Exit code = 1 when I try to execute a shell script that works manually

AQuebman 2023-11-14 18:07:22 UTC #1

My script is below and no matter what I try my attempt to run the script with a wait /bin/sh -c /tmp/Armor.sh is causing an exit code of 1. The file I confirmed is created, ive tried to lower its ownership still same issue and ive also run it manually and didn’t have any errors. What could possibly be wrong? if my credentials to login to the databases were wrong id expect a failure when run manually. Any help would be greatly appreciated.

if {(name of operating system as lowercase contains "linux")}
delete __createfile
delete /tmp/Armor.sh


createfile until _end_
#!/bin/sh
db1User=$(Calling a decrypt shell to pull the username from a property file on the computer and store it in a variable )
db2User=$( Calling a decrypt shell to pull the username from a property file on the computer and store it in a variable )

db1Pass=$( Calling a decrypt shell to pull the Password from a property file on the computer and store it in a variable )
db2Pass=$( Calling a decrypt shell to pull the Password from a property file on the computer and store it in a variable)


mysql -u $db1User -p${{db1Pass} database1 -e "Update sql being run on first database"
mysql -u $db2User -p${{db2Pass} database2 -e "Update sql being run on second database"
_end_

move __createfile /tmp/Armor.sh
wait chmod 755 /tmp/Armor.sh
wait /bin/sh -c /tmp/Armor.sh
parameter "__ExitCode" = "{exit code of action}"
if {parameter "__ExitCode" != "0"}
    exit {parameter "__ExitCode"}
endif
delete /tmp/Armor.sh

JasonWalker 2023-11-14 18:45:30 UTC #2

Because the shell spawned by BESClient is not a login shell, by default, it does not source your account’s environment variables (like $PATH). Likely ‘mysql’ is not in the shell’s PATH.

See Linux script fails. for launching /bin/sh --login and saving the output and error messages to a file.

atlauren 2023-11-14 19:12:46 UTC #3

Shell execution context can be tricky. Sitting here now, (mumbly) decades into an IT career, I still don’t full understand why different things work in different situations.

If your very basic script is +x executable, the most basic thing probably works.

run /path/to/script.sh

If you want to not bother with the +x bit, you can use the shell command and reference the script as parameter.

run /bin/sh /path/to/script.sh

If you want pause fixlet processing until the script is done, you need to tell both BigFix and the shell to do that.

wait /bin/sh -c /path/to/script.sh

If you also need the script to run as though it were within a user login session, because reasons(?)

wait /bin/sh -c -l /path/to/script.sh

If you’re down this far, and your script is sufficiently complex, you might find that results are weird in unexpected ways. This might be because your system’s /bin/sh in in fact not sh, but in fact a copy or symlink to /bin/bash. This gets really fun, because bash has hard-coded behaviors which emulate sh when the binary is invoked with the name sh. From the man page:

If bash is invoked with the name sh, it tries to mimic the startup behavior of historical versions of sh as closely as possible, while conforming to the POSIX standard as well.

For this reason, it might be worthwhile to deliberately invoke bash and simplify your life:

wait /bin/bash -c -l /path/to/script.sh

Sometimes, because reasons(?), even though the BESAgent runs as root and you’re invoking the shell as above, better success happens if you punt and let sudo do it. (Why? I have no freaking idea.)

wait sudo -l /path/to/script.sh

AQuebman 2023-11-14 19:37:27 UTC #4

Thank you both for your info. It looks like my issue may be with the decryption of the password and usernames which is another issue you both likely can’t help me with. Still investigating. Ill report back if I hit another wall I think you can help with.