Hi gurus,
I have a requirement where I need to remotely run a perl script as another user.
Running the script locally as the required user is fine, however I need to su with the script due to filesystem permission issues. I do not want to update permissions on the remote server due to security reasons.
I need this to monitor a database instance via nagios, so need to run the check on the remote server as an oracle related user. I've set up the sudo rules on the remote server so that everything works when the check is run as an oracle user, however the check doesn't work when run from the monitoring server.
How do I su/sudo within a perl script so that all subsequent lines are executed as a different user?
This is my script..
Quote:
use strict;
my $debug=1;
my $NAGIOS_OK = 0;
my $NAGIOS_WARNING = 1;
my $NAGIOS_CRITICAL = 2;
my $NAGIOS_UNKNOWN = 3;
my $exit_code = $NAGIOS_OK;
my $status_line = "All services online";
my $ORA_EMCTL_HOME ="";
my $EMCTL_BINARY ="";
my $name="";
my $target="";
my $state="";
my $type="";
my $cmd = sprintf("sudo /usr/bin/su - oraprod");
info "Running cmd: $cmd";
open CMD, "$cmd |" or die "Could not execute cmd: $cmd $!";
if($#ARGV == 0) {
$ORA_EMCTL_HOME=$ARGV[0];
$EMCTL_BINARY="$ORA_EMCTL_HOME/emctl";
if( !((-e $EMCTL_BINARY) && (-r $EMCTL_BINARY) && (-x $EMCTL_BINARY)) ) {
$status_line="ERROR : cannot execute $EMCTL_BINARY";
$exit_code=$NAGIOS_CRITICAL;
}
} else {
$status_line="usage : check_oracle_emctl <ORA_EMCTL_HOME PATH> \n";
$exit_code=$NAGIOS_UNKNOWN;
}
close CMD;
eval {
if($exit_code==$NAGIOS_OK) {
open(EMCTL_STATUS,$ORA_EMCTL_HOME/emctl status oms -u |) or die "cannot access or run $ORA_EMCTL_HOME/emctl_status" ;
while(<EMCTL_STATUS>){
if(/NAME=(.*?)$/) {
$name=$1;
if(<EMCTL_STATUS> =~ /TYPE=(.*?)$/) {
$type=$1;
}
else {
$status_line="PARSE : missing type for $name";
$exit_code=$NAGIOS_UNKNOWN;
last;
}
if(<EMCTL_STATUS> =~ /TARGET=(.*?)$/) {
$target=$1;
}
else {
$status_line="PARSE : missing target for $name";
$exit_code=$NAGIOS_UNKNOWN;
last;
}
if(<EMCTL_STATUS> =~ /STATE=(\w+)/) {
$state=$1;
}
else {
$status_line="PARSE : missing state for $name";
$exit_code=$NAGIOS_UNKNOWN;
last;
}
if($debug){
print "[$name], [$type], [$target], [$state]\n";
}
# TS want alarms on all offline resources, not just ones with TARGET online
#if($target eq "ONLINE"){
if($state ne "ONLINE"){
if($debug){
print "[$name] should be [$target] but is [$state]\n";
}
if($exit_code == $NAGIOS_OK) {
$status_line="OFFLINE";
$exit_code=$NAGIOS_CRITICAL;
}
# append faulted service name
$status_line="$status_line $name";
}
#}
}
}
close(EMCTL_STATUS);
}
};
if ($@) {
$status_line="ERROR: $@";
$exit_code=$NAGIOS_CRITICAL;
}
print "$status_line\n";
exit $exit_code;
what am I doing wrong? How can I execute the entire script as another user on a remote host?