[ZBXNEXT-3953] Allow frontend script command to be hidden from users Created: 2017 Jun 23  Updated: 2020 Jul 09

Status: Open
Project: ZABBIX FEATURE REQUESTS
Component/s: Frontend (F)
Affects Version/s: None
Fix Version/s: None

Type: Change Request Priority: Trivial
Reporter: Raymond Kuiper Assignee: Unassigned
Resolution: Unresolved Votes: 4
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Causes
Duplicate
duplicates ZBXNEXT-1660 Wallet for application credentials Closed

 Description   

When running a script from the Zabbix frontend, the command being run will be shown.

However, sometimes it is needed to pass secret data like a password to a script and in such cases it would be useful if we can suppress showing the command to be run.

Another possibility could be to hide the command based on the user type of the user running the script (user, admin, super admin) to allow for some more fine grained control.

 Comments   
Comment by Marc [ 2017 Jun 24 ]

Wouldn't it be even better from a security point of view to support passing data via stdin instead?
ZBXNEXT-2904 asks that for External checks and User parameters.

Comment by Evgeny Molchanov [ 2018 Oct 23 ]

As a temporary solution, we use this patch (zabbix 3.4.14):

--- scripts_exec.php.orig	2018-10-23 00:42:13.294992876 +0300
+++ scripts_exec.php	2018-10-23 10:28:14.548676391 +0300
@@ -83,6 +83,7 @@
 		$error_exist = true;
 	}
 	else {
+		$data['command'] = '';
 		$data['message'] = $result['value'];
 	}
 }
Comment by Marc [ 2018 Oct 23 ]

Possibly support of optionally encrypted User macros (that are not supposed to be resolvable by the Zabbix frontend) may help here too.

Comment by Elias Pizarro [ 2019 Apr 20 ]

Zabbix 4.2

/usr/share/zabbix/app/views/popup.scriptexec.php

....
# Hide commands
$data['command'] = '';
$output = [
	'header' => $data['title'],
	'body' => (new CForm())
		->addItem([
			$data['errors'],
			(new CTabView())->addTab('scriptTab', null,
				(new CPre(
					(new CList([bold($data['command']), SPACE, $data['message']]))
				))
			)
		])
		->toString(),
	'buttons' => null
];

...
Generated at Thu Apr 18 08:32:28 EEST 2024 using Jira 9.12.4#9120004-sha1:625303b708afdb767e17cb2838290c41888e9ff0.