Bash Script-exec

The Open Group Base Specifications Issue 6
IEEE Std 1003.1, 2004 Edition
Copyright © 2001-2004 The IEEE and The Open Group, All Rights reserved.

---

NAME

exec - execute commands and open, close, or copy file descriptors

SYNOPSIS

exec [command [argument ...]]

DESCRIPTION

The exec utility shall open, close, and/or copy file descriptors as specified by any redirections as part of the command.
If exec is specified without command or arguments, and any file descriptors with numbers greater than 2 are opened with associated redirection statements, it is unspecified whether those file descriptors remain open when the shell invokes another utility. Scripts concerned that child shells could misuse open file descriptors can always close them explicitly, as shown in one of the following examples.
If exec is specified with command, it shall replace the shell with command without creating a new process. If arguments are specified, they shall be arguments to command. Redirection affects the current shell execution environment.

OPTIONS

None.

OPERANDS

See the DESCRIPTION.

STDIN

Not used.

INPUT FILES

None.

ENVIRONMENT VARIABLES

None.

ASYNCHRONOUS EVENTS

Default.

STDOUT

Not used.

STDERR

The standard error shall be used only for diagnostic messages.

OUTPUT FILES

None.

EXTENDED DESCRIPTION

None.

EXIT STATUS

If command is specified, exec shall not return to the shell; rather, the exit status of the process shall be the exit status of the program implementing command, which overlaid the shell. If command is not found, the exit status shall be 127. If command is found, but it is not an executable utility, the exit status shall be 126. If a redirection error occurs (see Consequences of Shell Errors ), the shell shall exit with a value in the range 1-125. Otherwise, exec shall return a zero exit status.

CONSEQUENCES OF ERRORS

Default.

---

The following sections are informative.

APPLICATION USAGE

None.

EXAMPLES

Open readfile as file descriptor 3 for reading:

exec 3< readfile

Open writefile as file descriptor 4 for writing:

exec 4> writefile

Make file descriptor 5 a copy of file descriptor 0:

exec 5<&0

Close file descriptor 3:

exec 3<&-

Cat the file maggie by replacing the current shell with the cat utility:

exec cat maggie

RATIONALE

Most historical implementations were not conformant in that:

foo=bar exec cmd

did not pass foo to cmd.

FUTURE DIRECTIONS

None.

SEE ALSO

Special Built-In Utilities

CHANGE HISTORY

Issue 6

IEEE Std 1003.1-2001/Cor 1-2002, item XCU/TC1/D6/5 is applied so that the reference page sections use terms as described in the Utility Description Defaults ( Utility Description Defaults ). No change in behavior is intended.

End of informative text.

 

Refer to: http://pubs.opengroup.org/onlinepubs/009695399/utilities/exec.html

Linux Network Security Issues

Until now, as far as I know, there are at least three different levels of network security mechanism that affects the running of network processes, TCP Wrapper, Iptables firewall, SELinux.

TCP Wrapper and SELinux are host-based mechanism. According to a response to a network packet, TCP Wrapper and SELinux will decide if this packet can be processed by the specific running process. They will not block any network access from other hosts, however, they will limit the running process in the host from processing network messages.

Iptables, on the other hand, provides a network-based security mechanism. It inspects every network packet whenever a packet going into a host or leaving a host. A great amount of distinct functional rules can be set up in order to filter some specific packets. By this way, unwanted packet is forbidden outside of the host.

In my recent experiment, several problems are suffered in these two issues. I'd like to record them here for future reference:

1. In school's Fedora 11 system, snmp messages can not going out even if the corresponding port is opened by iptables firewall. When I was using tcpdump to inspect every packet of snmp protocol, I found that snmp request messages were able to go in the system. but there were never any packets coming out. I supposed that two possibilities: snmp crashed, or some other than iptables was keeping block the outgoing messages. Finally, after I searched almost the whole internet (joking, can I? but it is true that it is quite difficult to spot a specific rear problem on the internet.), I realised that I got half correct. There is something called TCP Wrapper which is used by Linux system to prevent some specific daemon processes from accessing from unwanted network hosts. In this case, all of the process other than several processes denoted in the file /etc/hosts.allow is allowed to be accessed in localhost host which means that only local access is allowed. This is right the reason why I was able to query snmp using localhost. In coming snmp messages from other hosts is not allowed to be processed by snmpd (so harsh!!). The solution is simple, just add the snmpd into hosts.allow file. 
2. The problem regarding to Iptables is a little foolish, but I learnt others when I modified the rules of Iptables. Actually, the reason of I can't transfer files to cspc020 is because I open the wrong port for tcp connection (don't believe the instructions on the webpage totally, this lessoned me). Just open tcp60000 is fine. During this process, i found that, always modify the iptables using iptables command line tools before modify the configuration file /etc/sysconfig/iptables, because the command line is temporary but effects at once. If there are some problems, I am able to resume it by restart computer and then the original configuration will be read. !!!! Good mechanism.

Strange SNMP problem in Ubuntu or other platform

Description of the problem:
After I have installed SNMPd in Ubuntu 9.04, I was trying to snmpwalk system to test the correction of the installation and deployment. However, I got a Time out message even though I did not get any firewall installed in Ubuntu. At the beginning, I thought that it is the firewall problem like in Fedora. The truth of no firewall installed in Ubuntu by default makes me realise that this is not in that case.

Solution:
Ubuntu is different from Fedora, there is a file to keep the default snmpd's running options, which is:
/etc/default/snmpd. In it, the options denote that only local host is able to snmpwalk the SNMP agent. In this case, I will not only need to change the snmpd.conf configure file, but I will also need to change some lines in the snmpd configure file mentioned above to make it work. The changing is like this:

#SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid 127.0.0.1'
SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid -c /etc/snmp/snmpd.conf