ProgrammingThis forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm writting a shell script which right now uses bash but will soon use ksh,
the program acts as unix shell to untrusted users and only allows them to run programs/commands i specify in a text file. the problem is when executeing a command thew script(which is supposed to be allowed i get
Code:
line 51 too many arguments
the name of the script is cjsh
it seems like the problem is in the part where i test to see if the command is in the text file
Code:
#!/usr/local/bin/bash
# cj shell seejay@n3tlab.com
function nobreak()
{
echo "unknown"
echo -n "$PROMPT "
}
if test -e /home/public/$(whoami)/.profile
then
/home/public/$(whoami)/.profile
else
/usr/local/public/bin/cjshell/.profile
fi
# messages for user
mesg y
command=" "
PROMPT="loser:$(pwd)$"
sorry="You must validate your account to use that feature"
# no ctl c
until [ "$command" = "exit" ]; do
trap nobreak INT
echo -n $PROMPT ; read command
case $command in
"logout")
command="exit" #exit shell
;;
"telnet") echo $sorry
;;
"ftp") echo $sorry
;;
"ssh") echo $sorry
;;
"exit") # do nothing
;;
"help") clear
more /usr/local/bin/help
;;
*)
if test $command = $(grep $command /usr/local/bin/cjshell/commands.txt)
then
$command # execute command
else
echo 'cjsh: $command unkown'
fi
esac
done
clear
echo thanks for using n3tlab
echo please validate your account soon it really helps
sleep 2
$logout
exit 0
i know the error is not in the ".profile" becuase all it does is export the TERM, EDITOR, MAIL, PAGER
command2=$(grep "$command" /usr/local/bin/cjshell/commands.txt)
if [ $command2 = " " ]
then
command2="nocommand" # there for will fail the test statmet
fi
i just realized when i was messing with excuting the script, that the one word commands i specified in the text file that are scripts i wrote all seem work, but there must be a better way to set which commands the script allows the users to excute, also that the scrip wont let you send arguments to commands, for exsample 'mkdir test'
RESTRICTED SHELL
If bash is started with the name rbash, or the -r option
is supplied at invocation, the shell becomes restricted.
A restricted shell is used to set up an environment more
controlled than the standard shell. It behaves identi_
cally to bash with the exception that the following are
disallowed or not performed:
· changing directories with cd
· setting or unsetting the values of SHELL, PATH,
ENV, or BASH_ENV
· specifying command names containing /
· specifying a file name containing a / as an argu_
ment to the . builtin command
· Specifying a filename containing a slash as an
argument to the -p option to the hash builtin com_
mand
· importing function definitions from the shell envi_
ronment at startup
· parsing the value of SHELLOPTS from the shell envi_
ronment at startup
· redirecting output using the >, >|, <>, >&, &>, and
>> redirection operators
with another command
· adding or deleting builtin commands with the -f and
-d options to the enable builtin command
· specifying the -p option to the command builtin
command
· turning off restricted mode with set +r or set +o
restricted.
These restrictions are enforced after any startup files
are read.
When a command that is found to be a shell script is exe_
cuted (see COMMAND EXECUTION above), rbash turns off any
restrictions in the shell spawned to execute the script.
So basically if you removed /bin;/usr/bin;/usr/local/bin;/usr/X11R6/bin from the users path and added $HOME/bin you could just put symlinks in $HOME/bin to any command the user is allowed to use.
Originally posted by evilchild there must be a better way to set which commands the script allows the users to excute, also that the scrip wont let you send arguments to commands, for exsample 'mkdir test'
I'm not sure about the first part, but for preventing arguments you could do something like:
Code:
if [ $1 ]; then
echo "no arguments allowed, dummy"
fi
It basically just refuses any command which includes an argument of any kind.
Hmmm...but if what you mean is that you want to accept arguments, do as /bin/bash suggested....
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.