Need some expert advise on running scripts.

pinga123 · February 19, 2012, 11:20pm

We have couple of scripts made for our environment (which is Oracle Virtulisation ) .

Each script is assigned a different task .
Some of the scripts are meant to run on centralized server for monitoring other Servers resource utilization such as CPU,Storage.

While some are meant to run on Server for getting server specific jobs.

Almost all scripts run using root credentials.

The script which takes output from other servers .
I have used ssh password less login using rsa keygen generated for root.

have below queries regarding the environment.
1)Will it be a good idea to make a rpm out of those scripts and maintain a version control.

2)How do i avoid root usage ?
As the environment is build on xen virtual technology and most commands only run using root.

3)Is there any other way of doing it?

botao · February 27, 2012, 8:05pm

here you are:

1)Will it be a good idea to make a rpm out of those scripts and maintain a version control.

yes - packaging and centralizing software development is always a good idea.
in your case, it only makes sense if the whole set of scripts will be deployed to all machines considered.
otherwise you will have to group your scripts into functional units, and each one of those will then be named a different 'rpm'.

2)How do i avoid root usage ?

if you don't need to use O.S.-administrative commands (eg. `passwd'), then you have no need for root privileges ;
although you will have to make sure the proper access modes fit the effective UID selected to replace the root login ;

As the environment is build on xen virtual technology and most commands only run using root.

the choice of virtualization infrastructure does not seem to impose any restriction to your scenario.

3)Is there any other way of doing it?

this question requires elaboration ... but in any case remember the perl motto : "there's more than one way to do it" ;

HTH
_________________________________________
alexandre botao ( progsmith, polymath, ideator )
"comets never dodge".

Chubler_XL · February 27, 2012, 8:19pm

Many resource utilization tools require at least read access to system files (like /dev/kmem) and as such must be run with root privileges.

It would probably be best to run the core script/program as a unprivileged user and escalate to root access only when its needed (sudo is a great tool for this).

pinga123 · March 2, 2012, 6:39am

I get many permission denied errors as i have below line in the script.

find / -name *.img*

How shall i add it in /etc/sudoer file so that i shall not be getting permission denied error?

thmnetwork · March 2, 2012, 5:09pm

general format of the sudoers file is something like:

For example:

botao · March 5, 2012, 4:59pm

if you got 'permission denied' messages while doing a

$ find / ...whatever...

as an unprivileged user - then your system is at least well-behaved (it would be a sad surprise otherwise) ...

when you descend all the way down from the top (that is - "/") , it's only natural that you stumble upon some unreadable directories ... that's the whole idea ;
if you really want to scan you entire system without the the hassle, then you need to run this kind of `find' as root ;
and BTW - the sudoers file can only be of help to you if you set up your 'unprivileged' user to run `find' as root ;

HTH

good luck, and success !
_______________________________________
alexandre botao (progsmith, polymath, ideator)
"comets never dodge"

Chubler_XL · March 6, 2012, 9:22pm

I'd avoid opening up /bin/find to execute as root from an unprivleged account. Find can, thru the --exec option, run other commands which will also be run as root.

Your best bet here is to create a script eg /usr/local/bin/find_img_files with 600 access and root owner:

#!/bin/sh
/usr/bin/find / -name "*.img" -type f -print

And allow only this script to be run as root by the "unpriv" user:

unpriv ALL=(root) NOPASSWD: /usr/local/bin/find_img_files