LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices


Reply
  Search this Thread
Old 02-03-2004, 05:13 PM   #1
evilchild
Member
 
Registered: Sep 2003
Location: 127.0.0.1
Distribution: *bsd, solaris, gentoo
Posts: 86

Rep: Reputation: 15
bash shell script problem


hi,

I'm writting a shell script which right now uses bash but will soon use ksh,
the program acts as unix shell to untrusted users and only allows them to run programs/commands i specify in a text file. the problem is when executeing a command thew script(which is supposed to be allowed i get
Code:
line 51 too many arguments
the name of the script is cjsh
it seems like the problem is in the part where i test to see if the command is in the text file

Code:
#!/usr/local/bin/bash
# cj shell seejay@n3tlab.com
function nobreak()
{
echo "unknown" 
echo -n "$PROMPT "
}
if test -e  /home/public/$(whoami)/.profile
   then  
   /home/public/$(whoami)/.profile
  else 
  /usr/local/public/bin/cjshell/.profile 
fi

# messages for user
mesg y

command=" " 
PROMPT="loser:$(pwd)$"
sorry="You must validate your account to use that feature"
# no ctl c

until [ "$command" = "exit" ]; do
trap nobreak INT

echo -n $PROMPT ; read command 

case  $command in
"logout") 
     command="exit" #exit shell
;;

"telnet") echo $sorry
;;

"ftp") echo  $sorry
;; 

"ssh") echo $sorry 
;;
"exit") # do nothing
;;
"help") clear 
        more /usr/local/bin/help
;;
*) 
 if  test $command =  $(grep $command /usr/local/bin/cjshell/commands.txt)
   then 
     $command  # execute command 
   else 
   echo 'cjsh: $command unkown' 
 fi 
esac
 

done

clear
echo  thanks for using n3tlab
echo  please validate your account soon it really helps
sleep 2

$logout

exit 0
i know the error is not in the ".profile" becuase all it does is export the TERM, EDITOR, MAIL, PAGER

thanks

Last edited by evilchild; 02-03-2004 at 05:33 PM.
 
Old 02-03-2004, 05:59 PM   #2
wapcaplet
LQ Guru
 
Registered: Feb 2003
Location: Colorado Springs, CO
Distribution: Gentoo
Posts: 2,018

Rep: Reputation: 48
Not sure, as I'm fairly new to scripting myself, but I did discover something helpful. Try running your script like this:

bash -x scriptname

That causes bash to give you a lot more information that may be useful for debugging.

If I had to guess, I'd say you should probably use double-quotes in the echo statement on line 51, instead of single-quotes. Not sure though...
 
Old 02-03-2004, 08:42 PM   #3
evilchild
Member
 
Registered: Sep 2003
Location: 127.0.0.1
Distribution: *bsd, solaris, gentoo
Posts: 86

Original Poster
Rep: Reputation: 15
hmm, on line 51 i added the following if statment

Code:
command2=$(grep "$command" /usr/local/bin/cjshell/commands.txt)
if [ $command2 = " " ]
then
 command2="nocommand" # there for will fail the test statmet
fi
and changed the test statment to
Code:
 test $command = $command2
 
Old 02-03-2004, 09:33 PM   #4
evilchild
Member
 
Registered: Sep 2003
Location: 127.0.0.1
Distribution: *bsd, solaris, gentoo
Posts: 86

Original Poster
Rep: Reputation: 15
i just realized when i was messing with excuting the script, that the one word commands i specified in the text file that are scripts i wrote all seem work, but there must be a better way to set which commands the script allows the users to excute, also that the scrip wont let you send arguments to commands, for exsample 'mkdir test'
 
Old 02-07-2004, 06:09 AM   #5
/bin/bash
Senior Member
 
Registered: Jul 2003
Location: Indiana
Distribution: Mandrake Slackware-current QNX4.25
Posts: 1,802

Rep: Reputation: 47
Code:
RESTRICTED SHELL
       If bash is started with the name rbash, or the  -r  option
       is  supplied  at invocation, the shell becomes restricted.
       A restricted shell is used to set up an  environment  more
       controlled  than  the  standard shell.  It behaves identi_
       cally to bash with the exception that  the  following  are
       disallowed or not performed:

       ·      changing directories with cd

       ·      setting  or  unsetting  the  values of SHELL, PATH,
              ENV, or BASH_ENV

       ·      specifying command names containing /

       ·      specifying a file name containing a / as  an  argu_
              ment to the .  builtin command

       ·      Specifying  a  filename  containing  a  slash as an
              argument to the -p option to the hash builtin  com_
              mand

       ·      importing function definitions from the shell envi_
              ronment at startup

       ·      parsing the value of SHELLOPTS from the shell envi_
              ronment at startup

       ·      redirecting output using the >, >|, <>, >&, &>, and
              >> redirection operators

              with another command

       ·      adding or deleting builtin commands with the -f and
              -d options to the enable builtin command

       ·      specifying the -p option  to  the  command  builtin
              command

       ·      turning  off  restricted mode with set +r or set +o
              restricted.

       These restrictions are enforced after  any  startup  files
       are read.

       When  a command that is found to be a shell script is exe_
       cuted (see COMMAND EXECUTION above), rbash turns  off  any
       restrictions in the shell spawned to execute the script.

So basically if you removed /bin;/usr/bin;/usr/local/bin;/usr/X11R6/bin from the users path and added $HOME/bin you could just put symlinks in $HOME/bin to any command the user is allowed to use.
 
Old 02-07-2004, 06:11 AM   #6
snacky
Member
 
Registered: Feb 2004
Distribution: Debian
Posts: 286

Rep: Reputation: 30
That's handy advice there -- and it's hard to argue with this kind of advice when it comes with someone called "/bin/bash"
 
Old 02-07-2004, 10:24 AM   #7
/bin/bash
Senior Member
 
Registered: Jul 2003
Location: Indiana
Distribution: Mandrake Slackware-current QNX4.25
Posts: 1,802

Rep: Reputation: 47
Thanks snacky. I like doughnuts.

Didn't mean to ignore your problem evilchild just to let you know there are other options.

As for passing options to the commands from your script you will need to pass the variable $@
 
Old 02-08-2004, 10:09 PM   #8
mikshaw
LQ Addict
 
Registered: Dec 2003
Location: Maine, USA
Distribution: Slackware/SuSE/DSL
Posts: 1,320

Rep: Reputation: 45
Quote:
Originally posted by evilchild
there must be a better way to set which commands the script allows the users to excute, also that the scrip wont let you send arguments to commands, for exsample 'mkdir test'
I'm not sure about the first part, but for preventing arguments you could do something like:
Code:
if [ $1 ]; then
echo "no arguments allowed, dummy"
fi
It basically just refuses any command which includes an argument of any kind.

Hmmm...but if what you mean is that you want to accept arguments, do as /bin/bash suggested....

Last edited by mikshaw; 02-08-2004 at 10:10 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
help with bash shell script !! taiwf Linux - Newbie 5 06-11-2006 06:07 PM
bash shell script problem sorno Programming 1 07-30-2005 05:02 AM
bash shell script problem shanenin Linux - Software 5 02-09-2004 09:22 PM
bash/shell script mikis Programming 2 10-14-2003 11:39 AM
bash shell script MaryM Linux - Newbie 0 02-15-2002 11:45 PM

LinuxQuestions.org > Forums > Non-*NIX Forums > Programming

All times are GMT -5. The time now is 02:30 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration