HPE Community
Operating System - HP-UX
1831131 Members
2724 Online
110020 Solutions
New Discussion

Re: echo command

 
malay boy
Trusted Contributor

‎05-28-2007 05:30 PM

‎05-28-2007 05:30 PM

echo command

Hi ,
I have this script test.sh as below:

for x in "${*}"
do
echo $x > /tmp/rub.log
done

But the problem is is if I do below :

./test.sh `pwd`

when I do :

#more /tmp/rub.log
/tmp

What i intend to do is so that even if I put in

#./test.sh `pwd`
#more /tmp/rub.log
`pwd`

any help please

Regards
mB
There are three person in my team-Me ,myself and I.
0 Kudos
Reply
7 REPLIES 7
Steven Schweda
Honored Contributor

‎05-28-2007 06:05 PM

‎05-28-2007 06:05 PM

Re: echo command

The shell expands:
`pwd`
into:
/tmp
(or whatever it is), so your script sees
only:
/tmp
(or whatever), not:
`pwd`
.

You could use apostrophes to quote the thing:
./test.sh '`pwd`'
0 Kudos
Reply
malay boy
Trusted Contributor

‎05-28-2007 06:23 PM

‎05-28-2007 06:23 PM

Re: echo command

Thanks ..

But the problem is i cannot control the user input ..

So we might have user doing ./test.sh `rm -rf *` and it will damage the system.

We are trying to play around with the script whether we can avoid this.

Any idea how ?
There are three person in my team-Me ,myself and I.
0 Kudos
Reply
Andrew Young_2
Honored Contributor

‎05-28-2007 06:25 PM

‎05-28-2007 06:25 PM

Re: echo command

Hi.

The other way would be to Escape the special characters instead of putting them in quotes.

So it would read

#./test.sh \`pwd\`

The problem with quoting is that shells evaluate single quotes(') and double quotes (") differently and this can be confusing especially to shell script novices.

HTH

Andrew Y
Si hoc legere scis, nimis eruditionis habes
0 Kudos
Reply
Steven Schweda
Honored Contributor

‎05-28-2007 06:40 PM

‎05-28-2007 06:40 PM

Re: echo command

> So we might have user doing ./test.sh
> `rm -rf *` and it will damage the system.

If the user can damage the system that way,
then why couldn't he do it more easily by
just saying:
rm -rf *
?
Why would he need your script to cause
trouble?

> We are trying to play around with the
> script whether we can avoid this.

Good luck. As I said, your script never
sees:
`pwd`
or:
`rm -rf *`
The shell evaluates those expressions before
it passes the output to your script.
0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

‎05-28-2007 07:35 PM

‎05-28-2007 07:35 PM

Re: echo command

It is silly to do this: "${*}"
It is the same as ${*}. If you want each quoted you must use: "${@}"
0 Kudos
Reply
Tony Abo
Occasional Advisor

‎05-30-2007 12:47 AM

‎05-30-2007 12:47 AM

Re: echo command

It sounds like you really want to write your own shell so you can parse the commands yourself and decide what is or isn't appropriate to execute.

There is the restricted shell (rsh) that prevents certain kinds of command execution.
0 Kudos
Reply
Tony Berry
Valued Contributor

‎06-01-2007 09:00 AM

‎06-01-2007 09:00 AM

Re: echo command

I think the other Tony is closest... sounds like mB wants to create a chroot'd jailed shell for users. HP-UX Restricted shell might be the easiest, unless he wants his users to have very limited abilities, then he should probably just write a 'case' statement script:

case ${RSH_CMD} in
rm)
echo "No way, Jose."
;;
ls)
/usr/bin/ls
;;
mv)
if [ "${USERNAME}" = "Tony" ]; then
/usr/bin/mv
else
echo "No way, Jose."
fi
;;
*)
echo "Not a supported command."
;;
esac

Anyway, you get the idea.
Unix is boss.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.