ProgrammingThis forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
I'm writting a shell script which right now uses bash but will soon use ksh,
the program acts as unix shell to untrusted users and only allows them to run programs/commands i specify in a text file. the problem is when executeing a command thew script(which is supposed to be allowed i get
line 51 too many arguments
the name of the script is cjsh
it seems like the problem is in the part where i test to see if the command is in the text file
# cj shell email@example.com
echo -n "$PROMPT "
if test -e /home/public/$(whoami)/.profile
# messages for user
sorry="You must validate your account to use that feature"
# no ctl c
until [ "$command" = "exit" ]; do
trap nobreak INT
echo -n $PROMPT ; read command
case $command in
command="exit" #exit shell
"telnet") echo $sorry
"ftp") echo $sorry
"ssh") echo $sorry
"exit") # do nothing
if test $command = $(grep $command /usr/local/bin/cjshell/commands.txt)
$command # execute command
echo 'cjsh: $command unkown'
echo thanks for using n3tlab
echo please validate your account soon it really helps
i know the error is not in the ".profile" becuase all it does is export the TERM, EDITOR, MAIL, PAGER
i just realized when i was messing with excuting the script, that the one word commands i specified in the text file that are scripts i wrote all seem work, but there must be a better way to set which commands the script allows the users to excute, also that the scrip wont let you send arguments to commands, for exsample 'mkdir test'
If bash is started with the name rbash, or the -r option
is supplied at invocation, the shell becomes restricted.
A restricted shell is used to set up an environment more
controlled than the standard shell. It behaves identi_
cally to bash with the exception that the following are
disallowed or not performed:
· changing directories with cd
· setting or unsetting the values of SHELL, PATH,
ENV, or BASH_ENV
· specifying command names containing /
· specifying a file name containing a / as an argu_
ment to the . builtin command
· Specifying a filename containing a slash as an
argument to the -p option to the hash builtin com_
· importing function definitions from the shell envi_
ronment at startup
· parsing the value of SHELLOPTS from the shell envi_
ronment at startup
· redirecting output using the >, >|, <>, >&, &>, and
>> redirection operators
with another command
· adding or deleting builtin commands with the -f and
-d options to the enable builtin command
· specifying the -p option to the command builtin
· turning off restricted mode with set +r or set +o
These restrictions are enforced after any startup files
When a command that is found to be a shell script is exe_
cuted (see COMMAND EXECUTION above), rbash turns off any
restrictions in the shell spawned to execute the script.
So basically if you removed /bin;/usr/bin;/usr/local/bin;/usr/X11R6/bin from the users path and added $HOME/bin you could just put symlinks in $HOME/bin to any command the user is allowed to use.
Originally posted by evilchild there must be a better way to set which commands the script allows the users to excute, also that the scrip wont let you send arguments to commands, for exsample 'mkdir test'
I'm not sure about the first part, but for preventing arguments you could do something like:
if [ $1 ]; then
echo "no arguments allowed, dummy"
It basically just refuses any command which includes an argument of any kind.
Hmmm...but if what you mean is that you want to accept arguments, do as /bin/bash suggested....