Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

command_execution_options

command execution.

⚙️ Compatible targets: Linux

Parameters

NameDocumentation
commandCommand to be executed.

This parameter is required.
argsArguments to the command.

This parameter is optional.
run_in_audit_modeSpecify if command must be run in audit mode.

Choices:
  • true
  • false

This parameter is optional.
in_shellSpecify whether the command should be executed within a shell.

Choices:
  • true
  • false

This parameter is optional.
shell_pathDefine the path to the shell to be used (applicable only in shell mode).

This parameter is optional.
chdirSet the working directory from which the command will be executed.

This parameter is optional.
timeoutDefine a timeout duration for the command execution.

This parameter is optional.
stdinProvide input to the standard input (stdin) of the executed command.

This parameter is optional.
stdin_add_newlineControl whether a newline character is appended to the stdin input.

Choices:
  • true
  • false

This parameter is optional.
compliant_codesSpecify the compliant codes.

This parameter is optional.
repaired_codesSpecify the repaired codes.

This parameter is optional.
output_to_fileDefine a file path to store the output generated by the command.

This parameter is optional.
strip_outputControls if the EOL is strip from the output.

Choices:
  • true
  • false

This parameter is optional.
uidSpecify the user ID (UID) under which the command will be executed.

This parameter is optional.
gidSpecify the group ID (GID) under which the command will be executed.

This parameter is optional.
userSpecify the user under which the command will be executed.

This parameter is optional.
groupSpecify the group under which the command will be executed.

This parameter is optional.
umaskSet the umask value for the executed command.

This parameter is optional.
env_varsThe variables to pass to the environment of the executed command.

This parameter is optional.
show_contentControls output of the report.

Choices:
  • true
  • false

This parameter is optional.

Outcome conditions

You need to replace ${command} with its actual canonified value.

  • ✅ Ok: command_execution_options_${command}_ok
    • ☑️ Already compliant: command_execution_options_${command}_kept
    • 🟨 Repaired: command_execution_options_${command}_repaired
  • ❌ Error: command_execution_options_${command}_error

Example

method: command_execution_options
params:
  in_shell: 'true'
  command: VALUE
  output_to_file: OPTIONAL_VALUE
  umask: OPTIONAL_VALUE
  timeout: OPTIONAL_VALUE
  group: OPTIONAL_VALUE
  uid: OPTIONAL_VALUE
  repaired_codes: OPTIONAL_VALUE
  shell_path: OPTIONAL_VALUE
  show_content: 'true'
  gid: OPTIONAL_VALUE
  stdin_add_newline: 'true'
  strip_output: 'true'
  run_in_audit_mode: 'true'
  compliant_codes: OPTIONAL_VALUE
  user: OPTIONAL_VALUE
  stdin: OPTIONAL_VALUE
  env_vars: OPTIONAL_VALUE
  chdir: OPTIONAL_VALUE
  args: OPTIONAL_VALUE

Documentation

The command_execution_options method executes a command on the system with configurable execution parameters such as timeout, user/group, environment, and shell options. This function is a wrapper around Rudder command execution module, providing simplified parameterization and safe defaults.

Result status

The method’s result depends on the execution mode:

  • Enforce mode

    • If the command exit code is contained in repaired_codes, the status is repaired.
    • If the exit code is contained in compliant_codes, the status is success.
    • Any other exit code produces an error report.

  • Audit mode

    • By default, the status is always not_applicable.
    • If run_in_audit_mode is set to "true", the same logic as in enforce mode is applied (repaired / success / error depending on exit codes).

Notes

  • When in_shell=true, the command is passed directly to the shell. Pipes, subshells, and compound commands are supported.
  • When in_shell=false, you must use args (JSON array of strings). No shell expansion happens: variables like $HOME, wildcards (*), or redirections (>/|) are treated literally.
  • args and in_shell are mutually exclusive: they cannot be used at the same time.
  • stdin_add_newline ensures input ends with a newline, useful when using interactive inputs via stdin
  • env_vars must be a JSON object where keys and values are strings.

Examples

Minimal usage (required command)

method: command_execution_options
params:
  command: "echo Hello"

With arguments (JSON array, no shell)

method: command_execution_options
params:
  command: "/usr/bin/echo"
  args: ["Hello", "World"]
  in_shell: "false"

Using a shell with pipes

method: command_execution_options
params:
  command: "cat /etc/os-release | grep NAME"
  in_shell: "true"

Running as specific user and group

method: command_execution_options
params:
  command: "id"
  uid:: "1001"
  gid:: "1001"

Setting environment variables (JSON object)

method: command_execution_options
params:
  command: "env"
  env_vars:: { "MY_VAR": "Hello World" }