Because I'm not a real BSD-user...


  • Impossible Mission Players - A

    I'm trying to restart the nginx service of a jail from a non-privileged user (you know, because root).

    I should be able to do this using the following command:

    jailme $JailID su - root -c "/usr/sbin/service nginx reload"
    

    The problem is getting the $JailID variable.

    This is a number, and I can obtain it like so:

    jls -j namp -n jid | awk -F "=" '{print $2}'
    

    How do I turn this into a proper shell scripty-thing? The following is what I've come up with, but, erm, fails:

    #/bin/sh
    #expecting to run outside the jail
    
    JailID=$(jls -j namp -n jid | awk -F "=" '{print $2}')
    jailme $JailID su - root -c "/usr/sbin/service nginx reload"
    

    It fails like so:

    certupdate@storage:~ % ./reload_nginx
    Illegal variable name.
    

    What did I do wrong? I'm thinking it's something really simple, but I'm too tired to intelligently google at the moment...



  • @Tsaukpaetra I think $() is a bashism. In sh, you use backticks.

    JailID=`jls -j namp -n jid | awk -F "=" '{print $2}'`

  • Impossible Mission Players - A

    @MZH said in Because I'm not a real BSD-user...:

    you use backticks.

    I tried that first, but when I do I get this:

    /mnt/core/www/certupdate$ ./reload_nginx
    JailID=1: Command not found.
    JailID: Undefined variable.
    

    For some reason it seems to stop at the pipe?


  • BINNED

    @Tsaukpaetra said in Because I'm not a real BSD-user...:

    #/bin/sh

    #!/bin/sh

  • Impossible Mission Players - A

    @dse said in Because I'm not a real BSD-user...:

    !

    Doh !!!

    Sometimes it's the small things!

    That worked!

    Now on to the next project: automating the creation and deletion of DNS TXT records for freedns.afraid.org using curl and bash! (because that's what the sample scripts are doing and hopefully it will just take a bit of finaggling).


  • BINNED

    @Tsaukpaetra It is common. It is one of those things you notice immediately after you have been bitten by it.

    Here are some other examples:

    #define FUN(X,Y) X+Y
    

    It hurts to see no parenthesis. Or

    if [ $var == "wtf" ]; then
        fdisk /dev/sda
    fi
    

    Yup, use [[ and ]] if your shell does not suck, otherwise prepare for when $var has space, or is just empty! Even better, write it in Python :--)


  • Impossible Mission Players - A

    @dse said in Because I'm not a real BSD-user...:

    Even better, write it in Python :--)

    Ah, but then I'd have python on me lol.

    Nah, this little venture into shell scripting is just so I don't have to update my site certificates by hand every (3?) months from LetsEncrypt, it just so happens that I don't have the patience to get all these subsystems working (that are needed by the acme clients or whatever) just so I can do that.

    Seemed to be the simplest solution that literally required no real installation (other than an entry into crontab) and just a few bits of configuration, and it doesn't need to put fingers into everything to make the validation "more transparent and seamless".



  • @dse said in Because I'm not a real BSD-user...:

    @Tsaukpaetra It is common. It is one of those things you notice immediately after you have been bitten by it.

    Here are some other examples:

    #define FUN(X,Y) X+Y
    

    It hurts to see no parenthesis. Or

    if [ $var == "wtf" ]; then
        fdisk /dev/sda
    fi
    

    Yup, use [[ and ]] if your shell does not suck, otherwise prepare for when $var has space, or is just empty! Even better, write it in Python :--)

    Or put $var in quotes.


  • BINNED

    @ben_lubar said in Because I'm not a real BSD-user...:

    @dse said in Because I'm not a real BSD-user...:

    @Tsaukpaetra It is common. It is one of those things you notice immediately after you have been bitten by it.

    Here are some other examples:

    #define FUN(X,Y) X+Y
    

    It hurts to see no parenthesis. Or

    if [ $var == "wtf" ]; then
        fdisk /dev/sda
    fi
    

    Yup, use [[ and ]] if your shell does not suck, otherwise prepare for when $var has space, or is just empty! Even better, write it in Python :--)

    Or put $var in quotes.

    If you are so attached to your ancient shell you might as well prepend an x .

    if [ x"$var" == x"wtf" ]; then
        fdisk /dev/sda
    fi
    

    Happy now?

    The very fact that [ is test, and both are binaries sitting in your /usr/bin is an ancient :wtf:



  • @dse said in Because I'm not a real BSD-user...:

    The very fact that [ is test, and both are binaries sitting in your /usr/bin is an ancient

    I was like "Whoa" when I realized that for the first time. That's a strange, strange hack.



  • @Tsaukpaetra said in Because I'm not a real BSD-user...:

    Nah, this little venture into shell scripting is just so I don't have to update my site certificates by hand every (3?) months from LetsEncrypt, it just so happens that I don't have the patience to get all these subsystems working (that are needed by the acme clients or whatever) just so I can do that.

    If you configure your NGINX virtual server right, you can use certbot certonly to download certificate without restarting the service. Then all you need in crontab is certbot renew and you're good to go.


  • Impossible Mission Players - A

    @cartman82 said in Because I'm not a real BSD-user...:

    @Tsaukpaetra said in Because I'm not a real BSD-user...:

    Nah, this little venture into shell scripting is just so I don't have to update my site certificates by hand every (3?) months from LetsEncrypt, it just so happens that I don't have the patience to get all these subsystems working (that are needed by the acme clients or whatever) just so I can do that.

    If you configure your NGINX virtual server right, you can use certbot certonly to download certificate without restarting the service. Then all you need in crontab is certbot renew and you're good to go.

    Does it support the https-only method of validation? 'cuz almost all clients expect port 80 to be used (or DNS), and I totes can't do the former.

    Besides, I'm not restarting nginx, I use the reload config command.



  • @Tsaukpaetra said in Because I'm not a real BSD-user...:

    Does it support the https-only method of validation? 'cuz almost all clients expect port 80 to be used (or DNS), and I totes can't do the former.

    Nope, must be port 80. I guess you need to prove you have complete access to the port 80 pipeline on a server, you can't just hack in and open a little listener on some userland port.

    Besides, I'm not restarting nginx, I use the reload config command.

    Hmm, I think I misunderstood what you were doing. I thought you were bringing nginx down to get the new cert, like in a certbot standalone mode...



Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.