Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Install 'expect' to control interactive UNIX apps UNIX
The UNIX program expect is a tool for automatic interactive applications such as telnet, ftp, passwd, fsck, rlogin, tip, etc. expect is also useful for testing these same applications. Expect reads the output from interactive applications, allowing scripts to act based on the contents of that output.

With this very handy tool, you can easily create scripts that act on resulting output from commands. I created a cron job as an ordinary user calling a script to repair the privileges on my root disk (for which you must have root access). You might also create a root cron job for this, but I used this example to show you how to script root commands as an ordinary user. The script will insert your root password automatically when it is prompted for this!

This is what to do:
  1. Install Expect through fink (type "fink install expect").

  2. Create a script called repairprivsboot (with joe or vi or emacs), with the following text (give it u+rx permissions):
    #!/sw/bin/expect -f
    spawn ssh -2 -l yourname 12.34.56.78
    expect "yourname@12.34.56.78's password:"
    send "yourpassword\r"
    expect "yourname%"
    send "sudo diskutil repairPermissions / \r"
    expect "password:"
    send "yourpassword\r"
    set timeout 240
    expect "volume."
    You must replace "yourname" with the name of your root login account, 12.34.56.78 with your ip number and "yourpassword" with your root password. Of course, you must have ssh enabled to be able to login with ssh into your superuser account. The script will wait for the literal output that is in the "expect" lines, so you might have to check if this output is the same on your system.

  3. create a cron job as ordinary user with "crontab -e" using vi, adding the following line:
    40    20    *    *    *    theFullPath/repairprivsboot
    Replace theFullPath with the full path to the script. This line will start the root disk repair of privileges every evening at fourty minutes past eight.
Please note there is a certain security risk here, because your root password in the script is "in the open" i.e. unencrypted. So please check the privileges and rights of this script file to ensure that no others can read it.

[Editor's note: I tried to compile expect from the source, and I'm sure it's possible, but there are some dependencies (tcl) that must be installed first, and I believe the configure script needs to be edited a bit to account for the hostname ... both of which are beyond my skill set. Using fink is definitely the easy way to get 'expect' running.]
    •    
  • Currently 0.00 / 5
  • 1
  • 2
  • 3
  • 4
  • 5
  (0 votes cast)
 
[11,451 views]  

Install 'expect' to control interactive UNIX apps | 4 comments | Create New Account
Click here to return to the 'Install 'expect' to control interactive UNIX apps' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
think twice
Authored by: jorist on Nov 26, '02 04:36:50PM

Think twice before exposing the root password in your scripts!



[ Reply to This | # ]
Use suid permissions
Authored by: KOHb on Nov 27, '02 12:47:37PM
You could instead create a script that assumes root-priviliges when run by using the suid permission.
  1. Create a script, say, "fixperms.sh". Have it contain:
    #!/bin/sh diskutil repairPermissions /
  2. Make the script executable by typing "chmod ugo+x fixperms.sh"
  3. Change the script's owner to be root "sudo chown root fixperms.sh"
  4. Make the script assume root's UID when executed: "sudo chmod u+s fixperms.sh"
  5. Put this script in your crontab, as the hint suggests.
The "s" permission means that the script will run with the owner's permissions, as opposed to yours. "man chmod" might explain things.

It's also perfectly reasonable to put "diskutil repairPermissions /" in root's crontab. Root's crontab is in /etc/crontab, or you can create a script and put it in /etc/periodic/daily

The point is---there's absolutely no reason to ever store your password in plaintext on your machine.

[ Reply to This | # ]

Use suid permissions
Authored by: mervTormel on Nov 27, '02 02:17:25PM

{groan}

there are also huge security issues with making shell scripts SUID and SGID executable. a very secure kernel is compiled to disallow this. earlier versions of Mac OS X apologized and failed when one tried to SUID/SGID a shell script.

make darn sure owner:group is root:wheel and make darn sure there is no write access!

darnit! make darn sure you don't approach this with a cavalier attitude! in fact, other solutions should be considered first! it's just too easy to get careless and forget about this kind of stuff; it constitutes another maintenance issue on your plate that you should and need to monitor closely.



[ Reply to This | # ]
Fink's expect won't install
Authored by: ClarkGoble on Dec 30, '02 03:32:55PM

For some reason, whether it is 10.2.3 or something else, Fink won't install expect. Installing the source by hand doesn't work right either unless you are careful and modify a few settings.

The easy way to get expect is to install Wish from either Source Forge or Version Tracker. It includes a separate TCL "shell" and allows you to run TK programs as well. Not only does it install tclsh in /usr/bin but expect as well.

There are a few quirks with it. For some reason shell scripts with tclsh don't always work as expected. But by and large it is a nice way to get TCL, TK, and Expect working.



[ Reply to This | # ]