Executing shell command from within FTP results in a warning message about missing shell and Direct Audit emergency shell is executed instead. The warning message is not an error and the ftp shell command is successfully executed.
Applies to: Centrify DirectAudit 2.0.2 on Solaris OS
Problem: Warning message about missing shell and Direct Audit emergency shell is executed instead occurs when running shell scripts in FTP session:
bash-3.2$ ftp ftp> !env DirectAudit worked out that your shell is /sh, but this file is not executable by you, as this is not a login session, or you are root, DirectAudit is allowing you access using fallback shell: /bin/da.emergency.shell DA_DASH_DEPTH=3 HOME=/export/home/frank12test LOGNAME=frank12test MAIL=/var/mail/frank12test PATH=/sbin:/usr/sbin:/usr/bin:/usr/sadm/install/bin PWD=/export/home/frank12test SHELL=/bin/sh SHLVL=1 ...
Cause: In DirectAudit 2.0.2, this is because FTP erroneously passes shell path to Direct Audit audited shell (i.e. cdash) as “/<shell>” which does not exist. The warning message is not an error and the FTP shell command is successfully executed. This issue does not occur in DirectAudit 3.2.3 release because of the architectural difference.
Workaround: For each supported shell, create a soft link in the form of “/<shell>” in the “/” directory to point to the real shell renamed by Direct Audit. For example for sh, create a soft link /sh to point to /usr/bin/sh.daudit.