If you use double-quotes when creating an Access Route that contains the variable $USER, the shell interpretation of quoted string will cause an unintended, and potentially dangerous, route to be generated.
For example, running the following command:
ttyadmin -a -l MY_HOSTGROUP:testuser -z "SUEXEC:$USER@*->root@MY_HOSTGROUP%/usr/bin/touch /tmp/testfile" -w 1234567
Would result in the following route:
SUEXEC:root@*->root@MY_HOSTGROUP%/usr/bin/touch /tmp/testfile 00:00-24:00, 1234567
Notice the change in the "from user"... the command should have resulted in a route with $USER@*->root, but this was changed to root@*->root, which will not match the "from user" and will result in a No Terminal Authorization error.
The reason this happens is that with double-quotes, the variable $USER is evaluated by the shell. Since, in most cases, BoKS commands are executed as root, $USER gets set to the root user.
Resolution / Workaround
Rewrite the rule using single quotes (') rather than double-quotes (") and the route will be created correctly. For example:
ttyadmin -a -l MY_HOSTGROUP:testuser -z 'SUEXEC:$USER@*->root@MY_HOSTGROUP%/usr/bin/touch /tmp/testfile' -w 1234567
Still have questions? We can help. Submit a case to Technical Support.