disallow pseudo terminal in ssh
Some Oracle documentation wants you to setup ssh with no password and no passphrase. Configuring ssh This is not really something your security admin will like. First, using DSA, which is deprecated and disabled by default in OpenSSH 7.0, is a pretty dump instruction OpenSSH 7.0 and greater similarly disable the ssh-dss (DSA) public key […]
Don’t call it test
There are quite a few names to avoid in your scripts. Even if there are not reserved-words, keep away ! I’ll start with test cd $HOME/bin vi test echo hello world chmod +x test ./test hello world The problem is that it may break your other scripts $ ssh localhost test 1 = 2 && […]
Untrusted X11 forwarding
I wrote a while ago about my security concerns regarding xhost + xterm -display mypc:0 Way back then, I suggested ssh tunnel. SSH is pretty easy to set up, by enabling the X11Forwarding option. In OpenSSH 3.8 release note, 2004, there was a new default . ssh(1) now uses untrusted cookies for X11-Forwarding In the […]
run sudo, ssh, password, su in simulated interactive mode
Some commands do not like non-interactive mode $ passwd <<EOF > oldpassword > newpassword > newpassword > EOF Changing password for user lsc. Current password for lsc@example.com: passwd: Authentication token manipulation error $ echo oraclepassword | su – oracle standard in must be a tty $ echo sudopassword | sudo su – oracle [sudo] password […]
How to *really* send a script to the background
Let’s check this small script – foo.sh #!/bin/sh echo foo.1:`date` | tee $HOME/tmp/foo.txt sleep 3 echo foo.2:`date` | tee -a $HOME/tmp/foo.txt $ $HOME/tmp/foo.sh foo.1:Thu Nov 27 17:34:53 CET 2014 foo.2:Thu Nov 27 17:34:56 CET 2014 Very obvious, I write to the console, wait three seconds, then write to the console. Ok, let’s take another script […]
fun with cron
Today I find out that my scheduler was too busy to execute all jobs in my crontab !? * * * * * (while :;do ssh example.com :; done) 59 23 19 06 * touch /tmp/bang my while loop is going to produce so much hangs on the cron deamon that it may not be […]
Testing for (non-)empty string in shell
One way to test for (non-)empty string is to use test and -z (-n) $ x=foo $ test -z "$x" $ echo $? 1 This is mostly seen with an if and [ -z … ] syntax $ y=bar $ if [ -n "$y" ]; then echo non-empty; fi non-empty Instead of a variable, it […]
hot to bypass requiretty in sudo
You can execute it a command without password from the commande line $ sudo -l User lsc may run the following commands on this host: (root) NOPASSWD: /usr/local/bin/helloworld $ sudo /usr/local/bin/helloworld Hello World! Now you try to run it via cron and you get sudo: sorry, you must have a tty to run sudo The […]
use cron to schedule a job only once
I wrote about not using DAY OF MONTH and DAY OF WEEK simultanously in how to cron The correct method is to use 15 14 15 05 * /tmp/run-my-job But… I wrote this five years ago. Hmmm ! Not that correct then since it would run every year 😉 Ok, periodically I check for jobs […]
return code and sqlplus
Calling a shell script from within sqlplus is buggy… I have reported bug 3798918 in 10.1.0.2 (back in 2004) and bug 13349119 in 11.2.0.3 because some metalink guru closed 3798918 as not reproducible. As written in return code, host does not return the correct code SQL> host exit 7 SQL> def _RC DEFINE _RC = […]
How to quit crontab -e without overwritting cron
Imagine my crontab * * * * * /usr/bin/date > /tmp/foo I am writing the date to /tmp/foo every minute $ cat /tmp/foo Thu Jul 5 08:45:01 CEST 2012 Now I want to view my crontab in my EDITOR (vi). $ crontab -e I do not quit yet. In the meantime, my colleague modify the crontab. * […]
xhost+ security hole part 2
Five years ago I wrote xhost+ is a huge security hole, I turned out red this morning when my neighbour sent me a smiley via X. Do I really want everyone to have full access to my screen? No, I don’t. And I don’t do xhost+. So why did it happen to me ??? I […]
[alert] AIX Posix Timezone issue
Maybe you did get or you will get an issue with the date command in AIX. expected behavior, Linux $ TZ=NZST-12NZDT,M10.1.0/2,M3.3.0/3 date Sat Mar 17 00:14:54 NZDT 2012 $ TZ=Pacific/Auckland date Sat Mar 17 00:14:58 NZDT 2012 unexpected behavior, AIX $ TZ=Pacific/Auckland date Sat Mar 17 00:15:50 GMT+13:00 2012 $ TZ=NZST-12NZDT,M10.1.0/2,M3.3.0/3 date Fri Mar 16 […]
delete unused shared memory segments from an Oracle instance
Once upon a time, a dba issues some kill -9 to clean up dying database processes. Or the database instance crashes. This will left some shared memory segments. Note 68281.1 describe how to remove them on a server with multiple databases. First, list the ipc process $ ipcs IPC status from /dev/mem as of Mon […]
Check if it a program is already running in Unix
There is more than one way to do it, the safe is probably to check if /home/lsc/OH_YES_I_AM_RUNNING exists and believe it. This is called the file.PID method and is widely used (Apache used to use it since a long long time). It needs file. It needs cleanup if you reboot your server in the middle […]
shell and list of files
How do you loop thru a list of files? For instance you want to archive than delete all pdf documents in the current directory : Bad practice : tar cvf f.tar *.pdf rm *.pdf There are multiple issue with the command above 1) new files could come during the tar, so the rm will delete […]
pstree in AIX
For those who do not want to download some linuxlike freeware on your aix box, use ps -T 🙂 ps -fT 2412672 UID PID PPID C STIME TTY TIME CMD oracle 2412672 1 0 Sep 05 – 0:00 /u01/app/oracle/product/OAS oracle 630956 2412672 0 Sep 05 – 6:11 \–/u01/app/oracle/prod oracle 1347672 630956 0 Sep 05 – 15:32 |\–/u01/app/oracle/ oracle 1437836 630956 0 Sep 05 – 1:02 |\–/u01/app/oracle/ oracle 880820 1437836 0 Sep […]
Generate network graph from command line
I recently wrote on gnuplot, today I tried another command line utility to generate graphs, graphviz, version 2.24.0 on AIX5L. Pretty straightforward syntax : ( echo "digraph Emp {" sqlplus -s -L scott/tiger << EOF set pages 0 lin 120 hea off feed off select ename ||'->'|| (select ename from emp where empno=e.mgr) || ';' […]
send graph per mail from sqlplus
How to send a graph with a single command from your database to your mail in Unix? I tried this (gnuplot is available for Solaris, AIX and most Unix derivates) : echo ' set hea off pages 0 feed off prom set title "salaries of EMP" prom unset key prom unset xtics prom unset xlabel […]
vi large files
Once upon a time a colleague asked me if there is a better editor than vi installed on my db server. Well, I was not really about arguing the benefit of ed (less memory usage, no useless error message). But one advantage of ed was (I believed) the ability to read large files $ vi […]
scp tuning
I twitted yesterday : laurentsch copying 1TB over ssh sucks. How do you fastcopy in Unix without installing Software and without root privilege? I got plenty of expert answers. I have not gone to far in recompile ssh and I did not try plain ftp. Ok, let’s try first to transfer 10 files of 100M […]
What is the current setting of NLS_LANG in sqlplus?
I just learnt a neat trick from Oracle Support. How do you see the current value of NLS_LANG in SQLPLUS ? HOST is not the right answer. E.g.: Unix: SQL> host echo $NLS_LANG AMERICAN_SWITZERLAND Windows: SQL> HOST ECHO %NLS_LANG% %NLS_LANG% The correct setting is revealed by @.[%NLS_LANG%] E.g.: Unix: SQL> @.[$NLS_LANG] SP2-0310: unable to open […]
Time offset in Unix
What is the time offset of the current date in Unix? perl -e ' $t=time; @l=localtime($t); @g=gmtime($t); $d=$l[2]-$g[2]+($l[1]-$g[1])/60; $gd=$g[3]+$g[4]*31+$g[5]*365; $ld=$l[3]+$l[4]*31+$l[5]*365; if($gd<$ld){$d+=24}; if($gd>$ld){$d-=24} print ($d."\n")' 2 Am I in summer (DST)? perl -e 'if((localtime)[8]){print"yes"}else{print "no"}' yes
to cvs or to subversion
First surprise, after migration, the size of my subversion folder is double the size of my cvs folder. With a bunch of 2Gb disks shared amoung dozens of unix persons, and regular reminders the current usage reached 100%, you will feel the pain of having each developers doublesizing its home directory… The reason is a […]
extract xml from the command line
I just discovered this morning this cool utility in my /bin directory : xmllint You can use it to extract values from your xml files within your shell scripts $ cat foo.xml <emplist> <emp no="1"> <ename>John</ename> </emp> <emp no="2"> <ename>Jack</ename> </emp> </emplist> $ echo 'cat //emplist/emp[@no="1"]/ename/text()'| xmllint –shell foo.xml | sed -n 3p John I […]
read without Enter
A small unix tip today. Do you want to continue ? If you are expecting “y” or “n” but do not want to enforce the user to type y[Enter] but simply y, you can use the -n option in bash. Within a ksh script: yorn=$(bash -c 'read -p "Do you want to continue ? " […]
cd
Do you know cd ? I thought I did until this afternoon … OK, let’s start some basic. I create two directories $ echo $SHELL /bin/ksh $ mkdir /tmp/foo $ mkdir /tmp/bar create a symlink /tmp/bar/baz pointing to /tmp/foo $ ln -s /tmp/foo /tmp/bar/baz create a file foo1 in foo $ touch /tmp/foo/foo1 change to […]
11.2 Sparc
Good news, go there http://www.oracle.com/technology/software/products/database 🙂
cd OLD NEW
Something I like in ksh is to change from /my/old/directory/path to /my/new/directory/path by typing cd old new. This does not work in bash So I had to find a workaround 😉 $ ksh $ cd /app/oracle/product/11.1.0.6/database/rdbms/admin $ cd 6 7 $ pwd /app/oracle/product/11.1.0.7/database/rdbms/admin $ bash $ cd 7 6 bash: cd: 7: No such file […]
chmod -R 777 .
This is one of the thing I hate to see, recursively changing everything to 777 👿 If you want to give read access to all, then 644 is enough for files and 755 for directories. If you want to give execution permission too, you could give 755 to executable files. Also sometimes you have files […]
to ftp or to sftp
Ftp is seen as an old-time unsecure protocol. Many shops nowadays have switched or are switching to sftp. I will try to point out some differences : Compatibility: none. the protocol is completly different. Multiple graphical clients however do support both mode. But the basic “ftp” client will not work with sftp. Ascii mode: only […]