can non-root users call lsof? - Ubuntu

This is a discussion on can non-root users call lsof? - Ubuntu ; I've got a cron script, written in PHP, that does this call: lsof | greg vsftpd and saves the output in a text file. When I ssh to the server and login as root and call this script myself, everything ...

+ Reply to Thread
Results 1 to 10 of 10

Thread: can non-root users call lsof?

  1. can non-root users call lsof?


    I've got a cron script, written in PHP, that does this call:

    lsof | greg vsftpd

    and saves the output in a text file.

    When I ssh to the server and login as root and call this script myself,
    everything works fine. That is, if I do this:

    /usr/local/bin/contentingester/save_ftp_processes.php

    I get the full list of files opened by vsftpd, saved to a text file,
    just like I would expect.

    When the cron calls this script, it creates the file, like it should,
    but the file is empty.

    Why is that? Is lsof limited to root users or something?



















  2. Re: can non-root users call lsof?

    Lawrence Krubner wrote:

    >
    > I've got a cron script, written in PHP, that does this call:
    >

    .....
    > When the cron calls this script, it creates the file, like it should,
    > but the file is empty.
    >
    > Why is that? Is lsof limited to root users or something?


    Depending upon the distribution, it may sit in /usr/sbin (with only root
    having that path).
    Btw., what do you want to achiieve here? Why not enhance vsftpd log level
    and analyze the logfile directly?
    In particular, look (man 5 vsftpd.conf) for xferlog options.

  3. Re: can non-root users call lsof?

    On Fri, 11 Jul 2008 00:45:15 -0400, Lawrence Krubner wrote:

    > I've got a cron script, written in PHP, that does this call:
    >
    > lsof | greg vsftpd
    >
    > and saves the output in a text file.
    >
    > When I ssh to the server and login as root and call this script myself,
    > everything works fine. That is, if I do this:
    >
    > /usr/local/bin/contentingester/save_ftp_processes.php
    >
    > I get the full list of files opened by vsftpd, saved to a text file,
    > just like I would expect.
    >
    > When the cron calls this script, it creates the file, like it should,
    > but the file is empty.
    >
    > Why is that? Is lsof limited to root users or something?


    A typical problem with cron is whats in its $PATH. I havn't found out how
    to change that, instead you can use the exact path to what ever command
    you run, like this:
    /usr/bin/lsof

    You can find the path with which: "which lsof".


    Tomas

  4. Re: can non-root users call lsof?

    On 11 Jul 2008 08:31:08 GMT, Tomas Pedersen wrote:

    > A typical problem with cron is whats in its $PATH. I havn't found out how
    > to change that,


    A few methods follow:

    1 Use full path with command(s) in each script.

    2 Add following to each script:
    PATH=$PATH:/sbin:/usr/sbin:/usr/local/bin
    export PATH

    3 Modify PATH in /etc/crontab

    4 Add following to script.
    source /somewhere/set_cron_path # which contains method 2 commands.



    A few downside arguments for each of the above methods:

    1 Each script has to be modified if program(s) moves to another location.
    General pain having to remember path for commands.

    2 Each script has to be modified if program(s) moves to another location.

    3 Package update can wipe out your /etc/crontab modification.

    4 Only one script needs to be modified. Assuming /somewhere/ does not move.
    /somewhere/ has to be mounted before cron script executes.

    Suggestion: Use method 4 just for easier maintenance.
    Also allows you to define functions and alias for use in scripts.

  5. Re: can non-root users call lsof?

    On 2008-07-11, Tomas Pedersen wrote:
    ....
    > A typical problem with cron is whats in its $PATH. I havn't found out how
    > to change that


    Add the PATH assignment to the crontab file, e.g.:

    PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
    0 0 * * * script

    --
    Chris F.A. Johnson, webmaster
    ================================================== =================
    Author:
    Shell Scripting Recipes: A Problem-Solution Approach (2005, Apress)

  6. Re: can non-root users call lsof?

    On Fri, 11 Jul 2008, in the Usenet newsgroup alt.os.linux.ubuntu, in article
    , Bit Twister wrote:

    >1 Use full path with command(s) in each script.
    >
    >2 Add following to each script:
    > PATH=$PATH:/sbin:/usr/sbin:/usr/local/bin
    > export PATH


    One thing that was beaten into me by every *nix instructor, mentor or
    peer for the last thirty plus years is that you should either use the
    full path for every command when running stuff as a non-normal user,
    OR explicitly setting the path in scripts to be run by the system or
    others. And that means not using the 'PATH=$PATH:/additional/places'
    technique, but setting it exactly. This avoids the situation where a
    nefarious user has set their own path to be

    /some/place/nasty:/bin:/usr/bin:/usr/local/bin

    which allows them to put some modified substitute for a common command
    (that perhaps creates an SUID root shell) there. See "Practical Unix
    & Internet Security" 3rd Edition, ISBN 0-596-00323-4, O'Reilly, 2/2003,
    page 113 for one of _many_ dumb exploits.

    >1 Each script has to be modified if program(s) moves to another location.
    > General pain having to remember path for commands.
    >
    >2 Each script has to be modified if program(s) moves to another location.


    How often does that happen?

    >Suggestion: Use method 4 just for easier maintenance.
    > Also allows you to define functions and alias for use in
    > scripts.


    Not unreasonable - also allows a convenient place to UN-alias things
    to prevent some minor surprises.

    Old guy

  7. Re: can non-root users call lsof?

    On Fri, 11 Jul 2008 20:50:37 -0500, Moe Trin wrote:
    > On Fri, 11 Jul 2008, in the Usenet newsgroup alt.os.linux.ubuntu, in article
    >, Bit Twister wrote:
    >
    >>1 Use full path with command(s) in each script.
    >>
    >>2 Add following to each script:
    >> PATH=$PATH:/sbin:/usr/sbin:/usr/local/bin
    >> export PATH

    >
    > One thing that was beaten into me by every *nix instructor, mentor or
    > peer for the last thirty plus years is that you should either use the
    > full path for every command when running stuff as a non-normal user,
    > OR explicitly setting the path in scripts to be run by the system or
    > others. And that means not using the 'PATH=$PATH:/additional/places'
    > technique, but setting it exactly. This avoids the situation where a
    > nefarious user has set their own path to be
    >
    > /some/place/nasty:/bin:/usr/bin:/usr/local/bin


    True, but this thread was about a system cron job which would start
    you out with a valid PATH. :-)

    Otherwise any script written for your users should either create the
    PATH or source a script to do the same thing.

    >>2 Each script has to be modified if program(s) moves to another location.

    >
    > How often does that happen?


    Not too often. Usually when changing operating systems.



    >>Suggestion: Use method 4 just for easier maintenance.
    >> Also allows you to define functions and alias for use in
    >> scripts.

    >
    > Not unreasonable - also allows a convenient place to UN-alias things
    > to prevent some minor surprises.


    For sure there. I had a freaking software engineer set an alias for goto.
    Did not help my application script a whole lot. :-(


  8. Re: can non-root users call lsof?

    On Fri, 11 Jul 2008 10:04:24 +0000, Bit Twister wrote:

    >
    > 3 Modify PATH in /etc/crontab
    >

    Last time I edited crontab the PATH wasn't there by default, so I never
    knew it was so easy. Of course, Since I never used cron a lot I never
    bothered finding out. Thanks for pointing it out.


    Tomas

  9. Re: can non-root users call lsof?

    On Sat, 12 Jul 2008, in the Usenet newsgroup alt.os.linux.ubuntu, in article
    , Bit Twister wrote:

    >Moe Trin wrote:


    >> Bit Twister wrote:


    >> This avoids the situation where a nefarious user has set their own
    >> path to be
    >>
    >> /some/place/nasty:/bin:/usr/bin:/usr/local/bin

    >
    >True, but this thread was about a system cron job which would start
    >you out with a valid PATH. :-)


    It's simply a good habit to get into.

    >>>2 Each script has to be modified if program(s) moves to another location.

    >>
    >> How often does that happen?

    >
    >Not too often. Usually when changing operating systems.


    Long ago, I was supporting several types of UNIX, including both BSD and
    SysV derivatives. My shell startup script would look at the output of
    'uname -s' and set the $PATH accordingly, so that '/usr/ucb/bin' or
    '/usr/5bin/' were added to get the "correct" command behavior I was
    used to.

    >> allows a convenient place to UN-alias things to prevent some minor
    >> surprises.

    >
    >For sure there. I had a freaking software engineer set an alias for goto.
    >Did not help my application script a whole lot. :-(


    Bash shell is nice that way - "unalias -a" gets them all.

    Old guy

  10. Re: can non-root users call lsof?

    On 2008-07-12, Moe Trin wrote:
    > On Sat, 12 Jul 2008, Bit Twister wrote:
    >>> allows a convenient place to UN-alias things to prevent some minor
    >>> surprises.

    >>
    >>For sure there. I had a freaking software engineer set an alias for goto.
    >>Did not help my application script a whole lot. :-(

    >
    > Bash shell is nice that way - "unalias -a" gets them all.


    That is available in all POSIX shells.

    It is always the first line of my .bashrc or .profile.

    --
    Chris F.A. Johnson, author |
    Shell Scripting Recipes: | My code in this post, if any,
    A Problem-Solution Approach | is released under the
    2005, Apress | GNU General Public Licence

+ Reply to Thread