Running unix shell script from remote java app

[mwmann]

Hi everyone,

My problem is, A have created a simple tool to run a shell scipt
located on a remote unix server via a ssh2 session (using ganymed-ssh2
library).

The output from this script when run from my java tool differs to the
output when the shell script is run directly on the server, some of the
output is not displayed, it seems so far that output generated in
functions contained in the shell script, or generated in loops in the
shell script are not displayed when run from my java tool.

As an attempted work around I created a wrapper sell script which was
suppossed to redirect the out put from the script into a tmp file, and
the java task read directly from that file- The strange thing is that,
I get the same problem, when I run the wrapper from unix, correct
output in tmp file is generated, when I run the warpper from my java
tool, not all output is generated in tmp file.

This seems like really strange behaviour to me, as anyone experienced
something like this before?

Basically the reason for the tool , is that we can not allow certain
junior employees to log onto client machines, however we need them to
be able to run certain scripts already located on the server. -


Any help or ideas would be greatly appreciated.

 

[Gordon Beaton]

I get the same problem, when I run the wrapper from unix, correct
output in tmp file is generated, when I run the warpper from my java
tool, not all output is generated in tmp file.

One or more of the commands in the script are testing whether they are
running in a terminal, and adjusting their output accordingly. This
isn't entirely uncommon behaviour. Perhaps there are flags to tell
them not to do so, or flags you can pass to your ssh library to force
it to create a psuedo-tty for the remote process.

/gordon

 

[hiwa]

mwmann ã®ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸:

Hi everyone,

My problem is, A have created a simple tool to run a shell scipt
located on a remote unix server via a ssh2 session (using ganymed-ssh2
library).

The output from this script when run from my java tool differs to the
output when the shell script is run directly on the server, some of the
output is not displayed, it seems so far that output generated in
functions contained in the shell script, or generated in loops in the
shell script are not displayed when run from my java tool.

As an attempted work around I created a wrapper sell script which was
suppossed to redirect the out put from the script into a tmp file, and
the java task read directly from that file- The strange thing is that,
I get the same problem, when I run the wrapper from unix, correct
output in tmp file is generated, when I run the warpper from my java
tool, not all output is generated in tmp file.

This seems like really strange behaviour to me, as anyone experienced
something like this before?

Basically the reason for the tool , is that we can not allow certain
junior employees to log onto client machines, however we need them to
be able to run certain scripts already located on the server. -


Any help or ideas would be greatly appreciated.

when I run the warpper from my java tool

What Java tool is it? What bug does it have?
Post a small demo code that is generally compilable, runnable and could
reproduce your problem. See:
http://homepage1.nifty.com/algafield/sscce.html

 

[David Zimmerman]

Hi everyone,

My problem is, A have created a simple tool to run a shell scipt
located on a remote unix server via a ssh2 session (using ganymed-ssh2
library).

The output from this script when run from my java tool differs to the
output when the shell script is run directly on the server, some of the
output is not displayed, it seems so far that output generated in
functions contained in the shell script, or generated in loops in the
shell script are not displayed when run from my java tool.

Are you collecting stderr output? The difference may be missing stderr.

 

[Mark Space]

One or more of the commands in the script are testing whether they are
running in a terminal, and adjusting their output accordingly. This
isn't entirely uncommon behaviour. Perhaps there are flags to tell
them not to do so, or flags you can pass to your ssh library to force
it to create a psuedo-tty for the remote process.

/gordon

Probably the correct answer there by gordon.

Something else to consider: If all you are trying to do is to secure
your system against user access, just make new accounts for the junior
technicians on the machine in question. Give the accounts, like, no
privileges at all. Then write some wrapper scrips for the commands to
be executed, and drop the wrappers in a new directory like /bin/junior.
Give the newbie techs x access to /bin/junior and you're done.

Not automated, but secure. you might want to do this anyway, as the
java program you are writing could be a security hole too. You're just
kind of obfuscating the problem by using a program, not really closing
the hole. I mean someone could de-compile the Java program to get any
passwords or certificates you use inside, right?

 

[mwmann]

Probably the correct answer there by gordon.

Something else to consider: If all you are trying to do is to secure
your system against user access, just make new accounts for the junior
technicians on the machine in question. Give the accounts, like, no
privileges at all. Then write some wrapper scrips for the commands to
be executed, and drop the wrappers in a new directory like /bin/junior.
Give the newbie techs x access to /bin/junior and you're done.

Not automated, but secure. you might want to do this anyway, as the
java program you are writing could be a security hole too. You're just
kind of obfuscating the problem by using a program, not really closing
the hole. I mean someone could de-compile the Java program to get any
passwords or certificates you use inside, right?

Hey Guys

Thanks for the responses, unfortunately they have not guided me in
solving the problem.
Firstly, a bit of background:

The reason for the the java app is 2 fold, the unix box is a clients
machine, and we are not able to create or get them to create individual
user accounts, we have one (powerfull) user account for the company.

This particular app was built to basically run a script which generates
a report of errors, runtimes etc, of a clients overnight batch run.

So this java app will also be used to automatically schedule/generate
this report.


AFTER FUTHER INVESTIGATION:

The problem/reason for not all information been displayed is that no
unix environment variables are not been set up as they are when one
manually logs on.

The result is that the script output differs when running direcly from
unix sesion as opposed to running script via my java app because the
script is not looking in the correct places to get the required
information.

Now please bear in mind I am a java programmer not a unix techi, so my
unix knowledge is not to great, however I have changed the script to
force setting up environment by calling the relevant scripts - this
helps somewhat - but still have a strange problem.

The enviroment var eg $LOG_PATH is been set up correctly, I know this
because i added debug messages which echo this path. - however when the
script runs a ls or cat on files in this path, it is not using the
correct value for that Variable.

As a work around I can explictly set LOG_PATH = /app/ds/home/log, but
that means one would need to maintain this script should the environent
var paths change, which is a problem which adds unnedded overhead.

Not giving up on this, even if I have a work around- so any input would
still be appreciated

 

[Gordon Beaton]

The problem/reason for not all information been displayed is that no
unix environment variables are not been set up as they are when one
manually logs on.

Which makes this a Unix issue, not a Java issue (much less a Java
programming issue).

The shell on the remote machine handles interactive login sessions
different from non-interactive or non-login sessions, and sources
different files accordingly, which usually results in a different
environment. If the remote shell is bash, perhaps sourcing .bashrc
from .bash_profile will solve the problem, assuming your environment
settings are in .bashrc.

You can find out much more if you type "info bash" and look under
"bash features" then "bash startup files".

/gordon

 

[Martin Gregorie]

>
The reason for the the java app is 2 fold, the unix box is a clients
machine, and we are not able to create or get them to create individual
user accounts, we have one (powerfull) user account for the company.

This particular app was built to basically run a script which generates
a report of errors, runtimes etc, of a clients overnight batch run.

Why not automatically run the script, either as the final task in the
overnight run or later as a cron job, and have it e-mail you the report?

Making a script send e-mail is easy and by doing it that way you don't
have to worry about giving the juniors access to the client system OR
about them forgetting to create the report.

If you're worried about security, it should be easy enough to encrypt
the report and attach it to the e-mail.

So this java app will also be used to automatically schedule/generate
this report.

*nixes already have a scheduler (see above), so why reinvent that
particular wheel. You have a choice of scheduler: cron for jobs that
always run at the scheduled interval and "at", that a process can use to
schedule a following job.

 

[mwmann]

Thanks everyone for you help, after sitting down and fighting my was
through unix scripts and unix shell tutorials, - and a lot of input
from a co-worker (with plenty unix skillls) - The problem is solved.

The following lines were added to the ksh script which sets up
everything I needed. (Sorry. had to Add XXXXX for confidentiallity
purposes)


.. /etc/profile
XX_HOME=/app/xxx/product/2.6
XXXXXX_BASE=/app/xxxx
MMO_HOME=/app/xx/xxxx/2.6
.. ${XX_HOME}/bin/shell_profile
.. /app/xxxx/product/2.6/src/scripts/xxxenv prd ds
.. ${MMO_HOME}/bin/mmo-env


Martin: I have thought about scheduling the report to run automatically
- on batch completion), and as a cronjob- Client restriction will not
allow us to add a cron job.
The the java app will be used to run many scripts in the near future as
his responsibilities increase, not necessarily only the report, which
is why I dont want to just schedule it the batch, at certain times the
report may also be needed to run Ad-hoc.

Thanks again everyone.

Cheers
Mike