Persmissions issue when running Shell command

Riddick
Riddick Member Posts: 4
edited 2009-05-30 in NAV/Navision Classic Client
I created a CU to run HotCopy.exe and attached the CU to the Job Queue scheduler. The scheduler kicks in and runs the CU, as expected. But for some reason I see an error message in the Application Events log:

The following information is part of the event: For security reasons, you are not allowed to run the following
executable in the SHELL function when it is passed as a variable:

Executable: echo %USERNAME% >> c:\BACKUP\testrun.log
Parameter:

No matter which file I try to run via SHELL, same message pops up. I am logged in as SUPER user with all the privileges on the DB. Any idea why this error message pops up?

TIA.

Comments

  • karstenrobert
    karstenrobert Member Posts: 27
    Hi,

    have a look at the C/SIDE reference online help for shell:
    BEGIN

            // The following is NOT trusted and will give a warning:

            ExecName := 'C:\windows\notepad.exe';

            param := 'C:\MyFile.txt';

            ret := SHELL(ExecName, param);

            // The following IS trusted and will not give a warning:

            param := 'C:\MyFile.txt';

            ret := SHELL(TEXT000, param);

            //The following is not possible - will only give an error

            //message during runtime. This is also if it's a TextConst:

            ExecName := 'C:\windows\notepad.exe C:\MyFile.txt';

            ret := SHELL(ExecName);

          END;

    So you should set the shell path to the executable as text constant and only make the parameter a normal string.
    ret := SHELL(TEXT000, param);
    (But you could also use '%1' in the textconstant and then use STRSUBSTNO (String) and you won't get an error too)
    Karsten Frank
    MCP - Dynamics NAV Developer
  • kriki
    kriki Member, Moderator Posts: 9,129
    Maybe it is easier to create a cmd-file with the command in it and schedule it on the server through Windows scheduling.
    Regards,Alain Krikilion
    No PM,please use the forum. || May the <SOLVED>-attribute be in your title!

  • Riddick
    Riddick Member Posts: 4
    Seems that Shell will only execute properly when a text CONSTANT is used. What's interesting is that I can say Shell('cmd.exe') and it will run just fine. But as soon as I pass it a full path name with a command file, Shell thinks there is a security breach and won't run unless it sees a text constant (with that same path and file name). Strange, but nonetheless true, seems it will only "trust" built in commands and apps.

    Shell(TEXT001) works fine.
  • bylle
    bylle Member Posts: 47
    When using SHELL with a command like "echo %USERNAME% >> c:\BACKUP\testrun.log" you will always have the security issue. This is due to %USERNAME% and therefore Navision assumes that you are running a "new" program each time.

    If for instance it always was "echo SchedulerUSER >> c:\Backup\testrun.log", which your text constant properly is, you will not have this issue. Because it is always the same command - only the first time you have to acknowledge the security issue.

    If you would like to use %USERNAME%, then instead of SHELL you can use WshShell (it is a part of the automation "Windows Script Host Object Model"). When using WshShell you will not get any security warnings.

    You can ready more about it here: http://techblog.byllemos.com/2008/04/execution-of-batch-jobs-and-other-programs-from-navision/
    Ingrid Byllemos
    My techblog
    Meet me @ LinkedIn

Categories