned by 'admin' user as below, where it invokes the script directly without using sudo, the xtrace output prints the entries of the envfile.txt as they are parsed

Code:
$ cat call_testxtrace.ksh 
#!/bin/ksh
set -x
. ./test_xtrace_withsudoaccess.ksh

Output

Code:
$ /Users/admin/call_testxtrace.ksh 
+ . ./test_xtrace_withsudoaccess.ksh
+ . /Users/admin/testenvfile.txt
+ ADMINHOMEDIR=/Users/admin
+ export DMINHOMEDIR


So this proves your theory that sudo doesnot inherit -x option meaning a secure script owned by admin that sources a secure env file, can be granted sudo access to other users without the risk of those user being able to trace envfile contents with the Xtrace option.


Thanks
waavman
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

script sourcing problem (ksh)

I have a script "abc.sh" in /tmp which has exit 0 as its last line when I run this script from /tmp/xyz/def.sh script as . ../abc.sh then the script executes but the control doesn't return to def.sh script for subsequent commands in def.sh but if I invoke the abc.sh from inside the... (3 Replies)
Discussion started by: rakeshou
3 Replies

2. Shell Programming and Scripting

eval in bash

hi everyone i've been reading learning the bash and there is somrthing i don;t understand what does eval do i know that it run a command or script twice but i don;t see in what for cases i can use this could somebody explain this to me (3 Replies)
Discussion started by: jetfreggel
3 Replies

3. UNIX for Advanced & Expert Users

Ksh - Env. Variables ??

Hey all, I have been using Ksh and in that I am setting Environment variables. To set Env. Variables I have created my own file "BuildScript.sh" in which i have written : export CLASSPATH=/somedir/some other dir/file:. export PATH=/some dir/file:. But when i am calling this... (4 Replies)
Discussion started by: varungupta
4 Replies

4. Shell Programming and Scripting

KSH script eval(?) to set variable

first of all, thanks to all on this board, it has been a huge resource to answer most of my questions! I am stuck on something that should really be simple, and was looking for some help.. I am using KSH on solaris and working on a script to move containers from server to server. Where i am... (4 Replies)
Discussion started by: tksol
4 Replies

5. Shell Programming and Scripting

Eval Tricky Manipulation of Arry in KSH - Help

Hi, Could any one share the intelligence to track this problem. I have any array BT_META_36 and it prints properly with contents of array. # print "BT_META_36=${BT_META_36}" # BT_META_36=cab3,cab4:HDS:052,07A cab3,cab4:HDS:052,07A Now I have a BT_META_36 assigned to a variable.... (0 Replies)
Discussion started by: ajilesh
0 Replies

6. UNIX for Dummies Questions & Answers

[solved] Where & what bash env file, Mac OS?

Hi! I wanted to simplify my bash prompt, so I edited my etc/bashrc file. I thought this was the file that would override any other env files. When I opened it, I saw that the way it was setup was not what my prompt looked like, although I forget exactly what was there. But i edited it the way I... (1 Reply)
Discussion started by: sudon't
1 Replies

7. Shell Programming and Scripting

Setting up env variable in ksh

I am facing a very strange issue. I have script in ksh with #!/bin/ksh as shebang. This script has function which sets the env variable before running other functions of the script. by set_up_env() { CONFIG_FILE="/opt/app/tools/deepmarking/latestVersion/script/UploadEnv" if then ... (7 Replies)
Discussion started by: Tuxidow
7 Replies

8. Shell Programming and Scripting

Sourcing .cshrc (C shell) environment variables to bash

I have tried with the following: csh -c 'source ~/.cshrc; exec bash' # works perfectly (cat ~/.cshrc; echo exec bash) | csh # not working And, using sed, I successfully retrieved the environment variables from ~/.cshrc sed -rn 's/setenv\s+(\S+)\s+(.*)$/export \1=\2/p' ~/.cshrc but now... (6 Replies)
Discussion started by: royalibrahim
6 Replies

9. UNIX for Advanced & Expert Users

Dot sourcing differences in ksh, AIX vs Linux vs Solaris

Why does dot sourcing of ksh functions behave so differently between AIX, Solaris, and Linux? How can I make Linux behave the way I want in the test I show below? I have a library of interdependent functions I have developed and use in ksh in AIX. They also run in Solaris. Now I am migrating... (9 Replies)
Discussion started by: charles_n_may
9 Replies

10. UNIX for Beginners Questions & Answers

Sourcing file from parent directory bash

"Debian 9 64x - LXDE" I try to source a file from my parent directory: #!/bin/bash #source.bash . ../links.bash but i get "file not found". I tried . "../links.bash" and . '../links.bash'. I got on all methods the same result. If i use the absolute path it works, but i don't want to... (4 Replies)
Discussion started by: int3g3r
4 Replies
All times are GMT -4. The time now is 07:57 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy