- •Advanced Bash-Scripting Guide
- •Dedication
- •Table of Contents
- •Part 1. Introduction
- •Advanced Bash-Scripting Guide
- •Chapter 2. Starting Off With a Sha-Bang
- •2.1. Invoking the script
- •2.2. Preliminary Exercises
- •Part 2. Basics
- •Chapter 3. Exit and Exit Status
- •Chapter 4. Special Characters
- •Chapter 5. Introduction to Variables and Parameters
- •5.1. Variable Substitution
- •5.2. Variable Assignment
- •5.3. Bash Variables Are Untyped
- •5.4. Special Variable Types
- •Chapter 6. Quoting
- •Chapter 7. Tests
- •7.1. Test Constructs
- •7.2. File test operators
- •7.3. Comparison operators (binary)
- •7.4. Nested if/then Condition Tests
- •7.5. Testing Your Knowledge of Tests
- •8.1. Operators
- •8.2. Numerical Constants
- •Part 3. Beyond the Basics
- •Chapter 9. Variables Revisited
- •9.1. Internal Variables
- •9.2. Manipulating Strings
- •9.3. Parameter Substitution
- •9.4. Typing variables: declare or typeset
- •9.5. Indirect References to Variables
- •9.6. $RANDOM: generate random integer
- •9.7. The Double Parentheses Construct
- •Chapter 10. Loops and Branches
- •10.1. Loops
- •10.2. Nested Loops
- •10.3. Loop Control
- •10.4. Testing and Branching
- •Chapter 11. Internal Commands and Builtins
- •12.1. Basic Commands
- •12.2. Complex Commands
- •12.3. Time / Date Commands
- •12.4. Text Processing Commands
- •12.5. File and Archiving Commands
- •12.6. Communications Commands
- •12.7. Terminal Control Commands
- •12.8. Math Commands
- •12.9. Miscellaneous Commands
- •Chapter 13. System and Administrative Commands
- •Chapter 14. Command Substitution
- •Chapter 15. Arithmetic Expansion
- •Chapter 16. I/O Redirection
- •16.1. Using exec
- •16.2. Redirecting Code Blocks
- •16.3. Applications
- •Chapter 17. Here Documents
- •Chapter 18. Recess Time
- •Part 4. Advanced Topics
- •Chapter 19. Regular Expressions
- •19.1. A Brief Introduction to Regular Expressions
- •19.2. Globbing
- •Chapter 20. Subshells
- •Chapter 21. Restricted Shells
- •Chapter 22. Process Substitution
- •Chapter 23. Functions
- •23.1. Complex Functions and Function Complexities
- •23.2. Local Variables
- •Chapter 24. Aliases
- •Chapter 25. List Constructs
- •Chapter 26. Arrays
- •Chapter 27. Files
- •Chapter 28. /dev and /proc
- •28.2. /proc
- •Chapter 29. Of Zeros and Nulls
- •Chapter 30. Debugging
- •Chapter 31. Options
- •Chapter 32. Gotchas
- •Chapter 33. Scripting With Style
- •Chapter 34. Miscellany
- •34.2. Shell Wrappers
- •34.3. Tests and Comparisons: Alternatives
- •34.4. Optimizations
- •34.5. Assorted Tips
- •34.6. Oddities
- •34.7. Security Issues
- •34.8. Portability Issues
- •34.9. Shell Scripting Under Windows
- •Chapter 35. Bash, version 2
- •36. Endnotes
- •36.1. Author's Note
- •36.2. About the Author
- •36.3. Tools Used to Produce This Book
- •36.4. Credits
- •List of Tables
- •List of Examples
- •Bibliography
Restricted Shells
Advanced Bash-Scripting Guide:
Prev |
Next |
Chapter 21. Restricted Shells
Disabled commands in restricted shells
Running a script or portion of a script in restricted mode disables certain commands that would otherwise be available. This is a security measure intended to limit the privileges of the script user and to minimize possible damage from running the script.
Using cd to change the working directory.
Changing the values of the $PATH, $SHELL, $BASH_ENV, or $ENV environmental variables.
Reading or changing the $SHELLOPTS, shell environmental options.
Output redirection.
Invoking commands containing one or more /'s.
Invoking exec to substitute a different process for the shell.
Various other commands that would enable monkeying with or attempting to subvert the script for an unintended purpose.
Getting out of restricted mode within the script.
Example 21-1. Running a script in restricted mode
http://tldp.org/LDP/abs/html/restricted-sh.html (1 of 3) [7/15/2002 6:34:36 PM]
Restricted Shells
#!/bin/bash
#Starting the script with "#!/bin/bash -r"
#runs entire script in restricted mode.
echo
echo "Changing directory." cd /usr/local
echo "Now in `pwd`"
echo "Coming back home." cd
echo "Now in `pwd`" echo
# Everything up to here in normal, unrestricted mode.
set -r
# set --restricted has same effect. echo "==> Now in restricted mode. <=="
echo echo
echo "Attempting directory change in restricted mode." cd ..
echo "Still in `pwd`"
echo echo
echo "\$SHELL = $SHELL"
echo "Attempting to change shell in restricted mode." SHELL="/bin/ash"
echo
echo "\$SHELL= $SHELL"
echo echo
echo "Attempting |
to redirect output in restricted mode." |
||
ls |
-l |
/usr/bin > |
bin.files |
ls |
-l |
bin.files |
# Try to list attempted file creation effort. |
echo
http://tldp.org/LDP/abs/html/restricted-sh.html (2 of 3) [7/15/2002 6:34:36 PM]
Restricted Shells
exit 0
Prev |
Home |
Next |
Subshells |
Up |
Process Substitution |
http://tldp.org/LDP/abs/html/restricted-sh.html (3 of 3) [7/15/2002 6:34:36 PM]
Process Substitution
Advanced Bash-Scripting Guide:
Prev |
Next |
Chapter 22. Process Substitution
Process substitution is the counterpart to command substitution. Command substitution sets a variable to the result of a command, as in dir_contents=`ls -al` or xref=$( grep word datafile). Process substitution feeds the output of a process to another process (in other words, it sends the results of a command to another command).
Command substitution template
command within parentheses
>(command)
<(command)
These initiate process substitution. This uses /dev/fd/<n> files to send the results of the process within parentheses to another process. [1]
There is no space between the the "<" or ">" and the parentheses. Space there would give an error message.
bash$ echo >(true)
/dev/fd/63
bash$ echo <(true)
/dev/fd/63
Bash creates a pipe with two file descriptors, --fIn and fOut--. The stdin of true connects to fOut (dup2(fOut, 0)), then Bash passes a /dev/fd/fIn argument to echo. On systems lacking /dev/fd/<n> files, Bash may use temporary files. (Thanks, S.C.)
http://tldp.org/LDP/abs/html/process-sub.html (1 of 3) [7/15/2002 6:34:36 PM]
Process Substitution
cat <(ls -l) |
|
# Same as |
ls -l | cat |
sort -k 9 <(ls -l /bin) <(ls -l /usr/bin) <(ls -l /usr/X11R6/bin)
#Lists all the files in the 3 main 'bin' directories, and sorts by filename.
#Note that three (count 'em) distinct commands are fed to 'sort'.
diff <(command1) <(command2) |
# Gives difference in command output. |
tar cf >(bzip2 -c > file.tar.bz2) $directory_name
#Calls "tar cf /dev/fd/?? $directory_name", and "bzip2 -c > file.tar.bz2".
#Because of the /dev/fd/<n> system feature,
#the pipe between both commands does not need to be named.
#
# This can be emulated.
#
bzip2 -c < pipe > file.tar.bz2& tar cf pipe $directory_name
rm pipe
#or
exec 3>&1
tar cf /dev/fd/4 $directory_name 4>&1 >&3 3>&- | bzip2 -c > file.tar.bz2 3>&- exec 3>&-
#Thanks, S.C.
A reader of this document sent in the following interesting example of process substitution.
# Script fragment taken from SuSE distribution:
while read des what mask iface; do
#Some commands ...
done < <(route -n)
#To test it, let's make it do something. while read des what mask iface; do
echo $des $what $mask $iface done < <(route -n)
#Output:
#Kernel IP routing table
#Destination Gateway Genmask Flags Metric Ref Use Iface
#127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
#As S.C. points out, an easier-to-understand equivalent is:
http://tldp.org/LDP/abs/html/process-sub.html (2 of 3) [7/15/2002 6:34:36 PM]
Process Substitution
route -n |
| |
|
while read des what |
mask iface; do # Variables set from output of pipe. |
|
echo |
$des $what $mask $iface |
|
done |
# Same output |
as above. |
|
|
|
Notes
[1]This has the same effect as a named pipe (temp file), and, in fact, named pipes were at one time used in process substitution.
Prev |
Home |
Next |
Restricted Shells |
Up |
Functions |
http://tldp.org/LDP/abs/html/process-sub.html (3 of 3) [7/15/2002 6:34:36 PM]