LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices

Reply
 
Search this Thread
Old 04-30-2008, 10:15 AM   #1
slinx
Member
 
Registered: Apr 2008
Location: Cleveland, Ohio
Distribution: SuSE, CentOS, Fedora, Ubuntu
Posts: 106

Rep: Reputation: 23
Question Unexpected curly braces in expect script spawn command & bash suid problem


Hello,

I'm trying to write an expect script that will login to a group of servers, and copy a specified local user's .ssh/id_dsa.pub key to a remote host's .ssh/authorized_keys file.

I have a few problems with this script:

I want the script to be executable by the zabbix group, but I want the script to run as the zabbix user, so it can read ~zabbix/.ssh/id_dsa.pub

I set the script to SUID, but it still only runs as me. The only way I can get the script to see ~zabbix/.ssh is to sudo run the script.

Code:
-rwsrwsr-x 1 zabbix zabbix 760 2008-04-30 10:54 install_authorized_key.sh
Here is the bash code that parses a file of hostnames, user names (root), and passwords:

Code:
#!/bin/bash -x
me=zabbix
MYHOME=~${me}
echo $MYHOME

echo -e "\nI am $me\n"

while read LINE
do
        if [ ${LINE:0:1} != '#' ]; then
                myhost=`echo "$LINE" | awk '{print $1}'`
                myuser=`echo "$LINE" | awk '{print $2}'`
                mypass=`echo "$LINE" | awk '{print $3}'`
                echo "host=$myhost, user=$myuser"

                echo -e "\nCopy .ssh/id_dsa.pub to remote host\n"
                ./scplogin.exp ${myuser} ${mypass} ${myhost} ${MYHOME}/.ssh/id_dsa.pub /tmp
                ./sshlogin.exp ${myuser} ${mypass} ${myhost} 'cat ~/.ssh/authorized_keys >> /tmp/id_dsa.pub'
                ./sshlogin.exp ${myuser} ${mypass} ${myhost} 'uniq /tmp/id_dsa.pub > ~/.ssh/authorized_keys'
        fi
done < Zabbix-Host_and_Pass.txt
The Expect script contained in scplogin.exp:

Code:
#!/usr/bin/expect  --
#exp_internal 1
set user [lrange $argv 0 0]
set password [lrange $argv 1 1]
set ipaddr [lrange $argv 2 2]
set fromcopy [lrange $argv 3 3]
set tocopy [lrange $argv 4 4]

set timeout 30
spawn scp $fromcopy $user@$ipaddr:$tocopy
expect {
 "*yes/no*"
 { send -- "yes\r" }
 "*?assword:*"
 { send -- "$password\r" }
}

expect eof
The Expect script contained in sshlogin.exp:
Code:
#!/usr/bin/expect -f
set user [lrange $argv 0 0] 
set password [lrange $argv 1 1] 
set ipaddr [lrange $argv 2 2]   
set scriptname [lrange $argv 3 3] 
set arg1 [lrange $argv 4 4] 
set arg2 [lrange $argv 5 5] 
set arg3 [lrange $argv 6 6] 
set timeout -1   
# now connect to remote UNIX box (ipaddr) with given script to execute
#spawn ssh $user@$ipaddr $scriptname $arg1 $arg2 $arg3
spawn -noecho ssh $user@$ipaddr "$scriptname $arg1 $arg2 $arg3"
match_max 100000
expect {
 "*yes/no*"
 { send -- "yes\r" }
 "*?assword:*"
 { send -- "$password\r" }
}
# Look for passwod prompt
#expect "*?assword:*"
# Send password aka $password 
#send -- "$password\r"
# send blank line (\r) to make sure we get back to gui
send -- "\r"
expect eof
Now here is the partial output of the code (with -x option in bash).
Where are the extra curly braces { } surrounding my remote commands coming from?
Why am I unable to read the zabbix user's .ssh/id_dsa.pub even when I run the script SUID as root?

Code:
+ ./scplogin.exp root <password> ta999 '~zabbix/.ssh/id_dsa.pub' /tmp
spawn scp ~zabbix/.ssh/id_dsa.pub root@ta999:/tmp
root@ta999's password: 
~zabbix/.ssh/id_dsa.pub: No such file or directory
+ ./sshlogin.exp root <password> ta999 'cat ~/.ssh/authorized_keys >> /tmp/id_dsa.pub'
root@ta999's password: 
bash: line 1: {cat: command not found
+ ./sshlogin.exp root <password> ta999 'uniq /tmp/id_dsa.pub > ~/.ssh/authorized_keys'
root@ta999's password: 
bash: line 1: {uniq: command not found
I need to surround the arguments to sshlogin.exp with ticks to prevent the local shell from expanding variables that should be expanded on the remote host.

Thanks for your help!
 
Old 05-02-2008, 01:47 PM   #2
ta0kira
Senior Member
 
Registered: Sep 2004
Distribution: FreeBSD 9.1, Kubuntu 12.10
Posts: 3,078

Rep: Reputation: Disabled
Scripts never run under suid/sgid for security reasons. It's compiled into the kernel that way. As far as the { problem, you need to put a space after each one so that the shell doesn't take it as part of the command name. You should also precede each } with ; and a space to separate it from the end of the command.
ta0kira
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
bash script--variables have unexpected values on invoking mplayer stairwayoflight Programming 5 07-08-2007 11:17 AM
can expect be called from within a bash script? johnpaulodonnell Programming 4 06-21-2007 09:42 AM
expect -c "spawn ls" Problem ravi.xolve Linux From Scratch 1 05-07-2007 11:10 AM
Combined bash and expect script Paul77 Linux - Software 11 03-08-2007 09:17 AM
CGI script problem: Send/Expect command echo on webpage rajatgarg Programming 2 07-11-2004 04:38 PM


All times are GMT -5. The time now is 10:56 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration