I want to make a custom commands directory, that only works when the shell script are running and when the user stops the script all will fall back to the default without altering the default commands like alias in bash.
For example when you open a terminal bash automatically allows access to all commands in /sbin
or /usr/bin
or /bin
. I need to block them all because my custom commands will have the same names like cd
, cp
, mv
.
Here a fake example of what i need to do in code:
#!/bin/bash
disable_path_commands "/sbin"
disable_path_commands "/usr/local/bin"
disable_path_commands "/usr/bin"
global_commands_dir="/my_custom_commands_dir"
bash --block_default_commands "*" --allow_only_commands_from_default "sh,cd,sudo,su" --only-access-commands-from-dir "$global_commands_dir"
cd ~/
After execute the script, the user will only have access to the custom commands that are stored in /my_custom_commands_dir
, but the current dir of the user will be ~/
or the current work dir. When the user typed exit
, automatically will closed bash that have access to the /my_custom_commands_dir
, and now will all back to the normality. The user will have access to all commands, something similar to chroot
but without a complete environment for the OS, only for commands or similar to
export DEFAULT_COMMANDS_DIR="/my_custom_commands_dir"
unset /SBIN
unset /USR/BIN
Consider using "source", if you want the script to change the environment in your currently running shell. Other processes and scripts can then access the exported variables in the shell.
source myscript
This will source myscript. The file need not be executable but it must be a valid shell script. The file can be in current directory or in a directory in $PATH.
. myscript
This will also source myscript. This "spelling" is the official one as defined by POSIX. Bash defined source as an alias to the dot.
You can then copy and modify, for example, an existing .bashrc/profile file, to override the PATH with your chosen options. This will export the new settings to the currently running shell. When you are finished, source the original .bashrc/profile etc. to return to normal.
You can also research the use of the "exec" command to execute the script: The "exec" command will kill or terminate the current shell before executing "myscript". So, you will need to create the environment (PATH etc. from scratch):
#!/bin/bash
#myscript to check exec
exec /path/myRestrictedShellscript.sh
echo "This text will not be printed"
この記事はインターネットから収集されたものであり、転載の際にはソースを示してください。
侵害の場合は、連絡してください[email protected]
コメントを追加