× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. April 2024

RE: Modify a script to allow any user to run the command

Thank you very much Rob. Will do some more research on your suggestion.

-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of Rob Berendt
Sent: Friday, April 5, 2024 5:03 AM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: Re: Modify a script to allow any user to run the command

External eMail: Do not open attachments or click on links unless you expected to receive them from a trusted sender.


I am not a script person. But the general concept of most IBM i type stuff, especially when dealing with IFS stuff, is to use the profile switch APIs. Basically you call one of the APIs at the following to switch to a profile who has the necessary authority. When completed, you call another API to switch back. Now if "any user" does not have authority to this other profile (it's likely they do not) then you you need to call this script from something which "adopts" authority. So you have both adopted authority and a profile switch. Just using adopted authority without profile switching is not effective when dealing with the IFS.

Need more details?

https://urldefense.com/v3/__https://www.ibm.com/docs/en/i/7.5?topic=programs-example-using-profile-handles__;!!Fat92My4sJ5u0kQe!0TReSD6I4x_zz-hrNT7aqwCn1jV9w5jKVD2TjeD5_45NZvFwyNvjr80h0T8k7TldynbsnOPXC0KueJewyNmQ8pc36LRmuk2y$

On Thu, Apr 4, 2024 at 2:36 PM Reggie Monroe via MIDRANGE-L < midrange-l@xxxxxxxxxxxxxxxxxx> wrote:

Hi,
We would like to modify this script/job. We would like to for
anyuser/ID/person to be able to run the command START_AGENT_CMD. We
have tried modifying but I have not been successful yet. Would anyone
happen to have an idea on what needs to be changed? Thank you.


#!/bin/sh
#
# tebctl Start up the Common Platform Agent # # chkconfig: 2345 99 01
# description: Common Platform Agent # # processname: agent

### BEGIN INIT INFO
# Provides: tebctl-tws_cpa_agent_qmaestro2 # Required-Start:
# Required-Stop:
# Should-Start:
# Should-Stop:
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Common Platform Agent tebctl-tws_cpa_agent_qmaestro2
# Description: IBM Tivoli Endpoint Management Infrastructure agent
tebctl-tws_cpa_agent_qmaestro2
### END INIT INFO

# Copyright (c) 2009 IBM
# All rights reserved.

PATH=/sbin:/usr/sbin:/usr/bin:$PATH
export PATH
OSName=`uname`

case $OSName in
SunOS)
PATH=/usr/xpg4/bin:$PATH
export PATH
;;
esac

TEBHOME=/maestro/TWS/IBM_I/TWS/ITA/cpa
TEBCFGHOME=/maestro/TWS/IBM_I/TWSDATA/ITA/cpa
export TEBCFGHOME
SERVICENAME=tebctl-tws_cpa_agent_qmaestro2
USERNAME=qmaestro2

EXEDIR=$TEBHOME/ita
CFGDIR=$TEBCFGHOME/ita
PROCNAME=agent
AGENTSH=$EXEDIR/agent.sh
CPASU=$EXEDIR/cpasu
STATUSFILE=$EXEDIR/status.info
CFGFILE=$CFGDIR/ita.ini
OUTFILE=$CFGDIR/native.out
ROOTUSERID=0
CURRENTUSER=`id -un`
CURRENTUSERID=`id -u`
OWNER=`ls -l $0 | awk '{print $3}'`

if [ "$OSTYPE" = "os400" ]; then
#OS400 user names are case insensitive, for comparison
convert both to lowercase
CURRENTUSER=`echo $CURRENTUSER | tr [:upper:] [:lower:]`
USERNAME=`echo $USERNAME | tr [:upper:] [:lower:]`
OWNER=`echo $OWNER | tr [:upper:] [:lower:]`
SU_CMD=$CPASU
START_AGENT_CMD="sh $AGENTSH"
else
SU_CMD="su -"
START_AGENT_CMD=$AGENTSH fi

TERMINATETIMEOUT=60
RETVAL=0


# These functions follow the RedHat Linux convention
success()
{
printf "OK"
}

failure()
{
printf "FAILED"
}

daemon()
{
#umask 027

if [ "$CURRENTUSER" = "$USERNAME" ]; then
$START_AGENT_CMD > $OUTFILE 2>&1
else
if [ "$CURRENTUSERID" = "$ROOTUSERID"
] || [ "$CURRENTUSER" = "$OWNER" ]; then
if [ "$USERNAME" = ""
]; then

$START_AGENT_CMD > $OUTFILE 2>&1
else
#
assign OUTFILE to the USERNAME otherwise he will not be able to write on it when
# he
starts the agent
echo
$OUTFILE 2>/dev/null
chown
$USERNAME $OUTFILE 2>/dev/null

$SU_CMD $USERNAME "$START_AGENT_CMD" > $OUTFILE 2>&1
fi
else
# not root or USERNAME.
if [ "$OWNER" =
"$USERNAME" ]; then
echo
"Only root or $OWNER can start the agent!"
else
echo
"Only root, $OWNER or $USERNAME can start the agent!"
fi
failure
return 1
fi
fi

sleep 1

get_pid

if [ $pid -ne 0 ]; then
success
return 0
else
failure
return 1
fi
}

status()
{
get_pid
if [ $pid -ne 0 ]; then
echo "$SERVICENAME agent running"
exit 0
else
echo "$SERVICENAME agent down"
exit 1
fi
}

util_inc ()
{
cntvar=$1
val="`eval echo \\$${cntvar}`<file://$$%7bcntvar%7d%60>"
eval ${cntvar}=`expr ${val} + 1`
}


get_pid()
{
pid=0
if [ -f $STATUSFILE ]; then
pid=`cat "$STATUSFILE"`
if [ "$pid" = "" ]; then
pid=0
elif [ $pid -ne 0 ]; then
#wait 1 second to let process start
sleep 1
OSname=`uname`
if [ "$OSname" = "OS400" ]; then
PROCESS=`ps -p $pid | grep $pid | grep -i agent`
if [ $? -ne 0 ]; then
pid=0
fi
else
PROCESS=`ps -p $pid | grep $pid | awk '{ print $4 }'`
if [ "$PROCESS" != "$PROCNAME" ]; then
pid=0
fi
fi
fi
fi
}

start_cpa()
{
if [ -f $CFGFILE -a -x $AGENTSH -a -x $EXEDIR/$PROCNAME ]; then
# Run agent and check the return status...
cd $EXEDIR
printf "Starting $SERVICENAME agent: "
daemon
RETVAL=$?
printf "\n"
else
echo "$SERVICENAME agent not installed properly"
exit 2
fi
}

case "$1" in
start_msg)
echo "Starting $SERVICENAME daemon"
;;

stop_msg)
echo "Stopping $SERVICENAME daemon"
;;

condrestart)
get_pid
if [ $pid -ne 0 ] ; then
echo "$SERVICENAME is running"
exit 0
fi
start_cpa
;;

start)
get_pid
if [ $pid -ne 0 ] ; then
echo "$SERVICENAME already started"
exit 0
fi
start_cpa
;;

stop)
if [ "$CURRENTUSER" = "$USERNAME" ] || [ "$CURRENTUSERID"
= "$ROOTUSERID" ] || [ "$CURRENTUSER" = "$OWNER" ]; then
get_pid

if [ $pid -ne 0 ]; then
printf "Stopping
$SERVICENAME Agent (${pid}):"
RETVAL=1

kill -TERM ${pid}

if [ $? -eq 0 ] ; then
cnt=0
while
[ ${cnt} -lt ${TERMINATETIMEOUT} ] ; do

printf "."

sleep 1

ps -p ${pid} > /dev/null 2>&1

if [ $? -ne 0 ] ; then

break

fi

util_inc cnt
done
else
rm -f
"${STATUSFILE}"
fi

ps -p ${pid} >
/dev/null
2>&1
if [ $? -eq 0 ] ; then
printf
"Timeout\n"
printf
"Cannot stop $SERVICENAME Agent - killing it..."
kill
-9 ${pid}
sleep 2
ps -p
${pid} > /dev/null 2>&1
if [ $?
-eq 0 ] ; then

printf "Cannot kill $SERVICENAME Agent - giving up.\n"

RETVAL=0
fi
fi
rm -f "${STATUSFILE}"

if [ $RETVAL -eq 1 ] ; then
success
RETVAL=0
else
failure
RETVAL=1
fi
printf "\n"
fi
else
# not root or USERNAME.
if [ "$OWNER" = "$USERNAME" ]; then
echo "Only root or
$OWNER can stop the agent!"
else
echo "Only root,
$OWNER or $USERNAME can stop the agent!"
fi
failure
RETVAL=1
fi
;;

restart)
$0 stop
$0 start
RETVAL=$?
;;

status)
status
RETVAL=$?
;;

*)
echo "Usage: $0 {start|stop|condrestart|restart|status}"
RETVAL=2
;;
esac
exit $RETVAL
________________________________
This e-mail message, including any attachments, is for the sole use of
the intended recipient, and may contain material that is privileged or
confidential and legally protected from disclosure. If you are not the
intended recipient or have received this message in error, you are not
authorized to copy, distribute, or otherwise use this message or its
attachments. Please notify the sender immediately by return e-mail and
permanently delete this message and any attachments.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx To
subscribe, unsubscribe, or change list options,
visit:
https://urldefense.com/v3/__https://lists.midrange.com/mailman/listinf
o/midrange-l__;!!Fat92My4sJ5u0kQe!0TReSD6I4x_zz-hrNT7aqwCn1jV9w5jKVD2T
jeD5_45NZvFwyNvjr80h0T8k7TldynbsnOPXC0KueJewyNmQ8pc36OH9e3-D$
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at
https://urldefense.com/v3/__https://archive.midrange.com/midrange-l__;!!Fat92My4sJ5u0kQe!0TReSD6I4x_zz-hrNT7aqwCn1jV9w5jKVD2TjeD5_45NZvFwyNvjr80h0T8k7TldynbsnOPXC0KueJewyNmQ8pc36ODQ5Gz7$ .

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription
related questions.


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: https://urldefense.com/v3/__https://lists.midrange.com/mailman/listinfo/midrange-l__;!!Fat92My4sJ5u0kQe!0TReSD6I4x_zz-hrNT7aqwCn1jV9w5jKVD2TjeD5_45NZvFwyNvjr80h0T8k7TldynbsnOPXC0KueJewyNmQ8pc36OH9e3-D$
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at https://urldefense.com/v3/__https://archive.midrange.com/midrange-l__;!!Fat92My4sJ5u0kQe!0TReSD6I4x_zz-hrNT7aqwCn1jV9w5jKVD2TjeD5_45NZvFwyNvjr80h0T8k7TldynbsnOPXC0KueJewyNmQ8pc36ODQ5Gz7$ .

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related questions.

________________________________
This e-mail message, including any attachments, is for the sole use of the intended recipient, and may contain material that is privileged or confidential and legally protected from disclosure. If you are not the intended recipient or have received this message in error, you are not authorized to copy, distribute, or otherwise use this message or its attachments. Please notify the sender immediately by return e-mail and permanently delete this message and any attachments.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.