I am trying to silence or supress rm -rf option for a particular user(venkat).
for that am going to write a function in a script test_fun_ls.sh like below
#!/bin/bash
RM_FUNCTION ()
{
if [ $# -ne 0 ]
then
case ${1} in
-r)
echo "user $USER Restricted to use rm -r option"
;;
-rf)
echo "user $USER Restricted to use rm -rf option"
;;
-fr)
echo "user $USER Restricted to use rm -rf option"
;;
*)
echo "OK"
if [ $# -ge 1 ]
then
rm $@
else
rm $1
fi
;;
esac
else
echo "OK"
rm
fi
}
and reading it in .bash_profile
like below
source /home/venkat/scripts/test_fun_ls.sh
alias ls='RM_FUNCTION'
above is working fine but if i use ls with /bin/rm -rf it will have no effect for the function above.
please help.
Also Someone please advice me above process is ok or not
You can either remove the execute permission from the rm command but that will restrict other users also from executing the rm command. So, you can make bin folder under user's home folder containing softlinks to executable in /bin folder and just remove rm softlink from user's ~/bin folder and set user's default path under ~/.bashrc file to use ~/bin for search for executable.
Note: As mentioned on link user can overcome this approach by resetting $PATH , also would suggest you to try it at dev environment first please.
No way unless you recompile the sources. Anything you do on shell level can be circumvented. (I'm not sure if sudo would offer an option to implement this)
What would happen if another flag was in argument 1, then -rf was argument 2? I feel you would never catch it.
If you are concerned that people may delete files by mistake, you would be better to remove their access to do so, else there are many other ways to destroy things, e.g. renaming the files, overwriting etc.
In addition to what has already been said by others, the lack of quoting with your expansions of $1 and $@ make it impossible to remove any file with a pathname containing any whitespace characters. And, expanding on what rbatte1 said, your entire scheme is defeated by simply using any of the following:
Thanks Rudic,Ravinder Singh,rabattel,Don Cragun for enlightening me.
as i got the requirement to suppress -rf option for rm command to database user
i don't have sudo or root access so i chosen this way with my limited knowledge.
Thanks once again all for sharing your thoughts.
IN general, doing what you want ,without creating a chroot jail for that one user, will fail or break existing code for everybody else.
You need to consider - assuming you are on a open source like linux or freeBSD:
change the rm source to stop printing, compile it to another directory
put the one user in a chroot jail, where the special rm and the rest of /bin /usr/bin and maybe /usr/sbin are in a separate safe location for that user. Only.
Aliasing a rm function to ls is not something i consider "avoid unrequired deletions". ls is used to list files, not to remove them.
From my point of view, i say this is not only bad coding - but harmfull coding, eventhough the intial idea was to to avoid harms.
And if it is jus for fun, try this:
alias ls="echo rm ${@:-*};echo Successfully deleted: ${@:-*}"