Bash script - ENV Variable context problem using su

jcdole · November 3, 2013, 1:08pm

Hello
I have found some piece of code to verify and then run shell script with root permission from normal user.
see : http://blog.mecworks.com/articles/2006/02/23/bash-scripting-tip-running-a-script-as-root
I have wrote two scripts using this tips.

one to copy file from server to local computer ( files_copy_from_server.sh )
and this program is started by using another script ( files_copy_from_server_launcher.sh)
one to copy file to server from local computer ( files_copy_to_server.sh )
and this program is started by using another script ( files_copy_to_server_launcher.sh)

The first one run perfectly.

user@asus:~> /home/user/bin/files_copy_from_server_launcher
CMD   : /home/user/bin/files_copy_from_server
PARAM : /root/bin/mysql* /home/user/
Please enter root's password.
Password: 
MAIN - there are  2 parametres
MAIN - PARAM0 : /home/juser/bin/files_copy_from_server
MAIN - PARAM1 : /root/bin/mysql*
MAIN - PARAM2 : /home/user/
COMMAND : pscp -v -2 -P 12345 -i /root/.ssh/my-key.ppk -l root   root@192.168.123.123:/root/bin/mysql*   /home/user/
Server version: SSH-2.0-OpenSSH_6.1
Using SSH protocol version 2
Doing Diffie-Hellman group exchange
Doing Diffie-Hellman key exchange with hash SHA-256
Host key fingerprint is:
ssh-rsa 2048 db:dc:dd:de:df:1a:1b:1c:1d:1e:c0:c1:c2:c3:c4:c5
Initialised AES-256 SDCTR client->server encryption
Initialised HMAC-SHA1 client->server MAC algorithm
Initialised AES-256 SDCTR server->client encryption
Initialised HMAC-SHA1 server->client MAC algorithm
Reading private key file "/root/.ssh/my-key.ppk"
Pageant is running. Requesting keys.
Pageant has 0 SSH-2 keys
Configured key file not in Pageant
Using username "root".
Offered public key
Offer of public key accepted
Authenticating with public key "imported-openssh-key"
Sent public key signature
Access granted
Opened channel for session
Started a shell/command
Using SFTP
Connected to 192.168.123.123

mysql_04_make-mysql-from- | 0 kB |   0.9 kB/s | ETA: 00:00:00 | 100%
mysql_install_db_mysql_si | 2 kB |   2.5 kB/s | ETA: 00:00:00 | 100%
mysql_remove_suse_mysql_a | 1 kB |   1.4 kB/s | ETA: 00:00:00 | 100%
mysql_create_users_mysql  | 2 kB |   2.6 kB/s | ETA: 00:00:00 | 100%
mysql_create_dir_mysql    | 2 kB |   2.3 kB/s | ETA: 00:00:00 | 100%
mysql_remove_oracle_mysql | 1 kB |   1.8 kB/s | ETA: 00:00:00 | 100%
mysql_01_install_mysql_ed | 1 kB |   1.5 kB/s | ETA: 00:00:00 | 100%
mysql_remove_oracle_mysql | 1 kB |   1.4 kB/s | ETA: 00:00:00 | 100%
mysql_install_mysql_softw | 2 kB |   2.9 kB/s | ETA: 00:00:00 | 100%
mysql_create_mysql_config | 4 kB |   4.9 kB/s | ETA: 00:00:00 | 100%
mysql_full_install_mysql  | 3 kB |   3.2 kB/s | ETA: 00:00:00 | 100%
mysql_03_my_function      | 4 kB |   4.7 kB/s | ETA: 00:00:00 | 100%
mysql_remove_mariadb___   | 1 kB |   1.6 kB/s | ETA: 00:00:00 | 100%
mysql_create_mysql_config | 3 kB |   3.5 kB/s | ETA: 00:00:00 | 100%
mysql_install_db_mysql_mu | 2 kB |   2.2 kB/s | ETA: 00:00:00 | 100%
mysql_remove_suse_mysql__ | 1 kB |   1.6 kB/s | ETA: 00:00:00 | 100%
mysql_remove_mariadb_and_ | 1 kB |   1.4 kB/s | ETA: 00:00:00 | 100%
mysql_02_install_oracle_m | 6 kB |   6.9 kB/s | ETA: 00:00:00 | 100%
Sent EOF message
Server sent command exit status 0
Disconnected: All channels closed
user@asus:~>

The second one failed because variables are not set correctly :

user@asus:~> /home/user/bin/files_copy_to_server_launcher
CMD   : /home/user/bin/files_copy_to_server
PARAM : /home/user/bin/files_copy* /root/bin/
Please enter root's password.
Password: 
MAIN - il y a 6 parametres
MAIN - PARAM0 : /home/user/bin/files_copy_to_server  - correct
MAIN - PARAM1 : /home/user/bin/files_copy_from_server - should be "/home/user/bin/files_copy*"
MAIN - PARAM2 : /home/user/bin/files_copy_from_server_launcher - should be "/root/bin/"
MAIN - PARAM3 : /home/user/bin/files_copy_to_server - should not exists
MAIN - PARAM4 : /home/user/bin/files_copy_to_server.1 - should not exists
MAIN - PARAM5 : /home/user/bin/files_copy_to_server_launcher - should not exists
USAGE : /home/user/bin/files_copy_to_server  local_source_file  server_file_dest
user@asus:~>

Any help is welcome

Chubler_XL · November 3, 2013, 4:33pm

The exec su line is expanding your arguments. You could define CMDLN_ARGS like this:

CMDLN_ARGS="\"$@\"" # Command line arguments for this script

jcdole · November 5, 2013, 12:48pm

Does not help.

I have made some change. As the two executing jobs programs are very similar, I have made one program for the two task. So I am passing 3 arguments as I have added the copy direction ( "from" or "to" ).

So I am using now an unique program. And I get the same problem.

here is the command in the first launcher files_copy_from_server_launcher :

/home/user/bin/files_copy_server  "from"  "/root/bin/mysql*"  "/home/user/"

here is the command in the second launcher files_copy_to_server_launcher :

/home/user/bin/files_copy_server  "to" "/home/user/bin/files_copy*" "/root/bin/"

The first one run correctly.;
Here part of screen logs:

CMDLN_ARGS_2 : Note : is blank in entry
CMD   : /home/user/bin/files_copy_server
PARAM : "from /root/bin/mysql* /home/user/"
Please enter root's password.
Password:
CMDLN_ARGS_2 : "from /root/bin/mysql* /home/user/" Note : is not blank because of the recursive call
Reading exec parameter
$ 1 : from /root/bin/mysql* /home/user/ this is  given by  "echo $1"
$ 1 : from /root/bin/mysql* /home/user/ this is  given by "echo "$1
$ { 1 } : from /root/bin/mysql* /home/user/ this is  given by  "echo ${1}"
$ { 1 } : from /root/bin/mysql* /home/user/ this is  given by  "echo "{$1}
MAIN - il y a 3 parametres
MAIN - PARAM0 : /home/user/bin/files_copy_server
MAIN - PARAM1 : from
MAIN - PARAM2 : /root/bin/mysql*
MAIN - PARAM3 : /home/user/

The second launcher run badly.;
Here part of screen logs; Note the important info for the following are in bold :

CMDLN_ARGS_2 : Note : is blank in entry
CMD   : /home/user/bin/files_copy_server
PARAM : "to   /home/user/bin/files_copy*   /root/bin/"
Please enter root's password.
Password:
CMDLN_ARGS_2 : "to    /home/jcdole/bin/files_copy*  /root/bin/" Note : is not blank because of the recursive call
Reading exec parameter
$ 1     : to /home/user/bin/files_copy* /root/bin/ this is  given by  "echo $1"
$ 1     : to /home/user/bin/files_copy_from_server /home/user/bin/files_copy_from_server.1 /home/user/bin/files_copy_from_server_launcher /home/user/bin/files_copy_from_server_launcher.1 /home/user/bin/files_copy_from_server_launcher.2 /home/user/bin/files_copy_from_server_launcher.3 /home/user/bin/files_copy_from_server_launcher.4 /home/user/bin/files_copy_server /home/user/bin/files_copy_server.1 /home/user/bin/files_copy_server.2 /home/user/bin/files_copy_server.3 /home/user/bin/files_copy_server.4 /home/user/bin/files_copy_to_server /home/user/bin/files_copy_to_server.1 /home/user/bin/files_copy_to_server.2 /home/user/bin/files_copy_to_server.3 /home/user/bin/files_copy_to_server.4 /home/user/bin/files_copy_to_server.5 /home/user/bin/files_copy_to_server_launcher /home/user/bin/files_copy_to_server_launcher.2 /home/user/bin/files_copy_to_server_launcher.3 /home/user/bin/files_copy_to_server_launcher.4 /root/bin/ this is bad
this is  given by "echo "$1
$ { 1 } : to /home/user/bin/files_copy* /root/bin/ this is  given by  "echo ${1}"
$ { 1 } : to /home/user/bin/files_copy_from_server /home/user/bin/files_copy_from_server.1 /home/user/bin/files_copy_from_server_launcher /home/user/bin/files_copy_from_server_launcher.1 /home/user/bin/files_copy_from_server_launcher.2 /home/user/bin/files_copy_from_server_launcher.3 /home/user/bin/files_copy_from_server_launcher.4 /home/user/bin/files_copy_server /home/user/bin/files_copy_server.1 /home/user/bin/files_copy_server.2 /home/user/bin/files_copy_server.3 /home/user/bin/files_copy_server.4 /home/user/bin/files_copy_to_server /home/user/bin/files_copy_to_server.1 /home/user/bin/files_copy_to_server.2 /home/user/bin/files_copy_to_server.3 /home/user/bin/files_copy_to_server.4 /home/user/bin/files_copy_to_server.5 /home/user/bin/files_copy_to_server_launcher /home/user/bin/files_copy_to_server_launcher.2 /home/user/bin/files_copy_to_server_launcher.3 /home/user/bin/files_copy_to_server_launcher.4 /root/bin/this is bad
this is  given by "echo "${1}
MAIN - il y a 24 parametres  this is bad
MAIN - PARAM0 : /home/user/bin/files_copy_server
MAIN - PARAM1 : to
MAIN - PARAM2 : /home/user/bin/files_copy_from_server this is bad
MAIN - PARAM3 : /home/user/bin/files_copy_from_server.1 this is bad

the program extract parameter in this loop :

for PARAM in $1 ; do
    case $MY_COUNT in
        0)
            DIRECTION=$PARAM
            ;;
        1)
            SOURCE=$PARAM
            ;;
        2)
            DESTINATION=$PARAM
            ;;
    esac
    ((MY_COUNT += 1 ))
done

As $1 is badly interpreted the program miss-function.

But why only in the second case in use. ?

Any help is welcome

Chubler_XL · November 5, 2013, 3:15pm

I suspect su -c is expanding the command line have you tried:

exec su "$0" "$CMDLN_ARGS"

Also try set -x in your scripts to assist you with debugging

jcdole · November 6, 2013, 1:29pm

I will try it and give you news as soon as possible.

But Why this piece of code is running halfway ?

Chubler_XL · November 6, 2013, 3:55pm

I suspect that /root/bin/mysql* currently doesn't match any files so the shell is leaving it unexpanded whereas /home/user/bin/files_copy* does match files.

jcdole · November 11, 2013, 5:19pm

Yes that's the reason.
Got it to work with the use of : set -f before the expansion of CMDLN_ARGS

set -f
for PARAM in $1 ; 
do     case $MY_COUNT in         
0)             DIRECTION=$PARAM             ;;         
1)             SOURCE=$PARAM             ;;         
2)             DESTINATION=$PARAM             ;;     
esac     ((MY_COUNT += 1 )) done
set +f