Sudo and pre-freeze scripts

[steelnwool]

So I discovered an interesting behavior with using credentials that are elevated to root on linux servers.

The scripts are uploaded via Veeam and then executed using sudo, but they will not execute because they are never given the execute bit and sudo hates that.

I have a support ticket open with Veeam but was curious if anyone else had any input.

Here is the relevant log out put:

Code: Select all

[28.07.2015 09:03:00] <15> Info     [ScriptInvoker] Creating Linux invoker.
[28.07.2015 09:03:00] <15> Info     [ScriptInvoker] Starting pre-freeze script execution
[28.07.2015 09:03:00] <15> Info     [ScriptInvoker] Running Linux script (SSH) 'C:\Users\root\Documents\scripts\uid.sh'
[28.07.2015 09:03:00] <15> Info     [Ssh] Creating new connection [host: '10.33.33.51', port: 22, user: 'veeam', elevation to root: 'yes', autoSudo: no, auth type: 'PublicKey'.].
[28.07.2015 09:03:00] <15> Info     [Ssh] logon, host: '10.33.33.51', port: 22, user: 'veeam', elevation to root: 'yes', autoSudo: no, auth type: 'PublicKey'.
[28.07.2015 09:03:00] <15> Info     [Ssh] Server (10.33.33.51) version string: "SSH-2.0-OpenSSH_5.3"
[28.07.2015 09:03:00] <15> Info     [ScriptInvoker] SSH connection is established (10.33.33.51).
[28.07.2015 09:03:01] <15> Info     Executing: sudo /tmp/477b2d2b-569e-456b-9e04-90fb6c9fac85_uid.sh;echo $?
[28.07.2015 09:03:01] <15> Info     Executing: sudo rm -f /tmp/477b2d2b-569e-456b-9e04-90fb6c9fac85_uid.sh
[28.07.2015 09:03:01] <15> Info     [Ssh] Connection [host: '10.33.33.51', port: 22, user: 'veeam', elevation to root: 'yes', autoSudo: no, auth type: 'PublicKey'.] is disposing.
[28.07.2015 09:03:01] <15> Error    [ScriptInvoker] Failed to execute script in lin guest machine over SSH. Script path: C:\Users\root\Documents\scripts\uid.sh.
[28.07.2015 09:03:01] <15> Error    Exception of type 'Veeam.Backup.Core.CGuestScriptTimeoutExc' was thrown. (Veeam.Backup.Core.CGuestScriptTimeoutExc)
[28.07.2015 09:03:01] <15> Error       at Veeam.Backup.Core.CSshScriptInvoker.ExecScript(String localPath, TimeSpan timeout)
[28.07.2015 09:03:01] <15> Warning  [ScriptInvoker] Script execution timeout.

And here is a simulation in an interactive shell, emulating how veeam would behave. First uploading the script and then trying to execute it. For follow up I chmodded +x the file and I show the output here..

Code: Select all

[veeam@jsandbox ~]$ ls -lt /tmp/uid.sh
-rw-r--r-- 1 veeam veeam 81 Jul 28 09:15 /tmp/uid.sh
[veeam@jsandbox ~]$ sudo /tmp/uid.sh; echo $?
sudo: /tmp/uid.sh: command not found
1
[veeam@jsandbox ~]$ chmod +x /tmp/uid.sh
[veeam@jsandbox ~]$ ls -lt /tmp/uid.sh
-rwxr-xr-x 1 veeam veeam 81 Jul 28 09:15 /tmp/uid.sh
[veeam@jsandbox ~]$ sudo /tmp/uid.sh; echo $?
0

Interesting eh?

So is this a bug with Veeam, or is there a way to configure sudo to execute scripts even if there is no exe bit enabled, or do i write a wrapper?

[PTide]

Hi,

Sorry if I got you wrong, but why not to sh?
Please see the code below - sute is a sudoer, test.sh is a bash script.

Code: Select all

login as:root
Last login: Tue Jul 28 17:36:49 2015
[root@repo-centos6 ~]# su sute
[sute@repo-centos6 root]$
[sute@repo-centos6 root]$ ls
ls: cannot open directory .: Permission denied
[sute@repo-centos6 root]$ cd /home/sute/
[sute@repo-centos6 ~]$ ls
[sute@repo-centos6 ~]$
[sute@repo-centos6 ~]$ ls -laht
total 20K
drwx------. 2 sute sute 4.0K Jul 28 17:40 .
drwxr-xr-x. 3 root root 4.0K Jul 28 17:40 ..
-rw-r--r--. 1 sute sute   18 Oct 16  2014 .bash_logout
-rw-r--r--. 1 sute sute  176 Oct 16  2014 .bash_profile
-rw-r--r--. 1 sute sute  124 Oct 16  2014 .bashrc
[sute@repo-centos6 ~]$ ls -laht /root/
ls: cannot open directory /root/: Permission denied
[sute@repo-centos6 ~]$ sudo ls -laht /root
[sudo] password for sute:
total 68K
dr-xr-x---.  4 root root 4.0K Jul 28 17:48 .
-rw-------.  1 root root 4.4K Jul 28 17:43 .bash_history
-rw-r--r--.  1 root root   31 Jul 28 17:38 test.sh
dr-xr-xr-x. 26 root root 4.0K Jul 27 20:33 ..
drwxr-xr-x.  2 root root 4.0K Jul 16 17:20 PRESCRIPT
drwxr-xr-x.  7 root root 4.0K Jul 16 15:53 vmware-tools-distrib
-rw-------.  1 root root  841 Jul 10 13:48 anaconda-ks.cfg
-rw-r--r--.  1 root root 8.7K Jul 10 13:48 install.log
-rw-r--r--.  1 root root 3.4K Jul 10 13:46 install.log.syslog
-rw-r--r--.  1 root root   18 May 20  2009 .bash_logout
-rw-r--r--.  1 root root  176 May 20  2009 .bash_profile
-rw-r--r--.  1 root root  129 Dec  4  2004 .tcshrc
-rw-r--r--.  1 root root  176 Sep 23  2004 .bashrc
-rw-r--r--.  1 root root  100 Sep 23  2004 .cshrc
[sute@repo-centos6 ~]$ sudo /root/test.sh
sudo: /root/test.sh: command not found
[sute@repo-centos6 ~]$ sudo sh /root/test.sh; echo $?
0

[steelnwool]

Because you can't tell veaeam to use sh. Veeam takes a script and uploads it and then executes it in a predefined way.

[PTide]

I have a support ticket open with Veeam

Could you post ticket ID here, please?

Thank you.

[steelnwool]

Case # 00975431

[steelnwool]

Update 2b for Veeam Backup and Replication v8 fixes it. Turns out it was a non specific error for something else.