where in the docs is this example ?
Linked from the 8.6 docs... Googled for 'BSA users.local command list'. Top hit is
which explains the syntax. For more info on the command list, it then links to the 'Restricting Commands' section (Which is a bit confusing, because it's under the section for configuring the exports file).
The example itself...
For example, when you enter
commands=nsh:nexec:/bin/ps, the following commands work as expected (executing from /bin/ps):
rome $ nexec athens ps -ef
rome $ cd
athens $ ps -ef
However I get an error when trying to execute my command with a parameter (Works without one though)
i have this in my users.local:
and i can do:
% nexec blapp88-1 wget http://www.google.com -O foo.out
--2016-06-16 20:35:34-- http://www.google.com/
Resolving www.google.com (www.google.com)... 22.214.171.124, 126.96.36.199, 188.8.131.52, ...
Connecting to www.google.com (www.google.com)|184.108.40.206|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: ‘foo.out’
[ <=> ] 10,424 --.-K/s in 0.002s
2016-06-16 20:35:34 (5.60 MB/s) - ‘foo.out’ saved 
what version of bsa are you using ?
The server is an 8.6 RDS. The client is BladeLogic_RSCD_Agent-8.3.03-82.x86_64
The command itself is being run by a job on the bladelogic system though. Not manually by me using nexec (Just in case that makes a difference).
Hmm... Just went digging. The command in the script wraps the remote command in double quotes... I suspect when you do this, the client is treating the whole command line as the command itself?
yeah - that seems to do it:
blapp# nexec 192.168.52.242 "ps -ef"
Not authorized to run this command
blapp# nexec 192.168.52.242 ps -ef UID PID PPID C STIME TTY TIME CMD root 1 0 0 Jun15 ? 00:00:01 /sbin/init root 2 0 0 Jun15 ? 00:00:00 [kthreadd]
Slightly annoying... I understand the reasoning behind why it's doing it... but is there a way to tell nexec 'this is the whole command' and nothing after (the end quote) when you want to do something strange like a redirect remotely, AND a redirect locally..
1 of 1 people found this helpful
yeah - i see what you mean. i created a defect for this - QM002065284
Great! Thanks Bill!