Bash script truncates output files at 4096 bytes

Question

I'm writing a script to automate the creation of OpenVPN certificates, to add new clients to the VPN system. I'm building a small webpage (all internal and not approachable from the Internet) to allow users to input a client name, and out comes a zip file with the certificates, to be put on the new client pc (via Teamviewer).

The script (and webpage) operate from Ubuntu 14.04 server, running OpenVPN and Observium.

When I execute this script from the terminal, it works perfectly, and the certificates are created beautifully.

When I run this script from a browser executed by the PHP command:

shell_exec("sudo <path to script>/<script>.sh $clientname");

The certificates get cut off at 4096 bytes. Without fail. The certificates should be around 5600 bytes. When opened the certificates are visibly cut off (missing the closing tags).

What causes this? What should I do to resolve it?

The script is as follows:

#!/bin/bash
cd /etc/openvpn/easy-rsa/
source /etc/openvpn/easy-rsa/vars

expect -c "
spawn /etc/openvpn/easy-rsa/build-key $1
expect {Country Name (2 letter code) \[US\]:}                               { send \"\r\" }
expect {State or Province Name (full name) \[CA\]:}                         { send \"\r\" }
expect {Locality Name (eg, city) \[SanFrancisco\]:}                         { send \"\r\" }
expect {Organization Name (eg, company) \[Fort-Funston\]:}                  { send \"\r\" }
expect {Organizational Unit Name (eg, section) \[MyOrganizationalUnit\]:}   { send \"\r\" }
expect {Common Name (eg, your name or your server's hostname) \[$1\]:}       { send \"\r\" }
expect {Name \[EasyRSA\]:}                                                  { send \"\r\" }
expect {Email Address \[me@myhost.mydomain\]:}                              { send \"\r\" }
expect {A challenge password \[\]:}                                         { send \"\r\" }
expect {An optional company name \[\]:}                                     { send \"\r\" }

expect {Sign the certificate? \[y/n\]:}                                     { send \"y\r\" }
expect { commit? \[y/n\]}                                                   { send \"y\r\" }

expect {Data Base Updated}
interact"

The `/etc/openvpn/easy-rsa/build-key` script is creating the certificates? By writing the files directly? And the files themselves are truncated? — Etan Reisner, Jun 09 '15 at 14:16
Yes, build-key invokes the pkitool which creates the certificates. It creates the files in the /etc/openvpn/easy-rsa/keys directory. These files are indeed truncated to 4096 files when executing the script from the browser, whereas from the terminal they are fine. [See here](http://i.imgur.com/e81SXDz.png) The green is executed from the terminal, the red from the browser. — Robert, Jun 09 '15 at 14:22
`ulimit` on the process spawned by `php`? Can you manually get `php` to have a shell create a file larger than 4096? — Etan Reisner, Jun 09 '15 at 14:24
I created a simple for-loop printing the numbers 1 - 5000, making a 24k byte log file, this works from both browser and terminal. The PHP.ini has it's output buffer turned Off, and the ulimit -p is 8 — Robert, Jun 09 '15 at 14:31
A for loop in the shell? Run in the same environment as the script in the post? What does `ulimit -a` output if you run it in that bash script? What about if you run it through `expect`? — Etan Reisner, Jun 09 '15 at 14:43
You don't need `expect` here since you are not interacting with the program. Simply pipe the answers to stdin — hek2mgl, Jun 09 '15 at 14:45
I'll one-up you even hek2mgl, apparently i could just use the pkitool which is invoked by the build-key script directly, then there's no interaction at all with the program... So that fixes my specific issue, but not the weird thing with the 4096 byte limit. — Robert, Jun 09 '15 at 15:12
@EtanReisner yes, in a shell, same environment, same invoke. ulimit is the same for both. — Robert, Jun 09 '15 at 15:17

score 1 · Accepted Answer · answered Jun 09 '15 at 15:42

This specific issue is resolved by not using the interactive shell in combination with spawn/expect/send. Using the CLI for OpenVPN directly (the pkitool, which is invoked by the build-key script) creates the files without any issues.

So the syntax would be:

/etc/openvpn/easy-rsa/pkitool <clientname>

Bash script truncates output files at 4096 bytes

1 Answers1