ADV: fP SysWrap now available!
Fairlight
fairlite at fairlite.com
Fri Oct 21 06:36:24 PDT 2011
Fairlight Consulting is pleased to announce the release of our latest
product, Fairlight fP SysWrap! Wonder what the product does? Read on!
This utility takes the complication out of using SYSTEM() for external
commands on Linux systems, solving the technical points of conflict between
filePro, the bash shell dropping privileges, the ownership and modes of
resultant output files from commands, and even the user and group with
which a command is executed from inside SYSTEM().
How many times have you faced the hassle of running a command under
SYSTEM() and needing access to data from a specific file (which probably
isn't even owned by the user filePro!), needing the command to run, and
needing the command to generate a file that is readable -by- the filepro
user? If you're like many developers, too many times to count!
After recently seeing someone code yet another filePro-based workaround
that didn't work correctly, I decided it was time to slay the beast once
and for all! Here's what fP SysWrap will do for you on a Linux system:
* Lets you specify an output file for which it will modify the
ownership/permissions.
* Lets you specify an optional input file for optional removal
(auto-cleanup, at your fingertips!).
* Lets you specify the command to run, with all arguments available, even
if their flags conflict with "fpsyswrap" flags. If both the wrapper and
the program to be run share a -o flag, not a problem! There's an option
that lets you tell the wrapper to ignore anything past that point in the
command line, and give it to the target command.
* Lets you specify the user, group, and mode of the output file. The most
secure would be "-u filepro -g users -m 0600". (Group is -usually-, but
not always, irrelevant--but required.) The file ownership and mode is
changed before SYSTEM() returns in filePro, so you're all set to read your
data file when it finishes.
* Lets you specify the user and group under which the command is executed,
independently of the requested output file ownership. This is so that
you can get at data files owned by other users (nobody, apache, etc.),
which may be in places the filepro user can't normally access. If you do
not specify the user and group for running the command, the user and group
specified for the output file is used.
* Lets you specify which programs may be run under this wrapper. Any command
not listed in the configuration file will not be run.
* This solution requires that "fpsyswrap" be run as root. One configuration
rule in /etc/sudoers takes care of this, and you can then use sudo as the
first part of your command line. However, it's safe to let any user at all
have access to the wrapper, since the wrapper will not let itself be run
outside of the context of [dr]clerk or [dr]report. The ability to run
programs as a different user via this wrapper is restricted to the clerk
and report environments by making sure that clerk or report is a parent of
the wrapper somewhere up the process tree. In this fashion, even though
sudo may allow running of the wrapper by any user, "steve" cannot run
commands as "dave" via the wrapper unless the wrapper is executed from
inside clerk or report. The only people who can abuse the wrapper are
people that can change filePro processing tables.
This solution is ideal for filePro SYSTEM() integration with:
* web servers
* email
* any solution where input and output files, and SYSTEM() are
involved!
Fairlight fP SysWrap is supported on Linux. It should run just fine on
FreeBSD as well, although I kept that off the supported platform list as
a technicality, since I don't have a FreeBSD system on which to test it,
and I haven't gotten a positive confirmation from a third party at this
date. Technically, it should work fine on SCO, AIX, Solaris, etc. And I
can see a use for it on those platforms. That need is just highly
exacerbated on Linux due to how bash drops privileges. For now, the
product is only -officially- supported on Linux, but if you meet the system
requirements below, it should likely work fine on your platform.
System requirements are remarkably light: It needs perl, that's it. I
doubt you can find a Linux distribution that lacks perl, these days! Well,
it also needs to be run as root, so "sudo" is a wise idea, but that's also
in most Linux distributions. In a pinch, "su" would probably work, but I
highly recommend using "sudo" instead. The necessary "sudo" configuration
rule is in the documentation for the simplest level of configuation.
All this headache-saving (possibly anneurism-saving, if you're as easily
annoyed as I can get with the way filePro makes permissions and ownerships
a nightmare!) convenience can be yours today at the low introductory price
of $100 per server!
This introductory price will quite probably increase within one to two
weeks, so now is the perfect time to grab this software and save some
money before I raise the price!
For full documentation, and/or to purchase the product, please visit:
http://www.fairlite.com/fc/products/fpsyswrap/
Mark Luljak,
Fairlight Consulting
More information about the Filepro-list
mailing list