>From your email I am reading this to mean that if Active-Link-Dir is NOT >specified then this security feature is disabled?
It is not so much of a security issue I suppose because only Remedy administrators should be able to configure an active link. But don't take my word for that - there could be loopholes. Angus p.s. this was not a real application but instead a proof of concept to check that it is possible to invoke a program on the Remedy server from an active link. The program wrote any parameters passed to a file but the directory was not specified so it wrote to the working directory I guess - which in this case was C:\Windows. ----- Original Message ----- From: Mueller, Doug Newsgroups: public.remedy.arsystem.general To: [email protected] Sent: Tuesday, March 01, 2011 6:35 PM Subject: Re: Where to copy program on server for run process Joe, Just to help clarify..... From the initial report of issue, things were working. The program in question simply had the output directed to an unexpected location. Without understanding the program -- was it writing to a file or just to stdout (standard out) -- hard to tell what was going on. Any process run in the background should carefully control where files are being written or what is written when just stdout is written. Either redirect that or use full filenames or filenames directed by environment variables (and remember that the environment is the one the AR System is run in). As for the Active-Link-Dir setting.... According to the documentation (and the documentation is accurate), this setting is The directory where active link server run processes are stored. Only commands located in the specified directory can be run. This is a security feature that makes sure clients or API programs can use only a safe set of server processes. So, this is simply a setting that says that if someone tries to run a program from an active link on the server, the program MUST BE in the directory specified. If there is not the program executable in that directory, the command will fail. This is a security feature to allow you as the administrator to specify a directory and unless you put a specific executable in that directory, it cannot be run from the client. It does not control the environment that the program is run in in any way. It simply is a way to control whether a given program can run at all. There are other controls like Active-Link-Shell (UNIX and Linux) that allow you to control the parent shell. Again, not where you run, just the environment under which you run. For any program run, remember you are running under the context of the AR System server so you will be in the environment of the AR System server when the program is run. The controls above simply control what can be run not where (unless you build the where into the custom shell you specify). I hope this helps, Doug Mueller ------------------------------------------------------------------------------ From: Action Request System discussion list(ARSList) [mailto:[email protected]] On Behalf Of Joe Martin D'Souza Sent: Sunday, February 27, 2011 10:50 AM To: [email protected] Subject: Re: Where to copy program on server for run process ** It might be a bug. I am not confident that is the way it should behave. If it were as designed, it would beat the purpose of that configuration by 50% – it would be like just half the expected work done... I wish I had an older installation to test to prove this but I do not. You may want to report it to customer support and ask them if they can get engineering to confirm that is how it should work.. If we are lucky Doug Mueller may be watching this thread.. <<smiles>> Joe From: Angus Comber Sent: Sunday, February 27, 2011 1:41 PM Newsgroups: public.remedy.arsystem.general To: [email protected] Subject: Re: Where to copy program on server for run process ** No, it seemed to have no effect. Which was disappointing. ----- Original Message ----- From: Joe Martin D'Souza Newsgroups: public.remedy.arsystem.general To: [email protected] Sent: Sunday, February 27, 2011 10:23 AM Subject: Re: Where to copy program on server for run process ** Did the output directory change after the introduction of Active-Link-Dir ?? Joe From: Angus Comber Sent: Saturday, February 26, 2011 5:33 PM Newsgroups: public.remedy.arsystem.general To: [email protected] Subject: Re: Where to copy program on server for run process ** The Active-Link-Dir key in ar config file was not required. The only thing required is that the program must be accessible - either in the system path or specify full path in active link or place in Remedy server process working? directory. I didn't work out what the correct directory was. My problem was that my test program output a log to the processes working directory. And that was C:\Windows - I am unsure of the reason. Angus ----- Original Message ----- From: Joe Martin D'Souza Newsgroups: public.remedy.arsystem.general To: [email protected] Sent: Saturday, February 26, 2011 7:13 PM Subject: Re: Where to copy program on server for run process ** Angus, Glad it worked out.. What was the final solution.. Did you have to enclose the path in double quotes? Joe From: Angus Comber Sent: Saturday, February 26, 2011 1:12 PM Newsgroups: public.remedy.arsystem.general To: [email protected] Subject: Re: Where to copy program on server for run process ** Apologies all. Advise worked, but program output logged to working directory - which was not current directory - so output was in system folder. anyway, no problem sorted now. Many thanks for help. Angus ----- Original Message ----- From: Joe Martin D'Souza Newsgroups: public.remedy.arsystem.general To: [email protected] Sent: Saturday, February 26, 2011 4:16 PM Subject: Re: Where to copy program on server for run process ** Angus, Can you try adding a terminating slash for that directory? Active-Link-Dir: C:\ActiveLinkcmds\ Also make sure its spelt exactly like that (sometimes even on windows I have seen problems with case sensitivity in path names..) If that does not work, try putting the whole path in double quotes.. Off course you do need to restart the server or at least run the arsignal –c to re read the configuration file.. Joe From: Angus Comber Sent: Saturday, February 26, 2011 11:06 AM Newsgroups: public.remedy.arsystem.general To: [email protected] Subject: Re: Where to copy program on server for run process ** I tried Active-Link-Dir: <mypath> and restarted AR Server but didn't seem to work. My active link on the click of a button does this: @@:cmd_line_connector.exe $USER$ $Short Description$ And in ar.cfg (Windows) I have: Active-Link-Dir: C:\ActiveLinkcmds and I have copied cmd_line_connector.exe into that folder. The program just prints out to a file in the same folder the parameters passed. But I don't get any file created. Neither do I see any server logging entry for it. But client logging says: <ACTL> Checking Cuba_run_cmd_server (0) <ACTL> -> Passed qualification -- perform if actions <ACTL> 0: Run Process <ACTL> @@: 60\19\Cuba_run_cmd_server\0\3\0\1298735989\0\6\1\1\0\\6\1\8\0\\ <ACTL> Run Process on server <ACTL> Server: angusnotebook <ACTL> Process: cmd_line_connector.exe Demo gsdf <ACTL> Success ??? ----- Original Message ----- From: Joe Martin D'Souza Newsgroups: public.remedy.arsystem.general To: [email protected] Sent: Saturday, February 26, 2011 3:38 PM Subject: Re: Where to copy program on server for run process ** Angus, If you look at the AR System Configuration guide, there is a parameter that can be set for this. I do not remember the parameter off hand. It tells the server where to find server side run processes run from active links. Joe From: Angus Comber Sent: Saturday, February 26, 2011 10:23 AM Newsgroups: public.remedy.arsystem.general To: [email protected] Subject: Where to copy program on server for run process ** I am testing running a process on the Remedy Server invoked from an active link. I know this works because if I try tun run a process where the program is in the system path, then process runs when invoked. But if I want to run a program NOT in the path, where do I copy it to? How can I find this path? Angus _attend WWRUG11 www.wwrug.com ARSlist: "Where the Answers Are"_ _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug11 www.wwrug.com ARSList: "Where the Answers Are"
