remotesystem

Introduced in Privilege Management for Unix and Linux 7.1, remotesystem() is used to run commands on a host other than the policy server host (any Privilege Management for Unix and Linux runhost) as part of the policy. This can be called as a procedure (command output is shown on pbrun's terminal) or as a function (command output is captured into a policy variable). This is similar to the system() function/procedure, however the command is run on a different host. The Privilege Management for Unix and Linux variable status is set to the return code of the command upon exit. Input to the command comes from the user's keyboard or from the inputstring argument if it is present. Output goes to the user's screen or to the result string variable, if present.

If the specified host is the same as the submithost, the requesting program (pbrun, pbksh, pbsh) executes the command. If the specified host is not the submithost, pblocald is used to execute the command.

This is primarily intended to be used as a function, without interactive keyboard or screen I/O. Limited I/O is allowed, however programs such as vi are not supported.

This policy function requires Privilege Management for Unix and Linux 7.1 clients (pbrun, pbsh, pbksh, pbssh, pblocald).

Do not use remotesystem() as a procedure (without the result variable) in a policy that is processing pbguid requests.

[result =] remotesystem( hostname, user, environment, timeout, cwd, "command and arguments" [,inputstring]);
hostname Required. The host on which to run the command. This can be short name, FQDN, or IP address.
user Required. The user to execute the command as.
environment Required. A list specifying the environment variables to execute the command with.
timeout Required. The maximum time in seconds that the remote command is allowed to take. A timeout of zero indicates no timeout.
cwd Required. Directory from which to execute the command.
command Required. The command (possibly including path) and arguments to run.
inputstring Optional. Command input, formatted into a single character string

If the result variable is specified, remotesystem() acts as a function returning the output of the command. If the result variable is not specified, the output from the command that is executed by the remotesystem() procedure appear on stderr of the requesting program (pbrun, pbsh, pbksh, pbssh).

The Privilege Management for Unix and Linux variable status is set to the return code. In general, a return code of 0 means the command completed successfully. For a description of non-zero return codes, see the documentation for the command that is being run. A status of -15 indicates a timeout.

processlist = remotesystem( submithost, "root", {"PATH=/bin","TMPDIR=/tmp/"}, 20, "/tmp", "ps -ef", "" );

In this example, the processlist variable is assigned the output from the ps command executed on the submithost. Note that the optional input argument is a set of empty quotes, meaning that the command is not given any input.

processlist = remotesystem( submithost, "root", {"PATH=/bin","TMPDIR=/tmp/"}, 20, "/tmp", "bash -c 'ps -ef | grep ^" +user+"'");

In this example, again, the processlist variable is assigned the output from the ps command executed on the submithost. Note that the optional input argument is not provided, meaning that the submituser's keyboard is connected through to the command. Note that bash -c is used to allow for a shell to process the multiple commands (ps and grep).

For more information, please see the following: