[cs615asa] hw5 Question

Rozy Gupta rgupta11 at stevens.edu
Sun Apr 7 21:46:12 EDT 2019 

Also, while creating the instance do I need to specify the key name?

Best,
Rozy

-----Original Message-----
From: cs615asa-bounces at lists.stevens.edu <cs615asa-bounces at lists.stevens.edu> On Behalf Of Rozy Gupta
Sent: Sunday, April 7, 2019 9:41 PM
To: CS615 - Aspects of System Administration <cs615asa at lists.stevens.edu>
Subject: Re: [cs615asa] hw5 Question

If we do not create a file system then, how do we cross-check if the data is backed up or not?

Best,
Rozy

-----Original Message-----
From: cs615asa-bounces at lists.stevens.edu <cs615asa-bounces at lists.stevens.edu> On Behalf Of Jan Schaumann
Sent: Friday, April 5, 2019 12:37 PM
To: cs615asa at lists.stevens.edu
Subject: Re: [cs615asa] hw5 Question

Justin Barish <jbarish at stevens.edu> wrote:
 
> However, from trying this, I cannot get this to work, in that sh will 
> not expand the tilde, so I get:

Ah, yes, you discovered the fun world of tilde expansion!

See the sh(1) manual page and search for "Tilde Expansion".

The easiest solution might be to simply not allow the variable to be set in this way, but that would be very confusing to the user.

Users are used to be able to run this command:

ssh -i ~/.ssh/ec2-key hostname

so they would expect that setting EC2_BACKUP_FLAGS_SSH="-i ~/.ssh/ec2-key" should work.  Let's see how the expansion works in shell scripts.  Fetch this script and run it:
https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fstevens.netmeister.org%2F615%2Ftilde.sh&amp;data=02%7C01%7Crgupta11%40stevens.edu%7Cd8a48e8aa18c46c3355f08d6bbc34020%7C8d1a69ec03b54345ae21dad112f5fb4f%7C0%7C0%7C636902844621059263&amp;sdata=dkXJa7EGElIcJ1dMahWLw6z54qGmg2kNyXWOVFUAOFY%3D&amp;reserved=0

The output should look somewhat like this:

A quoted ~ is not going to get expanded:
Setting 'SSH_KEY1="~/.ssh/ec2-key"' yields:
SSH_KEY1=~/.ssh/ec2-key

An unquoted ~ is going to get expanded:
Setting 'SSH_KEY1=~/.ssh/ec2-key' yields:
SSH_KEY2=/Users/jans/.ssh/ec2-key

Ok, so how about an unquoted ~ arg in a multi-arg string?
Setting 'EC2_BACKUP_FLAGS_SSH=-i ~/.ssh/ec2-key' will yield an error.
So we _have_ to quote it:
I.e., we set 'EC2_BACKUP_FLAGS_SSH="-i ~/.ssh/ec2-key"':
EC2_BACKUP_FLAGS_SSH=-i ~/.ssh/ec2-key

But how do we get '~' to expand now?

One way might to explicitly eval the variable:
EXPANDED_VARIABLE=$(eval echo "${EC2_BACKUP_FLAGS_SSH}") This then yields:
echo "EXPANDED_VARIABLE=${EXPANDED_VARIABLE}"
EXPANDED_VARIABLE=-i /Users/jans/.ssh/ec2-key

Ok, so that works, but that means we're evaluating user input unchecked.
Suppose the user sets EC2_BACKUP_FLAGS_SSH="whatever; rm -fr /"...

Let's illustrate with a less harmful version:
EC2_BACKUP_FLAGS_SSH="whatever; touch /tmp/newfile"
EXPANDED_VARIABLE=$(eval echo "${EC2_BACKUP_FLAGS_SSH}")

This then yields:
echo "EXPANDED_VARIABLE=${EXPANDED_VARIABLE}"
EXPANDED_VARIABLE=whatever

And now...
ls -l /tmp/newfile
-rw-------  1 jans  staff  0 Apr  5 12:30 /tmp/newfile

Ok, let's remove that file again.
rm -f /tmp/newfile

This is a classical example of command-injection via environment variables.
For this reason, you must not trust the environment!

Hmm, so how do we expand ~ then?

We can manually translate it, since we know have the user's HOME directory in the environment:
echo ${HOME}
/Users/jans

So let's try that:
EC2_BACKUP_FLAGS_SSH="-i ~/.ssh/ec2-key"
EC2_BACKUP_FLAGS_SSH="$( echo ${EC2_BACKUP_FLAGS_SSH}" | sed -e "s|~|${HOME}|g")"
Now let's see if this expanded correctly:
echo ${EC2_BACKUP_FLAGS_SSH}
-i /Users/jans/.ssh/ec2-key

---

So I'd probably suggest this approach.  Note that (a) you need to quote the args to sed(1) to ensure expansion of the HOME and (b) you can't use '/' as the separator in the sed substitution, as '/' are the path separators in the expanded HOME variable.

I hope this didn't make things too confusing, but it nothing else, it serves as a good example of how something as seemingly trivial as tilde expansion may require a somewhat deeper understanding of how the shell works to get it right.

-Jan
_______________________________________________
cs615asa mailing list
cs615asa at lists.stevens.edu
https://lists.stevens.edu/mailman/listinfo/cs615asa
_______________________________________________
cs615asa mailing list
cs615asa at lists.stevens.edu
https://lists.stevens.edu/mailman/listinfo/cs615asa

More information about the cs615asa mailing list