command_execution_options

command execution.

⚙️ Compatible targets: Linux

Parameters

Name	Documentation
command	Command to be executed. This parameter is required.
args	Arguments to the command. This parameter is optional.
run_in_audit_mode	Specify if command must be run in audit mode, "true" or "false" (defaults to "false"). Choices: `true` `false` This parameter is optional.
in_shell	Specify whether the command should be executed within a shell, "true" or "false" (defaults to "false"). Choices: `true` `false` This parameter is optional.
shell_path	Define the path to the shell to be used, absolute path on the target node (applicable only in shell mode, defaults to "/bin/sh"). This parameter is optional.
chdir	Set the working directory from which the command will be executed. This parameter is optional.
timeout	Define a timeout duration in seconds for the command execution (defaults to "30" seconds). This parameter is optional.
stdin	Provide input to the standard input (stdin) of the executed command. This parameter is optional.
stdin_add_newline	Control whether a newline character is appended to the stdin input, "true" or "false" (defaults to "true"). Choices: `true` `false` This parameter is optional.
compliant_codes	Specify the compliant codes. This parameter is optional.
repaired_codes	Specify the repaired codes. This parameter is optional.
output_to_file	Define a file path to store the output generated by the command (absolute path on the target node). This parameter is optional.
strip_output	Controls if the EOL is strip from the output, "true" or "false" (defaults to "false"). Choices: `true` `false` This parameter is optional.
uid	Specify the user ID (UID) under which the command will be executed. This parameter is optional.
gid	Specify the group ID (GID) under which the command will be executed. This parameter is optional.
user	Specify the user under which the command will be executed. This parameter is optional.
group	Specify the group under which the command will be executed. This parameter is optional.
umask	Set the umask value for the executed command. This parameter is optional.
env_vars	The variables to pass to the environment of the executed command. This parameter is optional.
show_content	Controls output of the report, "true" or "false" (defaults to "true"). Choices: `true` `false` This parameter is optional.

Outcome conditions

You need to replace ${command} with its actual canonified value.

✅ Ok: command_execution_options_${command}_ok
- ☑️ Already compliant: command_execution_options_${command}_kept
- 🟨 Repaired: command_execution_options_${command}_repaired
❌ Error: command_execution_options_${command}_error

Example

method: command_execution_options
params:
  in_shell: 'true'
  timeout: OPTIONAL_VALUE
  compliant_codes: OPTIONAL_VALUE
  uid: OPTIONAL_VALUE
  gid: OPTIONAL_VALUE
  shell_path: OPTIONAL_VALUE
  repaired_codes: OPTIONAL_VALUE
  env_vars: OPTIONAL_VALUE
  show_content: 'true'
  umask: OPTIONAL_VALUE
  args: OPTIONAL_VALUE
  output_to_file: OPTIONAL_VALUE
  group: OPTIONAL_VALUE
  chdir: OPTIONAL_VALUE
  stdin: OPTIONAL_VALUE
  stdin_add_newline: 'true'
  run_in_audit_mode: 'true'
  command: VALUE
  strip_output: 'true'
  user: OPTIONAL_VALUE

The command_execution_options method executes a command on the system with configurable execution parameters such as timeout, user/group, environment, and shell options. This function is a wrapper around Rudder command execution module, providing simplified parameterization and safe defaults.

Result status

The method’s result depends on the execution mode:

Enforce mode
- If the command exit code is contained in repaired_codes, the status is repaired.
- If the exit code is contained in compliant_codes, the status is success.
- Any other exit code produces an error report.
Audit mode
- By default, the status is always not_applicable.
- If run_in_audit_mode is set to "true", the same logic as in enforce mode is applied (repaired / success / error depending on exit codes).

Notes

When in_shell=true, the command is passed directly to the shell. Pipes, subshells, and compound commands are supported.
When in_shell=false, you must use args (JSON array of strings). No shell expansion happens: variables like $HOME, wildcards (*), or redirections (>/|) are treated literally.
args and in_shell are mutually exclusive: they cannot be used at the same time.
stdin_add_newline ensures input ends with a newline, useful when using interactive inputs via stdin
env_vars must be a JSON object where keys and values are strings.

Examples

Minimal usage (required `command`)

method: command_execution_options
params:
  command: "echo Hello"

With arguments (JSON array, no shell)

method: command_execution_options
params:
  command: "/usr/bin/echo"
  args: ["Hello", "World"]
  in_shell: "false"

Using a shell with pipes

method: command_execution_options
params:
  command: "cat /etc/os-release | grep NAME"
  in_shell: "true"

Running as specific user and group

method: command_execution_options
params:
  command: "id"
  uid:: "1001"
  gid:: "1001"

Setting environment variables (JSON object)

method: command_execution_options
params:
  command: "env"
  env_vars:: { "MY_VAR": "Hello World" }