我在想,如果他们是一种方法来防止某些命令被执行,以防止有时不良操作(例如,当你执行“rm *。py”时你想执行“rm *。pyc”或类似的东西)。Bash - 隐藏命令(防止不良操作)
人们会说用户的责任是检查他的输入,这是正确的,但无论如何我想知道是否有办法。
对于 “基本” 的事情,我们可以使用别名在我们的.bashrc这样的:
alias apt-get="echo 'We use aptitude here !'"
alias sl="echo 'Did you mean ls ?'"
但对于一些包含 “RM -f *的.py”(或 “室射频/”)参数,这个简单的把戏不起作用。 当然,我只是想要一个基本的方法来防止执行确切的命令(相同的空格和相同的参数排序将是一个好的开始)。
非常感谢你对你的答案。
好了,你可以用把自己的路组件之一中的所有其他人面前的由来已久的做法:
PATH=~/safebin:$PATH
,然后在~/safebin,你把那些“更安全”的脚本像rm:
#!/bin/bash
for fspec in "[email protected]" ; do
if [[ "${fspec: -3}" = ".py" ]] ; then
echo Not removing ${fspec}, use /bin/rm if you really want to.
else
echo Would /bin/rm "${fspec}" but for paranoia.
fi
done
为rm *该脚本输出:
Would /bin/rm chk.sh but for paranoia.
Would /bin/rm go but for paranoia.
Would /bin/rm go.sh but for paranoia.
Would /bin/rm images but for paranoia.
Would /bin/rm images_renamed but for paranoia.
Would /bin/rm infile.txt but for paranoia.
Would /bin/rm jonesforth.S but for paranoia.
Would /bin/rm jonesforth.f but for paranoia.
Would /bin/rm mycode.f but for paranoia.
Would /bin/rm num1.txt but for paranoia.
Would /bin/rm num2 but for paranoia.
Would /bin/rm num2.txt but for paranoia.
Would /bin/rm proc.pl but for paranoia.
Would /bin/rm qq but for paranoia.
Would /bin/rm qq.c but for paranoia.
Would /bin/rm qq.cpp but for paranoia.
Would /bin/rm qq.in but for paranoia.
Not removing qq.py, use /bin/rm if you really want to.
Would /bin/rm qq.rb but for paranoia.
Would /bin/rm qq.s but for paranoia.
Would /bin/rm qq1 but for paranoia.
Would /bin/rm qq2 but for paranoia.
Would /bin/rm qqq but for paranoia.
Would /bin/rm rm but for paranoia.
Would /bin/rm source.f90 but for paranoia.
Would /bin/rm test.txt but for paranoia.
Would /bin/rm xx but for paranoia.
Not removing xx.py, use /bin/rm if you really want to.
现在显然"${fspec: -3}" = ".py"是一个简单的和黑名单。我可能更喜欢有一个白名单,我被允许删除并拒绝其他一切。
下面是基于正则表达式白名单版本:
#!/bin/bash
for fspec in "[email protected]" ; do
del=0
if [[ ! -z "$(echo "${fspec}" | grep 'a.e')" ]] ; then
del=1
fi
if [[ ! -z "$(echo "${fspec}" | grep '\.[Ss]$')" ]] ; then
del=1
fi
if [[ ${del} -ne 1 ]] ; then
echo "Not removing ${fspec}, use /bin/rm if you want."
else
echo " Removing ${fspec}"
#/bin/rm "${fspec}
fi
done
,输出:
Not removing chk.sh, use /bin/rm if you want.
Not removing go, use /bin/rm if you want.
Not removing go.sh, use /bin/rm if you want.
Removing images
Removing images_renamed
Not removing infile.txt, use /bin/rm if you want.
Removing jonesforth.S
Not removing jonesforth.f, use /bin/rm if you want.
Not removing mycode.f, use /bin/rm if you want.
Not removing num1.txt, use /bin/rm if you want.
Not removing num2, use /bin/rm if you want.
Not removing num2.txt, use /bin/rm if you want.
Not removing proc.pl, use /bin/rm if you want.
Not removing qq, use /bin/rm if you want.
Not removing qq.c, use /bin/rm if you want.
Not removing qq.cpp, use /bin/rm if you want.
Not removing qq.in, use /bin/rm if you want.
Not removing qq.py, use /bin/rm if you want.
Not removing qq.rb, use /bin/rm if you want.
Removing qq.s
Not removing qq1, use /bin/rm if you want.
Not removing qq2, use /bin/rm if you want.
Not removing qqq, use /bin/rm if you want.
Not removing rm, use /bin/rm if you want.
Not removing source.f90, use /bin/rm if you want.
Not removing test.txt, use /bin/rm if you want.
Not removing xx, use /bin/rm if you want.
Not removing xx.py, use /bin/rm if you want.
感谢您的回答。毕竟这可能是最好的解决方案!我可能会考虑在python中使用一些脚本来提高可读性(如果我松散python,直接使用/ bin/rm),但是你的bash脚本似乎做得很好! – ThR37 2010-08-18 12:43:36
你也可以使用较少知道的命令“命令”(其类似于“内建”命令)来创建限制性RM包装:
help builtin command | less
# test example using ls instead of rm
function ls() {
for ((i=1; i<=$#; i++)); do
arg="${@:i:1}"
echo "arg ${i}: ${arg}"
[[ "${arg}" == \*.py ]] && { echo "Not allowed: ${arg}"; return 1; }
done
command ls "${@}"
return 0
}
ls -a
ls -a *.py
如果命令被别名或函数覆盖,您可能需要使用'builtin command ls“$ {@}”' – lesmana 2010-08-20 11:39:09
更正我的功能LS例如:
[[ "${arg}" != \*.py ]] && [[ "${arg}" == *.py ]] && \
{ echo "Not allowed: ${arg}"; return 1; }
然后:
ls -a *.py
# ... and also play with modified shell wildcard expansion behaviour ...
(shopt -s nullglob; ls -a *.py)
ThR37说:
这里的基础上,一个简短的Python脚本简单地包装命令如“rm”的想法。 猛砸包装也许是一个更好的主意,但我喜欢的Python :):
#!/usr/bin/python
# coding=UTF-8
import getopt, sys
import subprocess
import re
exprs=[]
exprs.append(re.compile(".*\.py$"));
exprs.append(re.compile(".*\.cpp$"));
exprs.append(re.compile(".*\.hpp$"));
exprs.append(re.compile("\*$"));
def main():
try:
opts, args = getopt.getopt(sys.argv[1:], "Rrfiv", ["interactive","no-preserve-root","preserve-root","recursive","verbose","help","version"])
except getopt.GetoptError, err:
# print help information and exit:
print str(err)
usage()
optsString = "".join([opt[0]+opt[1]+" " for opt in opts]);
for arg in args:
tab = [expr.match(arg) for expr in exprs];
if tab.count(None)!=len(tab):
print "Not removing "+str(arg);
else
cmd = ["/bin/rm"]+[opt[i] for opt in opts for i in range(2) if not opt[i]=='']+[str(arg)];
rmfile = subprocess.Popen(cmd)
if __name__=="__main__":
main();
注意,它是一个扩展的通配符的外壳,让你的程序或功能将永远不会真正*参见*'* .py'。它会看到的所有内容都是通过匹配'* .py'的结果,即匹配该模式的文件列表。 (或者,如果没有,则为'* .py';如果为'shopt -s nullglob',则为空字符串。) – janmoesen 2010-08-18 11:39:41
依赖同名替换来替代'rm'等东西是个坏主意。它所需要的只是一次不可用而Bam!你的文件不见了,因为安全网不在那里。如果你想使用网络,你应该使用不同的名称(例如“安全”)。 – 2010-08-18 15:26:53
@Dennis Williamson:对,你说得对,使用不同的名字可能会更好,但实际上并不是因为你的原因(至少如果你使用你的“rm”命令就像原来的那样(没有直接利用“rm *不删除我的源代码,所以我总是可以使用它“))。但问题可能是更多的Makefiles或安装脚本,不知道你的“RM”不是一个标准的,你可以创造巨大的副作用... – ThR37 2010-08-19 08:36:58