I’m attempting to push an app to some CentOS machines using a shell command.
The command pulls an install script from our application’s tenant and runs it. For whatever reason the permissions for the folder containing the config file for the application are not being set properly and the process is failing to start. Adding additional commands to fix the permissions is seemingly not working.
I’ve pushed it to some Ubuntu machines and those work without issue. If the install command is ran on the CentOS machine locally then there is no issue with permissions and the application works just fine.
I think you’ll need to give some more details than that. What directory is being created? What are the actual permissions and the expected permissions? What does the ActionScript look like?
It’s to deploy Humio LogScale Collector. I have the script type set to sh rather than Action Script.
The command looks like this.
curl https://<tenant>.crowdstrike.com/api/install-collector.sh -d “<token>” | sudo bash
The folder and file that permissions aren’t being set correctly for are /etc/logscale-collector and /etc/logscale-collector/config.yaml
I modified the script to confirm if the folder exists and that the process is not running before setting the permissions and starting the process.
curl https://<tenant>.crowdstrike.com/api/install-collector.sh -d “<token>” | sudo bash
wait
if test -d /etc/logscale-collector; then
if pgrep -x “logscale-collec” > /dev/null; then
exit
else
sudo chmod 750 /etc/logscale-collector
sudo chmod 640 /etc/logscale-collector/config.yaml
sudo systemctl start logscale-collector
fi
fi
Ok, that helps a lot.
A couple of things to note - With the BigFix ‘sh’ type, it should be launching /bin/sh to run the script. On Ubuntu I believe that /bin/sh is linked to ‘dash’ rather than ‘bash’ and has fewer built-in shell commands than ‘bash’.
Which shell CentOS uses, I think may depend on CentOS version. If it’s bash, I think when invoked with /bin/sh it behaves in POSIX mode. I’m not sure whether the shell builtin ‘wait’ that you’re using to wait for the install-collector.sh to finish actually works in that shell. It may be that test on the directories is occurring before the installer has finished. You might try that manually, running as root, to test the behavior of ‘wait’ and the CentOS /bin/sh shell.
Invoke /bin/sh explicitly so you ensure you get the same behavior that our BESClient will see. Even though it might be a symlink to /bin/bash, when we execute it using the /bin/sh symlink the shell can behave differently.