Running shell scripts from actions

KSheldon300 · July 18, 2016, 1:49pm

I’ve got an action problem that’s got me at my wit’s end. I have a list of some 4,000 accounts that need to be removed from many Linux servers being monitored by BigFix. It is a csv file in the form with each line in the form

servername,username

I have added this file to an action script using the createfile construct, and I write this to the servers, and then create a shell script to grep the file to pull the accounts for that server into another data file, and then run a perl script to parse that data file to remove the accounts. The code after creating and running the files is below.

EOFEOF

delete /tmp/AcctList.txt
copy __createfile /tmp/AcctList.txt
pause while {number of lines starting with "<END>" of file "/tmp/AcctList.txt" = 0}

// Account Name Check
delete createfile
createfile until end
grep --ignore-case "{computer name}," "/tmp/AcctList.txt" >"/tmp/Accts2Del.txt"
echo "DONE1" > "/tmp/Done1.txt"
end

delete /tmp/FindAcct.sh
copy __createfile /tmp/FindAcct.sh
wait chmod 777 "/tmp/FindAcct.sh"
wait su -c '/tmp/FindAcct.sh'

pause while {not exists file "/tmp/Done1.txt"}

delete createfile
createfile until EOFEOF
#!/usr/bin/perl
open DELUS, "<", "/tmp/Accts2Del.txt";
open DELLOG, ">>", "/tmp/DelLog.txt";
while (<DELUS>)
        {
        my $thisuser = $_;
        chomp $thisuser;
        $thisuser =~ s/{computer name},//g;
        system ("userdel -r $thisuser");
        print DELLOG "Deleted user $thisuser\n";
        }
close DELUS;
close DELLOG;
open DONE, ">", "/tmp/Done2.txt";
print DONE "DONE";
close DONE;

EOFEOF

delete "/tmp/Done.txt";
delete "/tmp/Accts2Del.txt"
delete "/tmp/RemUsers.pl"
copy __createfile "/tmp/RemUsers.pl"
wait chmod 777 "/tmp/RemUsers.pl"
wait  su -c '/tmp/RemUsers.pl'

pause while {not exists file "/tmp/Done2.txt"}

delete /tmp/RemUsers.pl
delete /tmp/FindAcct.sh
delete /tmp/Accts2Del.txt
delete /tmp/AcctList.txt

Now, the problem is, when I run the FindAcct.sh script, nothing is written to the Accts2Del.txt file, but the Done1.txt file is created, showing that the script did actually run. When I run the script from the server command, my test users do show up properly.

We are currently running BigFix version 9.2.3.68. Has this been fixed in a later version of the system? If not, how can I get this to run properly?

Thanks for you time and input on fixing this.

gearoid · July 18, 2016, 5:25pm

Shell scripts can be run from actions - so I don’t think there’s anything broken with BigFix.

Sometimes it can be the environment see this post for discussion.

You can also execute scripts by invoking the shell and passing the script as a argument, if you do this you can drop the chmod 777 statements.

/bin/bash /path/to/script.sh

Also watch out for /tmp being set up as non executable

AlanM · July 18, 2016, 10:45pm

The running of the script seems like it doesn’t need the “pause” line as the “wait” should wait until the script completes but perhaps you are doing that for just debugging? It also is a potential “hang” location where it will sit forever if the script doesn’t produce the /tmp/Done* file

As to the Accts2Del.txt, are you sure the “computer name” relevance string matches the AcctList.txt file source? Sometimes computer name returns a fully qualified name on UNIX sometimes it doesn’t (depends on the config files) so it might be that issue.

KSheldon300 · July 19, 2016, 7:35pm

I believe I have it fixed - I moved the script creation before the 4,000 line list creation, and that gave the systems a chance to update rights and so forth on the system before they were to run. I was testing using some users I would create on a couple test servers and these test accounts were removed properly after the script ran. I also made modifications to the first shell script to ignore the computer’s name’s case in the grep statement, and changed the method that I used to pull the user name from the Accts2Del.txt by changing the line into a two element array and using item [1]

Thanks for everyone’s input. It’s great to have a community of users so much better versed in the BigFix app than this relative newbie.

masonje · July 19, 2016, 8:01pm

My favorite question “what do the logs say?”. If the client logs are not giving you want you want, make your own. I’ve also seen some funny business with running scripts and command with output failing. Below is how I log and get around standard output issues.

wait /bin/bash -c "su - admusr -c /path/to/script.sh >> /tmp/actionLog.txt 2>&1"

That way you get any errors your script may be getting from standard output and error.

Know you figured it out, but thought I would add this to the mix.