Today have a request to provide sudo permission to an application script and another script which loads its environment variables
But I am not able to execute the script even though I have given permission in sudoers.
The steps to execute the script.
1) . /opt/custom/etc/setup_env.sh (here is a space between dot and slash) or cd /opt/custom/etc/ then . ./setup_env.sh (there is a space between dot and dot )
2) . /opt/custom/bin/start_server serv1
The issues
Setting environment variables will not work as expected. lets see what happens when we execute it.
why there is a space required between dot and slash or dot and dot.
if we execute the /opt/custom/etc/setup_env.sh directly it will set the environment variables for the script itself (sub shell its running ) and exists. There will not be any variables set for the shell where we are executing the script.
But if we execute the script like this ". /opt/custom/etc/setup_env.sh" it will set the environment variable for this current shell also. That's why there is a space required.
2. If we execute "sudo . /opt/custom/etc/setup_env.sh" sudo will complain command not found. Its because "." (dot) means current directory and there it search for the command and obviously it will not find it.
How to overcome this.
1. Append the application environment variable paths in root's profile. Provide permission to required commands in sudoers
OR
2. Create a script like this if there are only some commands need to be executed. Then add the script in sudoers for that particular user.
OR
3. Update to latest sudo , which will have the option sudo -E , so that it will preserve the environment of executing user ( provided the executing user have application environment set in his path )
The -E (preserve environment) option indicates to the security policy that the user wishes to preserve their existing environment variables. The security policy may return an error if the -E option is specified and the user does not have permission to preserve the environment
But I am not able to execute the script even though I have given permission in sudoers.
The steps to execute the script.
1) . /opt/custom/etc/setup_env.sh (here is a space between dot and slash) or cd /opt/custom/etc/ then . ./setup_env.sh (there is a space between dot and dot )
2) . /opt/custom/bin/start_server serv1
The issues
Setting environment variables will not work as expected. lets see what happens when we execute it.
why there is a space required between dot and slash or dot and dot.
if we execute the /opt/custom/etc/setup_env.sh directly it will set the environment variables for the script itself (sub shell its running ) and exists. There will not be any variables set for the shell where we are executing the script.
But if we execute the script like this ". /opt/custom/etc/setup_env.sh" it will set the environment variable for this current shell also. That's why there is a space required.
2. If we execute "sudo . /opt/custom/etc/setup_env.sh" sudo will complain command not found. Its because "." (dot) means current directory and there it search for the command and obviously it will not find it.
How to overcome this.
1. Append the application environment variable paths in root's profile. Provide permission to required commands in sudoers
OR
2. Create a script like this if there are only some commands need to be executed. Then add the script in sudoers for that particular user.
cat /opt/custom/bin/start.sh
#!/usr/bin/sh
echo
"Please give the name of the instance to start: \c"
read INSTANCE
. /opt/custom/etc/setup_env.sh #dot space :)
/opt/custom/bin/start_server $INSTANCE
read INSTANCE
. /opt/custom/etc/setup_env.sh #dot space :)
/opt/custom/bin/start_server $INSTANCE
OR
3. Update to latest sudo , which will have the option sudo -E , so that it will preserve the environment of executing user ( provided the executing user have application environment set in his path )
The -E (preserve environment) option indicates to the security policy that the user wishes to preserve their existing environment variables. The security policy may return an error if the -E option is specified and the user does not have permission to preserve the environment
No comments:
Post a Comment