4

I want to create symlink, or a pipe, or something else that could be used in lieu of a file. I want that pseudo-file to execute a command and output of that command should become the contents of that file

Something like this (not actual command):

ln -s `ssh x@y cat /etc/z.conf` /etc/z.conf

Basically, so that when you cat /etc/z.conf, it would run ssh x@y cat /etc/z.conf and connect the stdout pipe to the file handle. I would imagine, it's possible to do in a c program, but I was wondering if this could be done using command line tools only.

NOTE: I an NOT looking for a way to alias a command. I want this to look like a file, such as for example: when I run a service which reads /etc/z.conf, it would read the contents of this file transparently to itself. Also: simply copying the file is not an acceptable solution

galets
  • 1,177
  • 1
    "I would imagine, it's possible to do in a c program" -- Yikes! Ouch! I hope it's not possible to do this by any means. Reading a file should not cause or allow that file to execute anything. That would be a disaster, security wise, because it means you could not even examine a file without it potentially doing nasty things. Think of the email shenanigans, etc. "Whoops, bad spam just deleted my home directory again..." – goldilocks Mar 25 '15 at 19:22
  • Not sure there would be a security issue as long as the commands were executed with the same privileges as the user doing the reading/writing. The email example would already require they be able to run arbitrary commands (in order to insert malicious code) at which point using this mechanism would just be an added step for no purpose. – Bratchley Mar 25 '15 at 19:36
  • @goldilocks this clearly is possible, for example in a FUSE-mounted file system. And I'm of course not talking about configuring such links via email, of course I'm talking about configuring such links with root access and giving them proper access rights. I was just looking if there is an easier way than writing FUSE driver to implement it. – galets Mar 25 '15 at 19:37
  • What's the goal here though? Just to generate config files using dynamic data? If so then usually you use puppet (or similar) to periodically regenerate the config files. – Bratchley Mar 25 '15 at 19:38
  • @Bratchley as I said, simply copying file is not acceptable solution. File in question contains some boot-related information. One solution could be to link to it via NFS-mounted share, but I was hoping I could do without NFS – galets Mar 25 '15 at 19:47
  • "Copying" isn't really what puppet does but it might be helpful if you explain why it isn't an acceptable solution. Also, if this file includes boot information, pulling data from SSH seems like a bad idea since it makes network a hard dependency to boot to anything except emergency mode. If networking goes down then this information is just completely inaccessible. That doesn't seem like a desirable outcome. – Bratchley Mar 25 '15 at 19:50
  • @Bratchley If just reading a file made it impossible to prevent the execution of arbitrary code contained in that file, there is a very serious problem. You can't even check the file for malicious code to begin with. "Oh, rm -rf ~/* again, nice..." But I see the point that not every file has to have this possibility automatically enabled. – goldilocks Mar 25 '15 at 19:53
  • 1
    @goldilocks If it were stored in extended attributes or something like that, you could check those first to make sure it was a regular file. Similar to how virus scanners currently skip over unix domain sockets and named pipes. Either way, this is more of an academic discussion since this doesn't seem like a desirable way to do this. I think the OP is just looking for some sort of configuration file management solution. – Bratchley Mar 25 '15 at 19:56
  • You can do something similar with sshfs – Mikel Mar 25 '15 at 20:06

1 Answers1

1

I found solution:

#!/bin/bash

mkfifo /etc/z.conf

(
    while (true)
    do
        ssh x@y cat /etc/z.conf > /etc/z.conf
    done
) &
galets
  • 1,177
  • That doesn't do what I think you think it does. – Bratchley Mar 25 '15 at 20:00
  • How would you have phrased the question then, if you were me? – galets Mar 25 '15 at 20:00
  • Also, what's the point of a fifo here? At this point you're just manually copying down (something you said was unacceptable) and syncing a local file to it. – Bratchley Mar 25 '15 at 20:01
  • I think the point here is that each successive read on the pipe will cause the ssh command to run. – goldilocks Mar 25 '15 at 20:02
  • Well I was more talking about your posted solution. First off, I'd insert a sleep or something in there so that you CPU wasn't constantly pegged by SSH constantly copying down a new version. Have it sleep for a minute and then do it again. I'd get rid of the fifo, since that doesn't add anything to the equation and just complicates the process since you can't seek within a pipe. See also – Bratchley Mar 25 '15 at 20:03
  • ssh does not constantly run. It only runs when file is read. – galets Mar 25 '15 at 20:04
  • @Bratchley No -- although I have not tried this, I'd think each ssh call will block until the pipe is read from. – goldilocks Mar 25 '15 at 20:04
  • Alright I guess I can kind of see it. I think it was my knowledge of fifo's that was the issue. I still think this creates an unnecessary dependency on networking, but whatever works for the OP I guess. – Bratchley Mar 25 '15 at 20:09
  • @Bratchley Because it's writing to a pipe. Try it (mkfifo fifo; echo 'hello world' > fifo -- you don't get control back until you read from the pipe). A lot of essential parts of the system (e.g. init) use them, or their cousin unix local sockets. – goldilocks Mar 25 '15 at 20:09