Open in app

Sign in

Write

Sign in

Where Angels Fear
3 min readJun 1, 2023

Skiddie

I’ve been doing a lot of bash scripting recently — hosting a thousand server farms, each hosting (itself) up to ten thousand domains containing ten thousand hosts each, with up to ten thousand users per host means abstracting more and more as I work out the automation of administrative processes.

So, I’ve been doing a lot of scripting ¹.

So much so, that I spent several hours yesterday trying to debug a series of scripts that source others and pass parameters between them (it’s hideously complex), because, whilst the end result was correct, some of the intermediate results were real headscratchers and I couldn’t, for the life of me, figure out how they were getting it right at the end whilst getting it so wrong along the way — and the last thing I need is intermediate results that might throw a spanner in the works at a later stage.

So … whilst engrossed in a particular aspect for some eight hours, I completely missed the fact that I’d already solved the original problem some five hours previously — I’d been working on two different approaches in parallel without even realising *sigh*

There has, consequently, been an awful lot of putting in echo statements to let me know which script is the active one at any time, what the parameter values are going in, what they get changed to and what the particular script returns to its parent (or passes on to a child process).

I ran one of the ones I’d roughed out previously — pseudocode … basically (the aforementioned “In script <name of script>, located in <location of script>, the variable <variable name> has a value of <value> and the script is now performing <some action>” just without it actually performing said action) … to give me the flow of the logic.

And … erm …

The output from my top level admin authority evaluation script

… the one that determines what (if any) targets a user should be offered (the server farm itself, an entire organisation, a domain within an organisation, or a host within a domain), upon which to perform various operations …

when I ran it, was as follows:

When run by root:

root is a host admin
root is not in group $group (1)
root is not in group $group (2)
root is not in group $group (3)

When run by a host admin:

$user is in $group (1) and is a host admin
$user is not in group $group (2)
$user is not in group $group (3)

When run by a domain admin:

$user is in $group (1) and is a host admin
$user is in $group (2) and is a domain admin
$user is not in group $group (3)

When run by an org admin:

$user is in $group (1) and is a host admin
$user is in $group (2) and is a domain admin
$user is in $group (3) and is a org admin
You LUCKY bastard

I should probably edit that last debugging remark out of the script before I overlook it again and it gets inadvertently compiled into the binary afterwards 😂🤣😂

___
¹ It’s all well and good using tools/solutions to achieve this, but that relies upon a particular tool/solution being available a) at all ², b) for the lifetime of the solution that depends upon it and, furthermore, available across all platforms … whereas scripts converted to binaries with something like shc are both universal and have no dependencies that might become unavailable later (which is why I don’t use autofs, for instance, but a script requiring no more than core OS features).

² Not all such are viable in all situations — sometimes certain options aren’t for various reasons ³.

³ Military institutions, for just one example, are very picky about what they allow.

⁴ You always miss something you later regret doing.

Linux
Bash
Scripting
Debugging
Logic
Where Angels Fear
Where Angels Fear

Written by Where Angels Fear

452 Followers
247 Following

There he goes. One of God's own prototypes. A high-powered mutant of some kind never even considered for mass production. Too weird to live and too rare to die.

Responses (1)

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams