Focal Point Banner
Community Center Education Summit Technical Support User Groups
Let's Get Social!

Facebook Twitter LinkedIn YouTube
Go
New
Search
Notify
Tools
Reply
  
[CLOSED] CMRUN Command
 Login/Join
 
Member
posted
The CMRUN is exposing the actual user id and password arguments in a ps -ef listing even if the calling script is using variables that are being read from a protected file. Has anyone been able to properly secure the password from being viewed in a process listing when CMRUN is run on Linux/UNIX systems?

This message has been edited. Last edited by: Tamra,
 
Posts: 3 | Registered: May 26, 2015Reply With QuoteReport This Post
Expert
posted Hide Post
You can use -SET &ECHO=OFF, and set MSG=OFF and SET EMGSRV=OFF, to lock down the WebFOCUS part.


Waz...

Prod:WebFOCUS 7.6.10/8.1.04Upgrade:WebFOCUS 8.2.05OS:LinuxOutputs:HTML, PDF, Excel, PPT
In Focus since 1984
Know The Code

 
Posts: 6028 | Location: Land of the Darug people, Terra Australis Incognita | Registered: October 31, 2006Reply With QuoteReport This Post
Member
posted Hide Post
Thanks for the quick response Waz! Your suggestion was attempted by placing them in the profile for the account running the command and it didn't work on our end. Where specifically do you place the suggested options? BTW - running SuSe Linux 11 and using version 8.0.08 Data Migrator server..
 
Posts: 3 | Registered: May 26, 2015Reply With QuoteReport This Post
Expert
posted Hide Post
I would put it in the fex with the CMRUN command.

If you have a generic fex that is included everywhere, then put it in there.

All depends on what you want to lock down.


Waz...

Prod:WebFOCUS 7.6.10/8.1.04Upgrade:WebFOCUS 8.2.05OS:LinuxOutputs:HTML, PDF, Excel, PPT
In Focus since 1984
Know The Code

 
Posts: 6028 | Location: Land of the Darug people, Terra Australis Incognita | Registered: October 31, 2006Reply With QuoteReport This Post
Guru
posted Hide Post
Note that CMRUN is a program compiled for each platform and can be run from the command line, or from a shell script or bat file. There's no need to call it from a focexec. So I don't quite follow Waz's comments.

It would be helpful to include an example of your script. It took me a bit to figure out what you are doing. If you don't wait for the flow to complete you won't see cmrun in the process listing. So I'm guessing you did something like this:
  
$ export EDAHOME=/ibi/srv77/home
$ export LD_LIBRARY_PATH=$EDAHOME/bin
$ $EDAHOME/bin/cmrun.out s=lnxx64r5, u=edachk, p=password, r=flow01, w=1 & ps -ef | grep cmrun

 Run (    1) Connecting to 'lnxx64r5' as 'edachk'
edachk    6927 13181  0 13:19 pts/57   00:00:00 /ibi/srv77/home/bin/cmrun.out s=lnxx64r5, u=edachk, p=password, r=flow01, w=1
edachk    6929 13181  0 13:19 pts/57   00:00:00 grep cmrun
/prog/edachk$  Run (    2) DM Manager Server: Version 7, Release 7
(ICM18016) Request  /flow01  submitted. Please, wait for request to complete.
(ICM18762) Job ID: 20160120131921_fbc75b8e
(ICM18763) Request  /flow01 complete

It does indeed show the command line with the password. However in the current production Release 7.7.07 (aka 8.1) you store the password in an external file which can be protected and refer to the file containing the password instead of the password. For example using a file in the current directory called "credentials" that contains the password:

 $ $EDAHOME/bin/cmrun.out  u=edachk, s=lnxx64r5, x=credentials, r=flow01, w=1 & ps -ef | grep cmrun
[1]     9131
edachk    9131 13181  0 13:55 pts/57   00:00:00 /ibi/srv77/home/bin/cmrun.out u=edachk, s=lnxx64r5, x=credentials, r=flow01, w=1
edachk    9133 13181  0 13:55 pts/57   00:00:00 grep cmrun

 Run (    1) Connecting to 'lnxx64r5' as 'edachk'
/prog/edachk$  Run (    2) DM Manager Server: Version 7, Release 7
 (ICM18016) Request  /flow01  submitted. Please, wait for request to complete.
 (ICM18762) Job ID: 20160120135528_97b5fce0
 (ICM18763) Request  /flow01 complete

I see that you are using WF Release 8.0 which is equivalent to DataMigrator Release 7.7.05 first available in January 2013. So that you can use this new functionality please upgrade to the current production Release 7.7.06 or 8.1.

This message has been edited. Last edited by: Clif,
 
Posts: 374 | Location: New York City | Registered: May 03, 2007Reply With QuoteReport This Post
  Powered by Social Strata  
 


Copyright © 1996-2018 Information Builders, leaders in enterprise business intelligence.