cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
BookmarkSubscribeRSS Feed
🔒 This topic is solved and locked. Need further help from the community? Please sign in and ask a new question.
FK1
Lapis Lazuli | Level 10 FK1
Lapis Lazuli | Level 10
Go to Solution

Multiple Shell Instances for multiple OS commands with filename and pipe option?

Posted 06-02-2021 05:13 AM (686 views)

Hello Everyone,

 

I want to execute multiple OS commands out of my EG Session, using the OS root-User. Having found this wonderful Filename pipe  approach, I generated this code:

 

 

    %LET l_rm_cmd = %nrbquote(%str(sudo su -; whoami ; rm -f /home/enp2sas/mh.w.jum0080.01 /home/enp2sas/ok.jum0080.01;echo STATUS=$?;));
    %PUT &=l_rm_cmd;

    filename oscmd pipe "&l_rm_cmd ";

    %let SYsrc=0;
    %put INFO: &=SYSRC;
    data _null_ ;
       infile oscmd;
       input @;
       put _infile_;
       if _infile_ eq: 'STATUS' then do;
          input status=;
          putlog 'INFO: ' status=;
          call symputx('SYSRC',status);
          end;
       run;
    %put INFO: &=SYSRC;

 

 

This is the corresponding Log:

NOTE: The infile OSCMD is:
      Pipe command="sudo su -; whoami ; rm -f /home/enp2sas/mh.w.jum0080.01 /home/enp2sas/ok.jum0080.01;echo STATUS=$?; "

[YOU HAVE NEW MAIL]

sas
rm: 0653-609 Cannot remove /home/enp2sas/mh.w.jum0080.01.
The file access permissions do not allow the specified action.
rm: 0653-609 Cannot remove /home/enp2sas/ok.jum0080.01.
The file access permissions do not allow the specified action.
STATUS=2
INFO: status=2

 

In the "background" my EG Userprofile is "mapped" to the OS user "sas", therefore, the Log of this code shows me as a result of the OS "whoami" command that the OS commands are executed with the User "sas". I was expecting "root" however, as my first command is "sudo su -".

 

Are these chained commands executed in multiple (KORN) shells, so that the second OS command (i.e. "whoami") is being executed in a different shell, than the "sudo su -" command in front of it?

 

The reason, why I need to change, is exactly the two error message of the "rm" command, as the "sas" User does not have the neccessary privileges to remove the two files.

 

What confuses me even more is, that the execution of these commands directly in a shell with the User "sas" is working fine, without any errors.

 

Can someone explain to me what the difference is between executing OS commands from within EG versus directly in a shell?

Why is it not possible to sudo su to root from within a EG session?

 

0 Likes
1 ACCEPTED SOLUTION

Accepted Solutions
Kurt_Bremser
Super User Kurt_Bremser
Super User

Re: Multiple Shell Instances for multiple OS commands with filename and pipe option?

Posted 06-02-2021 08:24 AM (638 views)  |   In reply to FK1

I see what happens.

sudo su -

starts a new shell which would wait for input, but since the input stream is not present, it immediately terminates, which also terminates the sudo. After that, the original shell takes over and executes the following commands.

To do a series of commands as another user, you need to hand those over as a single string like shown here: https://www.cyberciti.biz/faq/how-to-run-multiple-commands-in-sudo-under-linux-or-unix/ 

 

Your sudo setup is EXTREMELY DANGEROUS, and in any safety-conscious organisation this would get you fired. Not just fired from, but fired at.

Not only do you effectively make sas a root user, but on top (since this seems to be a shared userid), anybody can do anything to your server.

Always create a specific script for a specific task, and let the user elevate his permissions for explicitly that script only. Otherwise someone will run

sudo -u root -c "rm -rf /*"

from SAS, and you can kiss your server goodbye. And as a consequence, your professional behind also.

Maxims of Maximally Efficient SAS Programmers
How to convert datasets to data steps
The macro for direct download as ZIP
How to post code
Please vote for Provide Sequential Search Capability for Hash Objects
How to deal with locked files on UNIX

View solution in original post

4 REPLIES 4
FK1
Lapis Lazuli | Level 10 FK1
Lapis Lazuli | Level 10

Re: Multiple Shell Instances for multiple OS commands with filename and pipe option?

Posted 06-02-2021 08:01 AM (646 views)  |   In reply to Kurt_Bremser

@Kurt_Bremser : sas      ALL=(ALL) NOPASSWD:ALL

0 Likes
Kurt_Bremser
Super User Kurt_Bremser
Super User

Re: Multiple Shell Instances for multiple OS commands with filename and pipe option?

Posted 06-02-2021 08:24 AM (639 views)  |   In reply to FK1

I see what happens.

sudo su -

starts a new shell which would wait for input, but since the input stream is not present, it immediately terminates, which also terminates the sudo. After that, the original shell takes over and executes the following commands.

To do a series of commands as another user, you need to hand those over as a single string like shown here: https://www.cyberciti.biz/faq/how-to-run-multiple-commands-in-sudo-under-linux-or-unix/ 

 

Your sudo setup is EXTREMELY DANGEROUS, and in any safety-conscious organisation this would get you fired. Not just fired from, but fired at.

Not only do you effectively make sas a root user, but on top (since this seems to be a shared userid), anybody can do anything to your server.

Always create a specific script for a specific task, and let the user elevate his permissions for explicitly that script only. Otherwise someone will run

sudo -u root -c "rm -rf /*"

from SAS, and you can kiss your server goodbye. And as a consequence, your professional behind also.

Maxims of Maximally Efficient SAS Programmers
How to convert datasets to data steps
The macro for direct download as ZIP
How to post code
Please vote for Provide Sequential Search Capability for Hash Objects
How to deal with locked files on UNIX
FK1
Lapis Lazuli | Level 10 FK1
Lapis Lazuli | Level 10

Re: Multiple Shell Instances for multiple OS commands with filename and pipe option?

Posted 06-02-2021 10:27 AM (623 views)  |   In reply to Kurt_Bremser

@Kurt_Bremser :

Kurt, I really like the way you put terrible information into nicely wrapped sentences!

I will inform our server admin of this setup, so he can develop a solution, in order for him not to get his "professional behind" kissed goodbye 🙂

 

Purely technical speaking, though, it works fine 🙂 Thank you for the link!

 

 

0 Likes

Ready to join fellow brilliant minds for the SAS Hackathon?

Build your skills. Make connections. Enjoy creative freedom. Maybe change the world. Registration is now open through August 30th. Visit the SAS Hackathon homepage.

Register today!
How to Concatenate Values

Learn how use the CAT functions in SAS to join values from multiple variables into a single value.

Watch How to Concatenate Values on YouTube

Find more tutorials on the SAS Users YouTube channel.

Click image to register for webinarClick image to register for webinar

Classroom Training Available!

Select SAS Training centers are offering in-person courses. View upcoming courses for:

View all other training opportunities.

Discussion stats
  • 4 replies
  • ‎06-02-2021 05:13 AM
  • 687 views
  • 2 likes
  • 2 in conversation