#!/bin/bash # ========== # $File: //guest/amo/scripts/triggers/restricted-commands.sh $ # $Revision: #2 $ # $Change: 28425 $ # # $Author: amo $ # $DateTimeTZ: 2021/11/30 06:37:44 -0800 PST $ # ---------- # PURPOSE: # Bash script called from pre-command trigger, firing when any user runs a command. # Checks the list of groups to which the user belongs, and if a member of the 'limited' group rejects the user's command. # # Example trigger entry; this blocks commands 'cstat', 'group', 'triggers', 'populate', 'obliterate', 'protect'. # restricted-commands command pre-user-(cstat|group|triggers|populate|obliterate|protect) "%//scripts/triggers/restricted-commands.sh% %quote%%groups%%quote% %command% %user%" # # ---------- # Next steps: # - enhance the trigger - more control/error-handling/logging? groups=$1 cmd=$2 user=$3 echo $groups | grep limited > /dev/null out=$? if [ $out = 0 ] then echo User $user is not allowed to run $cmd. exit 1; fi
# | Change | User | Description | Committed | |
---|---|---|---|---|---|
#2 | 28425 | Adam Morriss |
Updating trigger script, swapping 'command' for 'cmd'. It did work, but something may have changed in this more recent OS |
||
#1 | 24576 | Adam Morriss | Basic command trigger, blocking access to certain commands specified in the trigger definition |