Search code examples
ruby-on-railsrubysolaris-10

rails 3.2.1 rails runner fails when executing a setuid script on solaris 10

We are required to use a mainframe-based scheduler instead of cron to perform utility tasks. This scheduler communicates with an agent on a host, which then executes a generic setuid ksh script that takes as arguments the utility to execute along with whatever args are required. The setuid ksh script then invokes another script with its args.

In my case, the next script (execute_something.ksh) sets some environment variables, cds to the Rails root and does rails runner Module.function -e <environment> where environment is the arg passed along.

So that's:

mainframe -> agent -> setuid_script -> execute_something.ksh -> Module.function

When I invoke execute_something.ksh directly, as myself, it works fine. When I invoke the setuid script, I get the following error:

/[path]/bin/rails:15:in `force_encoding': unknown encoding name - BINARY (ArgumentError) from /[path]/bin/rails:15:in main

This is not a permissions thing. All the involved files are either owned by the setuid user or have full group permissions for the setgid group and belong to that group. (Yes, overkill, but that's what I was given.)

The setuid script inherits my environment (except that there is an EUID of the setuid user).

Also, the rails script that is being executed is different from the one that installed on my linux laptop (I did mention this was a solaris problem).

The rails script is:

#!/usr/bin/env ruby
#
# This file was generated by RubyGems.
#
# The application 'railties' is installed as part of a gem, and
# this file is here to facilitate running it.
#

require 'rubygems'

version = ">= 0"

if ARGV.first
  str = ARGV.first
  str = str.dup.force_encoding("BINARY") if str.respond_to? :force_encoding
  if str =~ /\A_(.*)_\z/
    version = $1
    ARGV.shift
  end
end

gem 'railties', version
load Gem.bin_path('railties', 'rails', version)

This works as me. I explicitly removed all references to my home directory sandbox in PATH and LD_LIBRARY_PATH - it still works for me and not for the setuid user.

I have no permissions to change things in the global environment - I have to put in requests and wait. There is no way to change the way the module must be executed.

Please someone - give me some ideas? I don't think this applies to many people, but isn't it an interesting puzzle?

TIA.

Carilda

Solution

  • The purpose of the rails command is to call script/rails if present, so you could just call that script directly:

    ./script/rails runner Module.function -e <environment>