for changing the umask setting , i had created the puppet script which insert the line "umask 0027" in the file "/etc/profile" , but it doesn't show the umask value as 0027, when we echo the umask. but when we relogin then it show the value 0027. so it take effect only after relogin.
but we want the immediate effect of the change without relogin , so we added one more line to my puppet script as "source /etc/profile" but it doesnot work and gave the error as below
'source /etc/profile' is not qualified and no path was specified. Please qualify the command or specify a path.
Could somebody help me on this issue ?
my puppet file looks like below
exec {"modify-umask-entry":
command => "sed -i 's/umask [0-9]\{3,\}/umask 027/g' /etc/profile",
path => "/bin:/usr/bin/",
}
exec { "/bin/echo 'umask 027' >> '/etc/profile'":
unless => "/bin/grep -Fx 'umask[\t][0-9]{3}' '/etc/profile'",
# onlyif => "/bin/grep -i 'umask[ \t][0-9]{3}' /etc/profile | wc -w",
}
exec {"seeting_new_umask":
command => "source /etc/profile",
}
Related
I am aware that we can specify the option -e during the run command to set environment variables in a docker. This only sets the PATH for the root user. Let us say if I have another user called admin and want to set the environment variables for that user as well, how can I achieve that?
This is the command I tried to set environment variables.
docker run -t -d -v /usr/hdp:/usr/hdp -v /usr/lib/jvm/:/usr/lib/jvm/ -e JAVA_HOME="${java_home}" -e HADOOP_HOME="${hadoop_home}" -e PATH=$PATH:$JAVA_HOME/bin -e PATH=$PATH:$HADOOP_HOME/bin gtimage
This only sets the PATH under root user but not for my admin user which a software that I installed during docker build has created.
I don't have a perfect solution for my question above but I tried something like below to login as user and set environment variables for that user. I don't recommend the below way unless you could not find a solution for your problem. Please let me know if you find a better approach than this
docker exec $containervalue bash -c 'env | grep PATH >> temp && chmod 775 temp && mv temp /opt/nagios'
docker exec --user ngadmin $containervalue bash -c 'cat ~/temp >> ~/.bashrc && source ~/.bashrc'
I am creating a group named jboss in puppet and then using exec to run a sed command to make some changes in /etc/group file afterwards.
The problem is that the exec command is running before the group command.
My Yaml file
group { 'jboss':
ensure => 'present',
gid => "501",
}
exec { "modify etc_group":
command => "/bin/sed -i -e '<regex>' /etc/group",
path => "/bin:/usr/bin",
unless => "<condition>",
}
Puppet run output
notice: /Stage[main]/App::Misc/Exec[modify etc_group]/returns: current_value notrun, should be 0 (noop)
notice: /Stage[main]/App::Misc/Group[jboss]/ensure: current_value absent, should be present (noop)
How to make sure that the exec runs after the group command?
Simply just define relationship between group and exec.
E.g:
exec { "modify etc_group":
command => "/bin/sed -i -e '<regex>' /etc/group",
path => "/bin:/usr/bin",
unless => "<condition>",
require => Group['jboss'],
}
More about relationships in puppet here.
I have this script:
#!/bin/bash
VAR="eric.sql"
sudo mysqldump -c -u username -p1234 dbname > $VAR
But if i run this script I get this error:
: Protocol error 3: mysql-export.sh: cannot create eric.sql
But if I don't use the variable, but just this:
#!/bin/bash
VAR="eric.sql"
sudo mysqldump -c -u username -p1234 dbname > eric.sql
... it is working well. What do I wrong?
The problem was that the script had Windows style line breaks (I used notepad). After I used Nano the write the script it was solved.
Thanks for the answers!
sudo can change $PATH variable, depend on your security policy.
-E The -E (preserve environment) option will override the env_reset
option in sudoers(5)). It is only available when either the match-
ing command has the SETENV tag or the setenv option is set in sudo-
ers(5).
You could add the full path of the file, or remove sudo in that script.
This should also work:
sudo PATH="$PATH" mysqldump -c -u username -p1234 dbname > $VAR
How can I check if a specific user with no shell assigned can write or read a file ?
As an example we can use apache user... is there any option in touch or any other commands?
Thanks
The "test" command is designed for this use case.
sudo -u otheruser test -r /path/to/file
will return 0 if otheruser can read the file, or 1 if otheruser cannot read the file. You can run test -r /path/to/file; echo "$?" to view the return code of the test command.
Use test -w to test for write permission and test -x to test for execute permission.
Test Read Permission
Attempt to read the beginning of the file and discard the normal output. You can then look for an empty string (success) or a "Permission denied" message (you can also check for other error messages such as "No such file or directory"). For example:
head -1 /path/to/file 2>&1 > /dev/null | grep 'Permission denied'
Test Write Permission
Use the touch command with the -c (--no-create) option. Combine stdout and stderr and again search for an empty string (success) or an error:
touch -c /path/to/file 2>&1 | grep 'Permission denied'
If you're explicitly testing write access of a directory, be sure to test the directory and not a file contained within, since with the -c option, there's no error condition if the file doesn't exist even in a directory you don't have write access to:
From Wikipedia: touch (Unix)
-c, if the file does not exist, do not create it and do not report this condition
Test As Specific User
The final piece of the puzzle is how to check this as a different user. As root execute the test command as the desired user with "sudo -u [username] [command]" so using your suggested user:
sudo -u apache touch -c /path/to/file 2>&1
Let's say I want to run some command as system user (no shell):
su -s /bin/bash -c "some_command $TEST" my_system_user
How di I pass $TEST variable to user?
I have the variable configured for all users in /etc/profile.d/my_vars.sh
export TEST=test_arg
But that doesn't get loaded for the above scenario...
I have tried with no luck:
-m (--preserve-environment)
First, I tried to create such a file as /etc/profile.d/my_vars.sh and I put a test variable in the file. I can see the value of the variable, no matter I run command as whoever. I've also tried to set a variable on-the-fly with the following code, it works on my centos:
unset A_VAR; export A_VAR=foo
su -s /bin/bash -c "echo val=$A_VAR" my_system_user
> val=foo
unset A_VAR
An alternative solution if it does not work for you, you can consider of playing a ssh trick.
unset A_VAR; export A_VAR=foo
ssh -o SendEnv my_system_user#localhost "echo val=$A_VAR"
> val=foo
unset A_VAR
That's weird. It seems to work for me. I can do:
$ export TEST="hello"
$ su -s /bin/bash -c "echo $TEST"
password:
hello
...I guess I'm missing something about the question.