I’m running a ksh script on AIX 7.2.
In debug mode I want to redirect all the script does to a brkpt-file.
The script also makes logins to another application and therefore uses a password (let’s say “pw123_”)
exec > $brkpt_file 2>&1 set -xv dsmadmc -id=admin -pa=pw123_ q pr
Redirection works fine, but I want to replace the passwordstring with “***” so its never visible in the brkpt-file.
That works fine on commandline:
echo "dsmadmc -id=admin -pa=pw123_ q pr" | sed "s/-pa=[[:graph:]]* /-pa=*** /g" result dsmadmc -id=admin -pa=*** q pr
But as soon as I use this “sed” in combination with “exec”:
a) the output is not redirected to file anymore but on the screen
b) the passwordstring is not replaced
exec | sed 's/-pa.*=[[:graph:]]* /pa=*** /g' > $brkpt_file 2>&1 set-xv dsmadmc -id=admin -pa=pw123_ q pr result + dsmadmc -id=admin -pa=pw123_ q pr + ... other stuff of script
How I can I get all the script stuff in the brkpt AND hide the password?
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
exec can’t be used to pipe output directly into another program, it can only be used to redirect output to a file.
Fortunately, on unix, everything is or can be made to look like it’s a file.
For ksh (and for POSIX compatibility), you need to create a named fifo and redirect the script’s output to that.
#!/bin/ksh
fifo=./exec.fifo
log=./exec.ksh.log
# delete the fifo if it already exists
[ -e "$fifo" ] && rm -f "$fifo"
mkfifo "$fifo"
# now run the sed script in the background. Its purpose is to modify
# the input coming from the fifo before saving it to the log file
( sed -e 's/-pa=[^ ]* /-pa=*** /g' < "$fifo" > "$log" ) &
# set up a function and trap to delete the fifo on exit.
cleanup () { rm -f "$fifo" ;}
trap cleanup EXIT
# now do the exec
exec > "$fifo"
# and finally do something that produces some output.
echo "dsmadmc -id=admin -pa=pw123_ q pr"
When you run the script, the output will be filtered through sed via the fifo and then redirected to the log file:
$ ./exec.ksh $ cat exec.ksh.log dsmadmc -id=admin -pa=*** q pr
If you are using bash, however, it’s a bit easier. You can use Process Substitution to provide a “file” to redirect the output to instead of a fifo (the fifo method still works if you prefer to write portable shell scripts).
For example:
#!/bin/bash
exec 1> >(sed 's/-pa=[^ ]* /-pa=*** /g' > ./exec.bash.log)
echo "dsmadmc -id=admin -pa=pw123_ q pr"
Again, the output will be modified by sed before being saved to the log file.
$ ./exec.bash $ cat exec.bash.log dsmadmc -id=admin -pa=*** q pr
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0