Share your knowledge at the LQ Wiki.
Go Back > Forums > Non-*NIX Forums > Programming
User Name
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.


  Search this Thread
Old 04-30-2008, 10:15 AM   #1
Registered: Apr 2008
Location: Cleveland, Ohio
Distribution: SuSE, CentOS, Fedora, Ubuntu
Posts: 106

Rep: Reputation: 23
Question Unexpected curly braces in expect script spawn command & bash suid problem


I'm trying to write an expect script that will login to a group of servers, and copy a specified local user's .ssh/ key to a remote host's .ssh/authorized_keys file.

I have a few problems with this script:

I want the script to be executable by the zabbix group, but I want the script to run as the zabbix user, so it can read ~zabbix/.ssh/

I set the script to SUID, but it still only runs as me. The only way I can get the script to see ~zabbix/.ssh is to sudo run the script.

-rwsrwsr-x 1 zabbix zabbix 760 2008-04-30 10:54
Here is the bash code that parses a file of hostnames, user names (root), and passwords:

#!/bin/bash -x
echo $MYHOME

echo -e "\nI am $me\n"

while read LINE
        if [ ${LINE:0:1} != '#' ]; then
                myhost=`echo "$LINE" | awk '{print $1}'`
                myuser=`echo "$LINE" | awk '{print $2}'`
                mypass=`echo "$LINE" | awk '{print $3}'`
                echo "host=$myhost, user=$myuser"

                echo -e "\nCopy .ssh/ to remote host\n"
                ./scplogin.exp ${myuser} ${mypass} ${myhost} ${MYHOME}/.ssh/ /tmp
                ./sshlogin.exp ${myuser} ${mypass} ${myhost} 'cat ~/.ssh/authorized_keys >> /tmp/'
                ./sshlogin.exp ${myuser} ${mypass} ${myhost} 'uniq /tmp/ > ~/.ssh/authorized_keys'
done < Zabbix-Host_and_Pass.txt
The Expect script contained in scplogin.exp:

#!/usr/bin/expect  --
#exp_internal 1
set user [lrange $argv 0 0]
set password [lrange $argv 1 1]
set ipaddr [lrange $argv 2 2]
set fromcopy [lrange $argv 3 3]
set tocopy [lrange $argv 4 4]

set timeout 30
spawn scp $fromcopy $user@$ipaddr:$tocopy
expect {
 { send -- "yes\r" }
 { send -- "$password\r" }

expect eof
The Expect script contained in sshlogin.exp:
#!/usr/bin/expect -f
set user [lrange $argv 0 0] 
set password [lrange $argv 1 1] 
set ipaddr [lrange $argv 2 2]   
set scriptname [lrange $argv 3 3] 
set arg1 [lrange $argv 4 4] 
set arg2 [lrange $argv 5 5] 
set arg3 [lrange $argv 6 6] 
set timeout -1   
# now connect to remote UNIX box (ipaddr) with given script to execute
#spawn ssh $user@$ipaddr $scriptname $arg1 $arg2 $arg3
spawn -noecho ssh $user@$ipaddr "$scriptname $arg1 $arg2 $arg3"
match_max 100000
expect {
 { send -- "yes\r" }
 { send -- "$password\r" }
# Look for passwod prompt
#expect "*?assword:*"
# Send password aka $password 
#send -- "$password\r"
# send blank line (\r) to make sure we get back to gui
send -- "\r"
expect eof
Now here is the partial output of the code (with -x option in bash).
Where are the extra curly braces { } surrounding my remote commands coming from?
Why am I unable to read the zabbix user's .ssh/ even when I run the script SUID as root?

+ ./scplogin.exp root <password> ta999 '~zabbix/.ssh/' /tmp
spawn scp ~zabbix/.ssh/ root@ta999:/tmp
root@ta999's password: 
~zabbix/.ssh/ No such file or directory
+ ./sshlogin.exp root <password> ta999 'cat ~/.ssh/authorized_keys >> /tmp/'
root@ta999's password: 
bash: line 1: {cat: command not found
+ ./sshlogin.exp root <password> ta999 'uniq /tmp/ > ~/.ssh/authorized_keys'
root@ta999's password: 
bash: line 1: {uniq: command not found
I need to surround the arguments to sshlogin.exp with ticks to prevent the local shell from expanding variables that should be expanded on the remote host.

Thanks for your help!
Old 05-02-2008, 01:47 PM   #2
Senior Member
Registered: Sep 2004
Distribution: FreeBSD 9.1, Kubuntu 12.10
Posts: 3,078

Rep: Reputation: Disabled
Scripts never run under suid/sgid for security reasons. It's compiled into the kernel that way. As far as the { problem, you need to put a space after each one so that the shell doesn't take it as part of the command name. You should also precede each } with ; and a space to separate it from the end of the command.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
bash script--variables have unexpected values on invoking mplayer stairwayoflight Programming 5 07-08-2007 11:17 AM
can expect be called from within a bash script? johnpaulodonnell Programming 4 06-21-2007 09:42 AM
expect -c "spawn ls" Problem ravi.xolve Linux From Scratch 1 05-07-2007 11:10 AM
Combined bash and expect script Paul77 Linux - Software 11 03-08-2007 09:17 AM
CGI script problem: Send/Expect command echo on webpage rajatgarg Programming 2 07-11-2004 04:38 PM > Forums > Non-*NIX Forums > Programming

All times are GMT -5. The time now is 09:01 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration