i need to run a process, PB, and keep it running, for avoiding problems i run it as background providing the user, and password, for connecting to oracle, this with the command:
PB -u myuser -p my password &
but by using 'ps -ef | grep PB' anyone can see the password. There is another way to run the process, run it in foregroung:
PB -u myuser
and it prompts for the password
'Enter password:' once typed the process is started.
I would like to run the process in background, but avoiding the password to be shown with any 'ps'?
This is a rather common Unix / Linux question, something I'd categorize as "how to mask information from ps", and unfortunately it's not very easy to accomplish.
I see two ways you could do this, though. If you're willing to launch the application by hand each time you run it, you could do something like:
$ nohup PB -u myuser > PB.log 2>&
Which would launch the process in a "bullet proof" way, prompt you for the password, then you could just type ^Z followed by the command bg to drop it into background, password hidden, but detached from your terminal so if you log out, it'll keep running.
The other solution is only useful if you have access to the application itself: you could create a bogus flag that accepted an argument and simply specify something like:
$ PB -u myuser -x " " -p pass
By having a bogus flag whose value is, say, 100 spaces, you could effectively mask the password from prying eyes.
Of course, if you can edit the source to the PB program, perhaps you could simply tweak it to read the password from standard input or a data file or something instead, which would be the preferred solution anyway.
Hope this is helpful!
Sign up for my weekly AskDaveTaylor Newsletter and you'll receive even more tech and gadget help
right to your inbox, along with exclusive news and industry updates. It's good stuff. I promise!
I don't really know how I ended up on your blog, but it seems pretty cool, and your tips are an intelligent deviation from the normal crap on tips sites.
Anyway, in this tip, I assume you're intending the bogus flag to push the password over the edge of the 80-character standard terminal width so that 'ps' doesn't print it. I just wanted to note that on most terminals, all you have to do is pipe the output of 'ps' to 'cat' (or 'less' or...), and 'ps' will assume the terminal width is unbounded. Then, the password is visible again.
My suggestion has similar difficulties, but it does solve the problem of the password showing up in 'ps'. I would create a Perl script to execute the program and then, using a redirected standard input, have the Perl script enter the password at the prompt. Of course, with this approach comes the problem of storing a password in plaintext.
A more complicated approach would be to do it with a C program and use something memfrob()-like to perform a pseudo-encryption on the string.
Keep up the good work, Dave.