Search This Blog

Tuesday, February 5, 2008

Securing FTP in shell scripts using .netrc

Often we use FTP in the shell scripts and for security reason it is advisable not to store username and password in the shell scripts.
Here I discuss how can we secure the FTP process and restrict sharing of username and passwords.

File .netrc in the $HOME directory allows file transfers in batch mode. This file stores the machine name, login and passwords. The FTP commands gets information from the file and connects to the FTP server.
Each record has the format:

machine machine_name login login_name password passwd
where machine_name, login_name, passwd refer to a system name with the login and password for that account on the machine
e.g machine login anonymous password xyz123

There are following 2 ways to execute the FTP commands
1) Create a command file and store all the FTP commands in the file.
e.g. File command_ftp is created and saved. The file has following content

cd /inbound
get abcd.txt

Write following code in the shell script

ftp < command_ftp

2) The FTP commands can also be stored in .netrc file as a macro and the commands will be executed with the FTP command.
The .netrc file content would be something like this

machine login anonymous password xyz123
macdef bin
cd /inbound
get abcd.txt

For this case the shell script will have following ftp command

The other way of securing FTP is by using the sftp(secure FTP) commands which is a network protocol that provides file transfer and transfers file in a secure way.


Anonymous said...

Congratulations Suresh, never saw that much tech info in one place.
There are no words to express the value of your SQL's.
Harry Valdivieso

Suresh Vaishya said...

Thanks a lot for the sweet comment.


Saniya07 said...

Hi Suresh,
Ur posts are really easy to use and helpful.I need to ur help in a small innovation that I aim to do in my project(Oracle apps-AR)We have a Risk Team that FTPs us a file every fortnightly and we have to manually process by running the concurrent inbound program,for records to get populated in an interim table.The problem is that the file is ftp'ed on our unix box(2 on each instance..there r 2 instances.)and i want to automate this.I found ur netrc thing really useful but but cant make out how to proceed with it.Do we have to share our login credentials in the netrc file(apps id n pwd)on unix boxes on both the sides?how can rexec,rcmd commands be useful?Please let me know a step step procedure to carry this activity automatically and how it would trigger the concurrent program.Ur help will be truly regarded.. :)

Suresh Vaishya said...

sorry for late response, to answer in the .netrc file the login credentials of the FTP servers is to be saved.

If you are triggering your program from concurrent program then the apps password is passed along by the concurrent manager. $1 is the variable that stores apps password, request ID, parameters etc. You can grep and get information out of it. Check my post for more information.

Anonymous said...

Hi Suresh,

The information provided by you is extremely helpful. I would like to get clarification on few things,


Created a custom table xyz with 10 columns. The data is loaded from the .csv file contains 1 to 8 column values. Values for database column 9 and 10 are populated dynamically.

I am calling the SQL Loader program from the shell script and the shell script is inturn attached to the concurrent program.

When the concurrent program is run shell script is invoked and in turn runs the SQL loader and loads data into the table populating the first 8 columns. column 9 should store the concurrent request id and column 10 should store the concurrent program run date.

Now my question is how can I pass the concurrent request id and program run date so that it is stored in the column 9 and 10 of the table?

Is there a way to pass the shell parameter value to the SQL Loader Control file?

Any help would be appreciated.


Anonymous said...

Now my question is how can I pass the concurrent request id and concurrent program run date to sql loader control file so that the values are inserted into column 9 and 10 of the xyz table?

Is there a way to pass the shell script parameter values to the SQL Loader Control file?

My id is


Suresh Vaishya said...

What is the sequence of program, I understand that you call concurrent request first and then run sql loader and want to pass conc. request id along with it and store in column 9 of a table.

nicetoknow said...

Is there a way to convert all excel files in a directory into a CSV for DAT file.. Each excel can be converted into test1.csv, test2.csv.... testN.csv...? Is there a way to do it in shell.. Appreciate your time and response.

Suresh Vaishya said...

I will try to post something soon. Please check back later.

Copyright (c) All rights reserved. Presented by Suresh Vaishya