?? restricted-sh.html
字號:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><HTML><HEAD><TITLE>Restricted Shells</TITLE><METANAME="GENERATOR"CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+"><LINKREL="HOME"TITLE="Advanced Bash-Scripting Guide"HREF="index.html"><LINKREL="UP"TITLE="Advanced Topics"HREF="part5.html"><LINKREL="PREVIOUS"TITLE="Subshells"HREF="subshells.html"><LINKREL="NEXT"TITLE="Process Substitution"HREF="process-sub.html"><METAHTTP-EQUIV="Content-Style-Type"CONTENT="text/css"><LINKREL="stylesheet"HREF="common/kde-common.css"TYPE="text/css"><METAHTTP-EQUIV="Content-Type"CONTENT="text/html; charset=iso-8859-1"><METAHTTP-EQUIV="Content-Language"CONTENT="en"><LINKREL="stylesheet"HREF="common/kde-localised.css"TYPE="text/css"TITLE="KDE-English"><LINKREL="stylesheet"HREF="common/kde-default.css"TYPE="text/css"TITLE="KDE-Default"></HEAD><BODYCLASS="CHAPTER"BGCOLOR="#FFFFFF"TEXT="#000000"LINK="#AA0000"VLINK="#AA0055"ALINK="#AA0000"STYLE="font-family: sans-serif;"><DIVCLASS="NAVHEADER"><TABLESUMMARY="Header navigation table"WIDTH="100%"BORDER="0"CELLPADDING="0"CELLSPACING="0"><TR><THCOLSPAN="3"ALIGN="center">Advanced Bash-Scripting Guide: An in-depth exploration of the art of shell scripting</TH></TR><TR><TDWIDTH="10%"ALIGN="left"VALIGN="bottom"><AHREF="subshells.html"ACCESSKEY="P">Prev</A></TD><TDWIDTH="80%"ALIGN="center"VALIGN="bottom"></TD><TDWIDTH="10%"ALIGN="right"VALIGN="bottom"><AHREF="process-sub.html"ACCESSKEY="N">Next</A></TD></TR></TABLE><HRALIGN="LEFT"WIDTH="100%"></DIV><DIVCLASS="CHAPTER"><H1><ANAME="RESTRICTED-SH"></A>Chapter 21. Restricted Shells</H1><P><ANAME="RESTRICTEDSHREF"></A></P><DIVCLASS="VARIABLELIST"><P><B><ANAME="DISABLEDCOMMREF"></A>Disabled commands in restricted shells</B></P><DL><DT></DT><DD><DIVCLASS="FORMALPARA"><P><B>... </B>Running a script or portion of a script in <ICLASS="FIRSTTERM">restricted</I> mode disables certain commands that would otherwise be available. This is a security measure intended to limit the privileges of the script user and to minimize possible damage from running the script.</P></DIV></DD><DT></DT><DD><DIVCLASS="FORMALPARA"><P><B>... </B>Using <TTCLASS="REPLACEABLE"><I>cd</I></TT> to change the working directory.</P></DIV></DD><DT></DT><DD><P>Changing the values of the <TTCLASS="REPLACEABLE"><I>$PATH</I></TT>, <TTCLASS="REPLACEABLE"><I>$SHELL</I></TT>, <TTCLASS="REPLACEABLE"><I>$BASH_ENV</I></TT>, or <TTCLASS="REPLACEABLE"><I>$ENV</I></TT> <AHREF="othertypesv.html#ENVREF">environmental variables</A>.</P></DD><DT></DT><DD><P>Reading or changing the <TTCLASS="REPLACEABLE"><I>$SHELLOPTS</I></TT>, shell environmental options.</P></DD><DT></DT><DD><P>Output redirection.</P></DD><DT></DT><DD><P>Invoking commands containing one or more <SPANCLASS="TOKEN">/'s</SPAN>.</P></DD><DT></DT><DD><P>Invoking <AHREF="internal.html#EXECREF">exec</A> to substitute a different process for the shell.</P></DD><DT></DT><DD><P>Various other commands that would enable monkeying with or attempting to subvert the script for an unintended purpose.</P></DD><DT></DT><DD><P>Getting out of restricted mode within the script.</P></DD></DL></DIV><DIVCLASS="EXAMPLE"><HR><ANAME="RESTRICTED"></A><P><B>Example 21-1. Running a script in restricted mode</B></P><TABLEBORDER="0"BGCOLOR="#E0E0E0"WIDTH="100%"><TR><TD><PRECLASS="PROGRAMLISTING"> 1 #!/bin/bash 2 3 # Starting the script with "#!/bin/bash -r" 4 #+ runs entire script in restricted mode. 5 6 echo 7 8 echo "Changing directory." 9 cd /usr/local 10 echo "Now in `pwd`" 11 echo "Coming back home." 12 cd 13 echo "Now in `pwd`" 14 echo 15 16 # Everything up to here in normal, unrestricted mode. 17 18 set -r 19 # set --restricted has same effect. 20 echo "==> Now in restricted mode. <==" 21 22 echo 23 echo 24 25 echo "Attempting directory change in restricted mode." 26 cd .. 27 echo "Still in `pwd`" 28 29 echo 30 echo 31 32 echo "\$SHELL = $SHELL" 33 echo "Attempting to change shell in restricted mode." 34 SHELL="/bin/ash" 35 echo 36 echo "\$SHELL= $SHELL" 37 38 echo 39 echo 40 41 echo "Attempting to redirect output in restricted mode." 42 ls -l /usr/bin > bin.files 43 ls -l bin.files # Try to list attempted file creation effort. 44 45 echo 46 47 exit 0</PRE></TD></TR></TABLE><HR></DIV></DIV><DIVCLASS="NAVFOOTER"><HRALIGN="LEFT"WIDTH="100%"><TABLESUMMARY="Footer navigation table"WIDTH="100%"BORDER="0"CELLPADDING="0"CELLSPACING="0"><TR><TDWIDTH="33%"ALIGN="left"VALIGN="top"><AHREF="subshells.html"ACCESSKEY="P">Prev</A></TD><TDWIDTH="34%"ALIGN="center"VALIGN="top"><AHREF="index.html"ACCESSKEY="H">Home</A></TD><TDWIDTH="33%"ALIGN="right"VALIGN="top"><AHREF="process-sub.html"ACCESSKEY="N">Next</A></TD></TR><TR><TDWIDTH="33%"ALIGN="left"VALIGN="top">Subshells</TD><TDWIDTH="34%"ALIGN="center"VALIGN="top"><AHREF="part5.html"ACCESSKEY="U">Up</A></TD><TDWIDTH="33%"ALIGN="right"VALIGN="top">Process Substitution</TD></TR></TABLE></DIV></BODY></HTML>?? 快捷鍵說明
復制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號
Ctrl + =
減小字號
Ctrl + -