Filter errors from sysctl -a output

[GlyphMaster]

I want to exclude error output for which the user has no permissions.

It's unclear why grep -v is not filtering the output.

$ sysctl -a | grep 'kernel.shm...|vm.dirty' | tr = ' ' | tr -s ' '|grep -v denied

sysctl: permission denied on key 'fs.protected_hardlinks'
sysctl: permission denied on key 'fs.protected_regular'
sysctl: permission denied on key 'fs.protected_symlinks'
sysctl: permission denied on key 'kernel.cad_pid'
sysctl: permission denied on key 'kernel.usermodehelper.bset'
sysctl: permission denied on key 'kernel.usermodehelper.inheritable'
sysctl: permission denied on key 'net.core.bpf_jit_harden'
sysctl: permission denied on key 'net.core.bpf_jit_kallsyms'
sysctl: permission denied on key 'net.core.bpf_jit_limit'
sysctl: permission denied on key 'net.ipv4.tcp_fastopen_key'
sysctl: permission denied on key 'net.ipv6.conf.all.stable_secret'
sysctl: permission denied on key 'net.ipv6.conf.default.stable_secret'
sysctl: permission denied on key 'net.ipv6.conf.ens192.stable_secret'
sysctl: permission denied on key 'net.ipv6.conf.ens224.stable_secret'
sysctl: permission denied on key 'net.ipv6.conf.lo.stable_secret'
sysctl: permission denied on key 'vm.mmap_rnd_bits'
sysctl: permission denied on key 'vm.mmap_rnd_compat_bits'
sysctl: permission denied on key 'vm.stat_refresh'
kernel.shm_next_id -1
kernel.shm_rmid_forced 0
kernel.shmall 1073741824
kernel.shmmax 4398046511104
kernel.shmmni 4096
vm.dirty_background_bytes 0
vm.dirty_background_ratio 3
vm.dirty_bytes 0
vm.dirty_expire_centisecs 500
vm.dirty_ratio 40
vm.dirty_writeback_centisecs 100
vm.dirtytime_expire_seconds 43200

Also tried 2> /dev/null with no love.

sysctl: permission denied on key 'fs.protected_fifos'
sysctl: permission denied on key 'fs.protected_hardlinks'
sysctl: permission denied on key 'fs.protected_regular'
sysctl: permission denied on key 'fs.protected_symlinks'

 

[Aristarchus]

Need root privileges

 

[GlyphMaster]

Need root privileges

@Aristarchus, to avoid all errors, I agree. However, that is not the question.

I want to filter out the errors and only return the output for which I do have permissions.

like this:
kernel.shm_next_id -1
kernel.shm_rmid_forced 0
kernel.shmall 1073741824
<cut>

 

[Trenix25]

/usr/sbin/sysctl -a 2> /dev/null | grep "whatever you want to see..."

Signed,

Matthew Campbell

 

[osprey]

@Trenix25 , OP already tried 2>/dev/null mentioned in post#1 but it didn't work.

@GlyphMaster ... Perhaps try the -N option to sysctl:

[ben@min ~]$ sysctl -a | grep 'kernel.shm'
sysctl: permission denied on key 'kernel.cad_pid'
sysctl: permission denied on key 'kernel.usermodehelper.bset'
sysctl: permission denied on key 'kernel.usermodehelper.inheritable'
kernel.shm_next_id = -1
kernel.shm_rmid_forced = 0
kernel.shmall = 18446744073692774399
kernel.shmmax = 18446744073692774399
kernel.shmmni = 4096
sysctl: permission denied on key 'net.core.bpf_jit_harden'
sysctl: permission denied on key 'net.core.bpf_jit_kallsyms'
sysctl: permission denied on key 'net.core.bpf_jit_limit'
sysctl: permission denied on key 'net.ipv4.tcp_fastopen_key'
sysctl: permission denied on key 'net.ipv6.conf.all.stable_secret'
sysctl: permission denied on key 'net.ipv6.conf.default.stable_secret'
sysctl: permission denied on key 'net.ipv6.conf.enp3s0.stable_secret'
sysctl: permission denied on key 'net.ipv6.conf.lo.stable_secret'
sysctl: permission denied on key 'net.ipv6.conf.wlp0s20f3.stable_secret'
sysctl: permission denied on key 'vm.mmap_rnd_bits'
sysctl: permission denied on key 'vm.mmap_rnd_compat_bits'
sysctl: permission denied on key 'vm.stat_refresh'

[ben@min ~]$ sysctl -a -N | grep 'kernel.shm'
kernel.shm_next_id
kernel.shm_rmid_forced
kernel.shmall
kernel.shmmax
kernel.shmmni

 

[Trenix25]

@Trenix25 , OP already tried 2>/dev/null mentioned in post#1 but it didn't work.

@GlyphMaster ... Perhaps try the -N option to sysctl:

[ben@min ~]$ sysctl -a -e | grep 'kernel.shm'
sysctl: permission denied on key 'kernel.cad_pid'
sysctl: permission denied on key 'kernel.usermodehelper.bset'
sysctl: permission denied on key 'kernel.usermodehelper.inheritable'
kernel.shm_next_id = -1
kernel.shm_rmid_forced = 0
kernel.shmall = 18446744073692774399
kernel.shmmax = 18446744073692774399
kernel.shmmni = 4096
sysctl: permission denied on key 'net.core.bpf_jit_harden'
sysctl: permission denied on key 'net.core.bpf_jit_kallsyms'
sysctl: permission denied on key 'net.core.bpf_jit_limit'
sysctl: permission denied on key 'net.ipv4.tcp_fastopen_key'
sysctl: permission denied on key 'net.ipv6.conf.all.stable_secret'
sysctl: permission denied on key 'net.ipv6.conf.default.stable_secret'
sysctl: permission denied on key 'net.ipv6.conf.enp3s0.stable_secret'
sysctl: permission denied on key 'net.ipv6.conf.lo.stable_secret'
sysctl: permission denied on key 'net.ipv6.conf.wlp0s20f3.stable_secret'
sysctl: permission denied on key 'vm.mmap_rnd_bits'
sysctl: permission denied on key 'vm.mmap_rnd_compat_bits'
sysctl: permission denied on key 'vm.stat_refresh'

[ben@min ~]$ sysctl -a -N | grep 'kernel.shm'
kernel.shm_next_id
kernel.shm_rmid_forced
kernel.shmall
kernel.shmmax
kernel.shmmni

It worked on mine.

2 ~ $ /usr/sbin/sysctl -a 2> /dev/null | grep "vm.swappiness"
vm.swappiness = 0
2 ~ $

Signed,

Matthew Campbell

 

[osprey]

It worked on mine.

2 ~ $ /usr/sbin/sysctl -a 2> /dev/null | grep "vm.swappiness"
vm.swappiness = 0
2 ~ $

Signed,

Matthew Campbell

@Trenix25 Thanks for that correction.

It appears it didn't work for the OP I think because the redirection was placed in the wrong position to get the result they wanted. Compare:

[ben@min ~]$ sysctl -a 2>/dev/null | grep "vm.swappiness"
vm.swappiness = 60

[ben@min ~]$ sysctl -a | grep "vm.swappiness" 2>/dev/null
sysctl: permission denied on key 'kernel.cad_pid'
sysctl: permission denied on key 'kernel.usermodehelper.bset'
sysctl: permission denied on key 'kernel.usermodehelper.inheritable'
sysctl: permission denied on key 'net.core.bpf_jit_harden'
sysctl: permission denied on key 'net.core.bpf_jit_kallsyms'
sysctl: permission denied on key 'net.core.bpf_jit_limit'
sysctl: permission denied on key 'net.ipv4.tcp_fastopen_key'
sysctl: permission denied on key 'net.ipv6.conf.all.stable_secret'
sysctl: permission denied on key 'net.ipv6.conf.default.stable_secret'
sysctl: permission denied on key 'net.ipv6.conf.enp3s0.stable_secret'
sysctl: permission denied on key 'net.ipv6.conf.lo.stable_secret'
sysctl: permission denied on key 'net.ipv6.conf.wlp0s20f3.stable_secret'
sysctl: permission denied on key 'vm.mmap_rnd_bits'
sysctl: permission denied on key 'vm.mmap_rnd_compat_bits'
sysctl: permission denied on key 'vm.stat_refresh'
vm.swappiness = 60

And further:

[ben@min ~]$ sysctl -a 2> /dev/null| grep "kernel.shm"
kernel.shm_next_id = -1
kernel.shm_rmid_forced = 0
kernel.shmall = 18446744073692774399
kernel.shmmax = 18446744073692774399
kernel.shmmni = 4096

 

[Trenix25]

It is necessary to redirect the error output first before the pipe. The redirection is set up by the command shell and disposes of the error output before sending everything to grep. This is why I provided an example to show how to do it right.

Signed,

Matthew Campbell

 

[osprey]

It is necessary to redirect the error output first before the pipe. The redirection is set up by the command shell and disposes of the error output before sending everything to grep. This is why I provided an example to show how to do it right.

Signed,

Matthew Campbell

Yes, I surmised that the OP made that misplacement. It's up to them to confirm.

 

[GlyphMaster]

It worked on mine.

2 ~ $ /usr/sbin/sysctl -a 2> /dev/null | grep "vm.swappiness"
vm.swappiness = 0
2 ~ $

Signed,

Matthew Campbell

Nice Answer! grep post dump of stderr.. smart, very smart.

$ sysctl -a | grep 'kernel.shm...|vm.dirty' | tr = ' ' | tr -s ' '
error: permission denied on key 'kernel.cad_pid'
error: permission denied on key 'kernel.usermodehelper.bset'
error: permission denied on key 'kernel.usermodehelper.inheritable'

$ sysctl -a 2> /dev/null | grep 'kernel.shm...|vm.dirty' | tr = ' ' | tr -s ' '
$

 

[Trenix25]

Nice Answer! grep post dump of stderr.. smart, very smart.

$ sysctl -a | grep 'kernel.shm...|vm.dirty' | tr = ' ' | tr -s ' '
error: permission denied on key 'kernel.cad_pid'
error: permission denied on key 'kernel.usermodehelper.bset'
error: permission denied on key 'kernel.usermodehelper.inheritable'

$ sysctl -a 2> /dev/null | grep 'kernel.shm...|vm.dirty' | tr = ' ' | tr -s ' '
$

It's important to understand what's happening here.

The shell syntax tells the command shell what to do with the output from each command. If you use:

sysctl -a 2> /dev/null | grep "look for this"

then the stderr output from sysctl will be redirected to /dev/null first and the stdout output from sysctl will be piped to the grep command. If you use:

sysctl -a | grep "look for this" 2> /dev/null

then the stderr output from the sysctl command will be printed to your screen since it was never redirected or piped anywhere and the stderr output from the grep command will be redirected to /dev/null while the stdout output from the grep command will be printed to your screen. This is why you are seeing the stderr messages from the sysctl command along with the output from grep. Both commands run and print output to the screen, but they don't label that output to say what text is coming from which one.

The command shell sets up stdin, stdout, and stderr before running any of the commands on the command line. Any redirection of any of those must be set up first before calling for an exec operation. Since there is no use of && or ; on the command line then multiple commands have not been nested together to be run in sequence. Only the stdout output from sysctl is being piped to grep.

Signed,

Matthew Campbell