巴什 - 隐藏命令（从坏的操作preventing） [英] Bash - Hiding command (preventing from bad manipulations)

问题描述

我在想，如果他们是一个方法来prevent在为了执行从坏的操控prevent有时一些命令（为例执行RM *。 PY 当你想要执行RM *。 PYC 或类似的东西）。

I was wondering if they was a way to prevent some commands from being executed in order to prevent from bad manipulation sometimes (for exemple you execute "rm *.py" when you wanted to execute "rm *.pyc" or something like that).

人们会说，这是用户的responsability检查他的投入和它是正确的，但我想无论如何要知道，如果有一种方法。

People will say that it's the user's responsability to check his inputs and it's right but I would like to know anyway if there's a way.

有关基本的东西，我们可以在我们的.bashrc像使用别名：

For "basic" things, we can use aliases in our bashrc like :

alias apt-get="echo 'We use aptitude here !'"
alias sl="echo 'Did you mean ls ?'"

但对于一些与参数，像RM -f *的.py（或室射频/），这简单的一招不起作用。
当然，我只是希望那个prevent确切要执行的命令（同一空间和相同的参数排序将是一个良好的开端）的一个基本方法。

But for something with arguments like "rm -f *.py" (or "rm -Rf /"), this simple trick don't work. Of course, I just want a basic method that prevent the exact command to be executed (same spaces and same arguments ordering would be a good start).

非常感谢你对你的答案。

Thank you very much for your answers.

推荐答案

好了，你可以用把自己的路径组件之一，在所有其他人面前的由来已久的做法：

Well, you can use the time-honoured approach of putting one of your own path components in front of all the others:

PATH=~/safebin:$PATH

，然后在〜/ safebin ，你把那些更安全像 RM 脚本：

and then, in ~/safebin, you put scripts that are "safer" like rm:

#!/bin/bash

for fspec in "$@" ; do
    if [[ "${fspec: -3}" = ".py" ]] ; then
        echo Not removing ${fspec}, use /bin/rm if you really want to.
    else
        echo Would /bin/rm "${fspec}" but for paranoia.
    fi
done

为 RM * 该脚本输出：

Would /bin/rm chk.sh but for paranoia.
Would /bin/rm go but for paranoia.
Would /bin/rm go.sh but for paranoia.
Would /bin/rm images but for paranoia.
Would /bin/rm images_renamed but for paranoia.
Would /bin/rm infile.txt but for paranoia.
Would /bin/rm jonesforth.S but for paranoia.
Would /bin/rm jonesforth.f but for paranoia.
Would /bin/rm mycode.f but for paranoia.
Would /bin/rm num1.txt but for paranoia.
Would /bin/rm num2 but for paranoia.
Would /bin/rm num2.txt but for paranoia.
Would /bin/rm proc.pl but for paranoia.
Would /bin/rm qq but for paranoia.
Would /bin/rm qq.c but for paranoia.
Would /bin/rm qq.cpp but for paranoia.
Would /bin/rm qq.in but for paranoia.
Not removing qq.py, use /bin/rm if you really want to.
Would /bin/rm qq.rb but for paranoia.
Would /bin/rm qq.s but for paranoia.
Would /bin/rm qq1 but for paranoia.
Would /bin/rm qq2 but for paranoia.
Would /bin/rm qqq but for paranoia.
Would /bin/rm rm but for paranoia.
Would /bin/rm source.f90 but for paranoia.
Would /bin/rm test.txt but for paranoia.
Would /bin/rm xx but for paranoia.
Not removing xx.py, use /bin/rm if you really want to.

现在显然$ {fspec：-3}=。py为是一个简单的一年黑名单。我可能会preFER有事情，我被允许删除，并拒绝一切白名单。

Now obviously the "${fspec: -3}" = ".py" is a simplistic one and a black list. I'd probably prefer to have a white list of things I was allowed to delete and deny everything else.

和这里的基于正则前pressions白名单的版本：

And here's a white list version based on regular expressions:

#!/bin/bash

for fspec in "$@" ; do
    del=0
    if [[ ! -z "$(echo "${fspec}" | grep 'a.e')" ]] ; then
        del=1
    fi
    if [[ ! -z "$(echo "${fspec}" | grep '\.[Ss]$')" ]] ; then
        del=1
    fi

    if [[ ${del} -ne 1 ]] ; then
        echo "Not removing ${fspec}, use /bin/rm if you want."
    else
        echo "    Removing ${fspec}"
        #/bin/rm "${fspec}
    fi
done

它输出：

Not removing chk.sh, use /bin/rm if you want.
Not removing go, use /bin/rm if you want.
Not removing go.sh, use /bin/rm if you want.
    Removing images
    Removing images_renamed
Not removing infile.txt, use /bin/rm if you want.
    Removing jonesforth.S
Not removing jonesforth.f, use /bin/rm if you want.
Not removing mycode.f, use /bin/rm if you want.
Not removing num1.txt, use /bin/rm if you want.
Not removing num2, use /bin/rm if you want.
Not removing num2.txt, use /bin/rm if you want.
Not removing proc.pl, use /bin/rm if you want.
Not removing qq, use /bin/rm if you want.
Not removing qq.c, use /bin/rm if you want.
Not removing qq.cpp, use /bin/rm if you want.
Not removing qq.in, use /bin/rm if you want.
Not removing qq.py, use /bin/rm if you want.
Not removing qq.rb, use /bin/rm if you want.
    Removing qq.s
Not removing qq1, use /bin/rm if you want.
Not removing qq2, use /bin/rm if you want.
Not removing qqq, use /bin/rm if you want.
Not removing rm, use /bin/rm if you want.
Not removing source.f90, use /bin/rm if you want.
Not removing test.txt, use /bin/rm if you want.
Not removing xx, use /bin/rm if you want.
Not removing xx.py, use /bin/rm if you want.

这篇关于巴什 - 隐藏命令（从坏的操作preventing）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！