cbarlock cbarlock - 10 days ago 8
Linux Question

db2 command line processor & passwords containing '$'

We are seeing a failure in the DB2 CLP when a password contains a $ character. I've extracted the command into a simple bash script:

su - db2apm -c "db2 -v attach to APM_NODE user db2apm using 'apm$2016'"


IBM documentations suggests that quoting the special characters should work:

http://www-01.ibm.com/support/docview.wss?uid=swg21303153

But when I run this command:

[root@picard ~]# ./test.sh
+ su - db2apm -c 'db2 -v attach to APM_NODE user db2apm using '\''apm016'\'''
attach to APM_NODE user db2apm using
SQL30082N Security processing failed with reason "24" ("USERNAME AND/OR
PASSWORD INVALID"). SQLSTATE=08001


As you can see, '$2' is interpreted as a script variable with no value. A variation on this, enclosing the whole command in single quotes:

su - db2apm -c 'db2 -v attach to APM_NODE user db2apm using apm$2016'


looks like it should work, but doesn't:

[root@picard ~]# ./test.sh
+ su - db2apm -c 'db2 -v attach to APM_NODE user db2apm using apm$2016'
attach to APM_NODE user db2apm using
SQL30082N Security processing failed with reason "24" ("USERNAME AND/OR
PASSWORD INVALID"). SQLSTATE=08001


If I run the command manually, it also fails:

[root@picard ~]# su - db2apm -c 'db2 -v attach to APM_NODE user db2apm using apm$2016'
attach to APM_NODE user db2apm using
SQL30082N Security processing failed with reason "24" ("USERNAME AND/OR
PASSWORD INVALID"). SQLSTATE=08001


But if I split it, it works!

[root@picard ~]# su - db2apm
Last login: Tue Nov 29 11:17:56 EST 2016 on pts/3
[db2apm@picard ~]$ db2 -v 'attach to APM_NODE user db2apm using apm$2016'
attach to APM_NODE user db2apm using

Instance Attachment Information

Instance server = DB2/LINUXX8664 10.5.6
Authorization ID = DB2APM
Local instance alias = APM_NODE


This feels like I'm a victim of some combination of bash, su and the DB2 CLP consuming the $ in some unexpected manner. Any thoughts on how to get this to run?

Answer

If you escape just the dollar sign, it should work (it did on my system when I just tried it):

su - db2apm -c "db2 -v attach to APM_NODE user db2apm using 'apm\$2016'"

You can also try putting into its own script:

test.sh:

db2 -v attach to APM_NODE user db2apm using \''apm$2016'\'

(I'm not sure if the quotes need to be escaped, if not, you can try the following: )

db2 -v attach to APM_NODE user db2apm using 'apm$2016'

And then run it with:

su - db2apm test.sh

(Note no -c)

Hope this solves your problem!

Edit: Also, if this still doesn't help, you can try debugging it by putting an echo in front of the db2 call so that you can see what is being expanded and how:

su - db2apm -c "echo db2 -v attach to APM_NODE user db2apm using 'apm\$2016'"