Sudo and pre-freeze scripts

VMware specific discussions

Sudo and pre-freeze scripts

Veeam Logoby steelnwool » Tue Jul 28, 2015 2:25 pm

So I discovered an interesting behavior with using credentials that are elevated to root on linux servers.

The scripts are uploaded via Veeam and then executed using sudo, but they will not execute because they are never given the execute bit and sudo hates that.

I have a support ticket open with Veeam but was curious if anyone else had any input.

Here is the relevant log out put:

Code: Select all
[28.07.2015 09:03:00] <15> Info     [ScriptInvoker] Creating Linux invoker.
[28.07.2015 09:03:00] <15> Info     [ScriptInvoker] Starting pre-freeze script execution
[28.07.2015 09:03:00] <15> Info     [ScriptInvoker] Running Linux script (SSH) 'C:\Users\root\Documents\scripts\uid.sh'
[28.07.2015 09:03:00] <15> Info     [Ssh] Creating new connection [host: '10.33.33.51', port: 22, user: 'veeam', elevation to root: 'yes', autoSudo: no, auth type: 'PublicKey'.].
[28.07.2015 09:03:00] <15> Info     [Ssh] logon, host: '10.33.33.51', port: 22, user: 'veeam', elevation to root: 'yes', autoSudo: no, auth type: 'PublicKey'.
[28.07.2015 09:03:00] <15> Info     [Ssh] Server (10.33.33.51) version string: "SSH-2.0-OpenSSH_5.3"
[28.07.2015 09:03:00] <15> Info     [ScriptInvoker] SSH connection is established (10.33.33.51).
[28.07.2015 09:03:01] <15> Info     Executing: sudo /tmp/477b2d2b-569e-456b-9e04-90fb6c9fac85_uid.sh;echo $?
[28.07.2015 09:03:01] <15> Info     Executing: sudo rm -f /tmp/477b2d2b-569e-456b-9e04-90fb6c9fac85_uid.sh
[28.07.2015 09:03:01] <15> Info     [Ssh] Connection [host: '10.33.33.51', port: 22, user: 'veeam', elevation to root: 'yes', autoSudo: no, auth type: 'PublicKey'.] is disposing.
[28.07.2015 09:03:01] <15> Error    [ScriptInvoker] Failed to execute script in lin guest machine over SSH. Script path: C:\Users\root\Documents\scripts\uid.sh.
[28.07.2015 09:03:01] <15> Error    Exception of type 'Veeam.Backup.Core.CGuestScriptTimeoutExc' was thrown. (Veeam.Backup.Core.CGuestScriptTimeoutExc)
[28.07.2015 09:03:01] <15> Error       at Veeam.Backup.Core.CSshScriptInvoker.ExecScript(String localPath, TimeSpan timeout)
[28.07.2015 09:03:01] <15> Warning  [ScriptInvoker] Script execution timeout.


And here is a simulation in an interactive shell, emulating how veeam would behave. First uploading the script and then trying to execute it. For follow up I chmodded +x the file and I show the output here..

Code: Select all
[veeam@jsandbox ~]$ ls -lt /tmp/uid.sh
-rw-r--r-- 1 veeam veeam 81 Jul 28 09:15 /tmp/uid.sh
[veeam@jsandbox ~]$ sudo /tmp/uid.sh; echo $?
sudo: /tmp/uid.sh: command not found
1
[veeam@jsandbox ~]$ chmod +x /tmp/uid.sh
[veeam@jsandbox ~]$ ls -lt /tmp/uid.sh
-rwxr-xr-x 1 veeam veeam 81 Jul 28 09:15 /tmp/uid.sh
[veeam@jsandbox ~]$ sudo /tmp/uid.sh; echo $?
0


Interesting eh?

So is this a bug with Veeam, or is there a way to configure sudo to execute scripts even if there is no exe bit enabled, or do i write a wrapper?
steelnwool
Enthusiast
 
Posts: 30
Liked: 1 time
Joined: Fri Sep 03, 2010 4:44 pm
Full Name: Jeff MacDonald

Re: Sudo and pre-freeze scripts

Veeam Logoby PTide » Tue Jul 28, 2015 2:52 pm

Hi,

Sorry if I got you wrong, but why not to sh?
Please see the code below - sute is a sudoer, test.sh is a bash script.

Code: Select all
login as:root
Last login: Tue Jul 28 17:36:49 2015
[root@repo-centos6 ~]# su sute
[sute@repo-centos6 root]$
[sute@repo-centos6 root]$ ls
ls: cannot open directory .: Permission denied
[sute@repo-centos6 root]$ cd /home/sute/
[sute@repo-centos6 ~]$ ls
[sute@repo-centos6 ~]$
[sute@repo-centos6 ~]$ ls -laht
total 20K
drwx------. 2 sute sute 4.0K Jul 28 17:40 .
drwxr-xr-x. 3 root root 4.0K Jul 28 17:40 ..
-rw-r--r--. 1 sute sute   18 Oct 16  2014 .bash_logout
-rw-r--r--. 1 sute sute  176 Oct 16  2014 .bash_profile
-rw-r--r--. 1 sute sute  124 Oct 16  2014 .bashrc
[sute@repo-centos6 ~]$ ls -laht /root/
ls: cannot open directory /root/: Permission denied
[sute@repo-centos6 ~]$ sudo ls -laht /root
[sudo] password for sute:
total 68K
dr-xr-x---.  4 root root 4.0K Jul 28 17:48 .
-rw-------.  1 root root 4.4K Jul 28 17:43 .bash_history
-rw-r--r--.  1 root root   31 Jul 28 17:38 test.sh
dr-xr-xr-x. 26 root root 4.0K Jul 27 20:33 ..
drwxr-xr-x.  2 root root 4.0K Jul 16 17:20 PRESCRIPT
drwxr-xr-x.  7 root root 4.0K Jul 16 15:53 vmware-tools-distrib
-rw-------.  1 root root  841 Jul 10 13:48 anaconda-ks.cfg
-rw-r--r--.  1 root root 8.7K Jul 10 13:48 install.log
-rw-r--r--.  1 root root 3.4K Jul 10 13:46 install.log.syslog
-rw-r--r--.  1 root root   18 May 20  2009 .bash_logout
-rw-r--r--.  1 root root  176 May 20  2009 .bash_profile
-rw-r--r--.  1 root root  129 Dec  4  2004 .tcshrc
-rw-r--r--.  1 root root  176 Sep 23  2004 .bashrc
-rw-r--r--.  1 root root  100 Sep 23  2004 .cshrc
[sute@repo-centos6 ~]$ sudo /root/test.sh
sudo: /root/test.sh: command not found
[sute@repo-centos6 ~]$ sudo sh /root/test.sh; echo $?
0
PTide
Veeam Software
 
Posts: 3019
Liked: 246 times
Joined: Tue May 19, 2015 1:46 pm

Re: Sudo and pre-freeze scripts

Veeam Logoby steelnwool » Tue Jul 28, 2015 2:55 pm

Because you can't tell veaeam to use sh. Veeam takes a script and uploads it and then executes it in a predefined way.
steelnwool
Enthusiast
 
Posts: 30
Liked: 1 time
Joined: Fri Sep 03, 2010 4:44 pm
Full Name: Jeff MacDonald

Re: Sudo and pre-freeze scripts

Veeam Logoby PTide » Tue Jul 28, 2015 3:44 pm

I have a support ticket open with Veeam

Could you post ticket ID here, please?

Thank you.
PTide
Veeam Software
 
Posts: 3019
Liked: 246 times
Joined: Tue May 19, 2015 1:46 pm

Re: Sudo and pre-freeze scripts

Veeam Logoby steelnwool » Tue Jul 28, 2015 4:47 pm

Case # 00975431
steelnwool
Enthusiast
 
Posts: 30
Liked: 1 time
Joined: Fri Sep 03, 2010 4:44 pm
Full Name: Jeff MacDonald

Re: Sudo and pre-freeze scripts

Veeam Logoby steelnwool » Thu Aug 06, 2015 12:05 pm 1 person likes this post

Update 2b for Veeam Backup and Replication v8 fixes it. Turns out it was a non specific error for something else.
steelnwool
Enthusiast
 
Posts: 30
Liked: 1 time
Joined: Fri Sep 03, 2010 4:44 pm
Full Name: Jeff MacDonald


Return to VMware vSphere



Who is online

Users browsing this forum: calamarz and 24 guests