test for directory being subdir of another directory

hackware · December 4, 2007, 4:27pm

I've been using the following code to make sure a shell script only runs under a "safe" directory.
Comments/Improvements?

#!/bin/sh
#----------------------------------------------------------------------------#
#...[top].[ subdir.sh ]......................................................#
#----------------------------------------------------------------------------#
#.........william.o.yates...hackware.at.tru2life.net...tru2life.info.........#
#----------------------------------------------------------------------------#
if [ X"${2}" = "X" ];
then
  echo -e "\a.\n..\n...\n...subdir.sh parent subdir\n...\n..\n.";
else
  dir=${1};
  dir_size=${#1};
  sub=${2};  # oops...    2, not 1...
  sub_size=${#2}; # oops...   2, not 1...
  #---------------------------------------------------------------------------
  # if sub_size is less than dir_size, it can't be under parent.
  #---------------------------------------------------------------------------
  if [ ${sub_size} -lt ${dir_size} ];
  then
    echo -e ".\n..\n...\n... sub_size -lt dir_size\n...\n..\.";
  fi
  #---------------------------------------------------------------------------
  # substring sub to dir_size to then compare sub and dir
  #---------------------------------------------------------------------------
  xdir="$(echo ${sub} | head -c ${dir_size})";
  if [ ${dir} = ${xdir} ];
  then
    echo -e ".\n..\n...\n... ${sub} IS a subdir of ${dir}\n...\n..\n.";
  else
    echo -e ".\n..\n...\n... ${sub} is NOT a subdir of ${dir}\n...\n..\n.";
  fi
fi
#----------------------------------------------------------------------------#
#...[end].[ subdir.sh ]......................................................#
#----------------------------------------------------------------------------#

Smiling_Dragon · December 4, 2007, 4:42pm

I'd suggest using grep instead:

if echo "$1" | egrep "^$2" then ; echo "ok" ; else ; echo "not ok" ; fi

hackware · December 4, 2007, 4:47pm

so ^$2 is a SUBDIRECTORY of $1...?

porter · December 4, 2007, 4:59pm

(a) does not work with symbolic links,

(b) or with a partial relative path for one, and full path for other.

vgersh99 · December 4, 2007, 5:00pm

this is a bit restrictive.
how 'bout:

if echo "/tmp/foo/bar/fred" | egrep "/fred[/]*"; then  echo "ok" ; else  echo "not ok" ; fi

if echo "/tmp/foo/bar/fred" | egrep "/foo[/]*"; then  echo "ok" ; else  echo "not ok" ; fi

if echo "/tmp/foo/barbaz/fred" | egrep "/bar[/]*"; then  echo "ok" ; else  echo "not ok" ; fi

Smiling_Dragon · December 4, 2007, 7:04pm

Not sure what you're getting at there v'ger.
I'm pretty sure the OP is looking for subdirs - ie subtrings that both start at character 0 (thus the ^ symbol).

Adding the [/]* to the end of the subdir search is a good idea though. Possibly enforcing it would be better still to prevent the issue you showed (/barbaz/ vs /bar/).

vgersh99 · December 4, 2007, 7:11pm

Hmmm....... not sure if that was the OP's intent, but I've been known to wrong before.

ghostdog74 · December 4, 2007, 8:24pm

if you have the resources, you can set up restricted shell. the user that runs your script will use the restricted shell.

hackware · December 4, 2007, 10:03pm

the original requirement was to ensure a script would be run against only a subdirectory of a known "safe" directory.

ie: /usr/local/www/com would be the safe directory, and the script would only execute in a subdirectory of that...

The shell script was only for testing. And it does work, I just knew it was bloated compared what some of you guys would come up with.