|
|
How do I mask a password from "ps"?i need to run a process, PB, and keep it running, for avoiding problems i run it as background providing the user, and password, for connecting to oracle, this with the command: PB -u myuser -p my password & but by using 'ps -ef | grep PB' anyone can see the password. There is another way to run the process, run it in foregroung: PB -u myuser and it prompts for the password I would like to run the process in background, but avoiding the password to be shown with any 'ps'? This is a rather common Unix / Linux question, something I'd categorize as "how to mask information from ps", and unfortunately it's not very easy to accomplish. I see two ways you could do this, though. If you're willing to launch the application by hand each time you run it, you could do something like: $ nohup PB -u myuser > PB.log 2>&
Which would launch the process in a "bullet proof" way, prompt you for the password, then you could just type ^Z followed by the command bg to drop it into background, password hidden, but detached from your terminal so if you log out, it'll keep running. The other solution is only useful if you have access to the application itself: you could create a bogus flag that accepted an argument and simply specify something like: $ PB -u myuser -x " " -p pass
By having a bogus flag whose value is, say, 100 spaces, you could effectively mask the password from prying eyes. Of course, if you can edit the source to the PB program, perhaps you could simply tweak it to read the password from standard input or a data file or something instead, which would be the preferred solution anyway. Hope this is helpful!
More Useful Unix and Linux Help Articles:
✔ Copy and Paste from the Mac OS X Command Line?
I am constantly running commands in Terminal.app on my MacBook and then copying and pasting the results into email messages or documents. Yes,...
✔ Shell script to convert lowercase to title case?As part of a project I'm working on, I find myself deep in a Linux shell script, needing to have a subroutine that...
✔ Can I script renaming files based on an XML data map?I have a folder full of files which are named with four digits and a file extension e.g. 0312.file and an XML-file describing...
✔ Test for valid numbers in a Bash shell script?In a different discussion on this site [see Redirecting input in a shell script] a visitor commented that "I was too busy trying...
✔ Review: iSSH for the iPad/iPhoneIf you're running an online business like I am, there are times when you need to connect and log in to the server...
Let's stay in touch!
Sign up for my weekly AskDaveTaylor Newsletter and you'll receive even more tech and gadget help
right to your inbox, along with exclusive news and industry updates. It's good stuff. I promise!
Categorized:
Unix and Linux Help
(Article 4288,
Written by Dave Taylor)
Tagged: Previous: How do I claim my blog on Feedster? Next: Best place to buy a Sony Playstation Portable (PSP)? Reader Comments To Date: 1
I do have a comment, now that you mention it!Check This Out Too... |
Recent Entries
Look for Answers
Recommended
All Our Categories
Apple iPad Help
Articles and Reviews Auctions and Online Shopping Blogs and Blogging Building Web Site Traffic Business and Management Computer and Internet Basics d) None of the Above Facebook Help Google Gmail Help Google Plus Help HTML, JavaScript and Web Site Programming Industry News and Trade Shows iPhone and Cell Phone Help iPod, Sony PSP and MP3 Player Help Kindle Fire Help Mac OS X Help Pay Per Click (PPC) Advertising Pinterest Help Search Engine Optimization (SEO) Shell Script Programming Tech Support Video Help The Writing Business Twitter, LinkedIn and Social Network Help Unix and Linux Help Video Game Tips and Help Windows PC Help Find Me on Google+ ADT on G+ |
I don't really know how I ended up on your blog, but it seems pretty cool, and your tips are an intelligent deviation from the normal crap on tips sites.
Anyway, in this tip, I assume you're intending the bogus flag to push the password over the edge of the 80-character standard terminal width so that 'ps' doesn't print it. I just wanted to note that on most terminals, all you have to do is pipe the output of 'ps' to 'cat' (or 'less' or...), and 'ps' will assume the terminal width is unbounded. Then, the password is visible again.
My suggestion has similar difficulties, but it does solve the problem of the password showing up in 'ps'. I would create a Perl script to execute the program and then, using a redirected standard input, have the Perl script enter the password at the prompt. Of course, with this approach comes the problem of storing a password in plaintext.
A more complicated approach would be to do it with a C program and use something memfrob()-like to perform a pseudo-encryption on the string.
Keep up the good work, Dave.