HPE Community
Operating System - HP-UX
1833869 Members
1640 Online
110063 Solutions
New Discussion

Need help with startup scripts that shouldnt be run as root?

 
SOLVED
Go to solution
RedLetter
Advisor

‎01-17-2003 07:45 AM

‎01-17-2003 07:45 AM

Need help with startup scripts that shouldnt be run as root?

We have a couple of startup scripts that shouldnt run as root. The scripts were developed using the "su" string, which seems to work great via command line, but is very unreliable during a system boot. This is an example of the string used in the start function of a startup script:
su - patrol -c "/opt/patrol/PATROL3.3/PatrolAgent" > /tmp/patrol.startup

I am sure there is more than one way to approach this requirement, does anyone know the best way?
Thanks,
Wondeful, never had it so good...
0 Kudos
Reply
7 REPLIES 7
Jochen Heuer
Respected Contributor

‎01-17-2003 07:47 AM

‎01-17-2003 07:47 AM

Solution

Re: Need help with startup scripts that shouldnt be run as root?

Hi,

maybe PatrolAgent requires STDIN to be attached to a typewriter? Try to redirect /dev/console to STDIN:

su - patrol -c "/opt/patrol/PATROL3.3/PatrolAgent" > /tmp/patrol.startup < /dev/console

Regards,

Jochen
Well, yeah ... I suppose there's no point in getting greedy, is there?
Reply
Ken Hubnik_2
Honored Contributor

‎01-17-2003 07:48 AM

‎01-17-2003 07:48 AM

Re: Need help with startup scripts that shouldnt be run as root?

This should work fine. What realiability issues are you having?
Reply
RedLetter
Advisor

‎01-17-2003 07:54 AM

‎01-17-2003 07:54 AM

Re: Need help with startup scripts that shouldnt be run as root?

Sometimes during the boot Patrol would starts as anticipated, other times it does not start. Nothing interesting in any logs except that the rc.log mentions "its not a typewriter".
Wondeful, never had it so good...
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

‎01-17-2003 07:57 AM

‎01-17-2003 07:57 AM

Re: Need help with startup scripts that shouldnt be run as root?

You fundamental problem is the
su - patrol -c .... as opposed to su patrol -c .... .
I know that you want to source patrol's .profile to set environment vars BUT that's your problem. There are almost certainly commands like tset and tabs which extect to be talking to a tty device (e.g. a terminal) which you now ain't.

The best way to do this is to create a file (e.g. /usr/local/bin/patrol_src.sh) that sets and exports these variables BUT does not contain an exit or return statement.

Now both patrol's .profile AND your rc script should source this same file via
. /usr/local/bin/patrol_src.sh

That way the vars are set in one place and you avoid the interactive command problems.

The other way to do this is use the "-" but surround all the interactive commands in .profile with
if [ -t 0 ]
then
stty ..
tset ..
fi

so that only in stdin is a tty device will the commands be executed.

I prefer the former method.
If it ain't broke, I can fix that.
Reply
Jochen Heuer
Respected Contributor

‎01-17-2003 07:58 AM

‎01-17-2003 07:58 AM

Re: Need help with startup scripts that shouldnt be run as root?

Hi,

another issue might be placement of the "-signs. Try

su - patrol -c "/opt/patrol/PATROL3.3/PatrolAgent /dev/console >/tmp/patrol.startup 2>&1"

The 2>&1 redirects STDERR also ...

Regards,

Jochen
Well, yeah ... I suppose there's no point in getting greedy, is there?
Reply
Chris Wilshaw
Honored Contributor

‎01-17-2003 08:02 AM

‎01-17-2003 08:02 AM

Re: Need help with startup scripts that shouldnt be run as root?

I also use Patrol (albeit an older version).

/sbin/init.d/patrol contains

PATH=/usr/sbin:/usr/bin:/sbin
export PATH
rval=0

set_return() {
x=$?
if [ $x -ne 0 ]; then
echo "EXIT CODE: $x"
rval=1 # script FAILed
fi
}

killproc() {
pid=`ps -e | awk '$NF~/'"$1"'/ {print $1}'`
if [ "X$pid" != "X" ]; then
if kill "$pid"; then
echo "$1 stopped"
else
rval=1
echo "Unable to stop $1"
fi
fi
}


case $1 in
'start_msg')
# Emit a _short_ message relating to running this script with
# the "start" argument; this message appears as part of the checklist.
echo "Starting Patrol"
;;

'stop_msg')
# Emit a _short_ message relating to running this script with
# the "stop" argument; this message appears as part of the checklist.
echo "Stopping Patrol"
;;

'start')

# source the system configuration variables
if [ -f /etc/rc.config ] ; then
. /etc/rc.config
else
echo "ERROR: /etc/rc.config defaults file MISSING"
fi

# Check to see if this script is allowed to run...
if [ "$START_PATROL" != 1 ]; then
rval=2
else

# Execute the commands to start your subsystem
/opt/patrol/3.2/startup_patrol.sh 2>&1
set_return
fi
;;

'stop')
# source the system configuration variables
if [ -f /etc/rc.config ] ; then
. /etc/rc.config
else
echo "ERROR: /etc/rc.config defaults file MISSING"
fi

# Check to see if this script is allowed to run...
if [ "$CONTROL_VARIABLE" != 1 ]; then
rval=2
else
# Execute the commands to stop your subsystem
echo "Ending Patrol"
fi
;;

*)
echo "usage: $0 {start|stop|start_msg|stop_msg}"
rval=1
;;
esac

exit $rval


The startup_patrol.sh script that is called contains

echo "Starting Patrol.."
cd /opt/patrol/3.2
echo "Starting Patrol" >> /tmp/patlog
date >> /tmp/patlog
nohup ./PatrolAgent >> /tmp/patlog 2>&1

Due to the config of the patrol installation on the boxes, the PatrolAgent process runs owned by the patrol ID.

On my installation, this is controlled by the scripts

~patrol/set_default_account.sh
~patrol/configure
Reply
RedLetter
Advisor

‎01-17-2003 08:36 AM

‎01-17-2003 08:36 AM

Re: Need help with startup scripts that shouldnt be run as root?

Thanks for all the help.. This saved me tons of work, trying to reinvent the wheel.
Wondeful, never had it so good...
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.