Although this construct will work, I would like to suggest you redesign the script. The reason is security vulnerability that you are implicitly building into it. What if the user runs the script with "./test.sh rm -r /" (don't run this!)? Your script would execute that command obediently.
You'd be better off to stay away from 'eval', if you cannot have total control of the argument of 'eval'. In other words, invoking eval on a user-defined input can be dangerous.
You might want to hard-code the command into your script, and then just pass the argument to it, something like:
Code:
#!/bin/bash
arg=$1
#do whatever
echo $arg
and then call the script with
Code:
./test.sh "$var"
If you can show us a bigger picture of what you are trying to accomplish, we could suggest a better way to implement it.
Thanks for pointing that out.
If the user tried to delete the root directory, wouldn't it stop them because they aren't root?
Basically, I've made a bash script that runs commands passed to it on multiple devices.
Then, for scheduled tasks, I'm having the script be called with commands and variables to facilitate easier management.
The tricky part is making it so a user can do something like ./send-commands devicelist "ssh $username@$device" which I've fixed using the eval method.
Greetings,
I am wrapping the monitoring commands like vmstat, sar, iostat and call via arguments
I want ./unix_stats.sh -v vmstat -p <SEC> -d <Duration>
to give vmstat values, and similarly iostat etc.,.
Also if I give ./unix_stats.sh -v vmstat -i iostat -p <SEC> -d <Duration> should give... (4 Replies)
Hi All,
My query is as below:
Am basically writing a parser script.
My input file has got some variables which are populated by the calling program.
callig program:
fun1("cat","dog","cow")
input.*
argument first
argument second
I want to write a script that should give me... (4 Replies)
Hi All,
i have script like below..
echo "1) first option"
echo ""
echo "2) second option"
echo ""
echo "*) please enter the correct option"
read select
case $select in
1) echo "first option selected"
;;
2) echo "second option selected"
;;
*) echo "please enter the correct... (4 Replies)
Hi all
I have got a file digits.data containing the following data
1 3 4
2 4 9
7 3 1
7 3 10
I am writing a script that will pass an argument from C-shell to nawk command. But it seems the values in the nawk comman does not get set. the program does not print no values out. Here is the... (2 Replies)
Hello all,
New to C and I'm trying to write a program which can run a unix command. Would like to have the option of giving the user the ability to enter arguments e.g for "ls" be able to run "ls -l".
I would appreciate any help.
Thanks
#include <stdio.h>
#include <unistd.h>
#include... (3 Replies)
Hi all:
I'm trying to pass an argument to a command but it's being difficult.
#!/bin/bash
set -xv
if ; then
echo "More than 1 argument entered"
echo "Please enter a month using 3 character names, ie, Jan, Mar, Apr, Dec" && exit 1
fi
if ; then
echo "Please enter a month using... (2 Replies)
Hi,
I have a script that is scheduled with cron and runs every night. The cron part looks like this:
00 20 * * 0,1,2,3,4,5,6 /usr/local/bin/BACKUP TBTARM HOT DELETE
My issue is with the 3rd parameter. Somewhere in the script, i want to tell the script to delete some files if the 3rd... (7 Replies)
How to pass the alphabet character as a argument in case and in if block?
ex:
c=$1
if a-z ]]
then
echo "alphabet"
case $1 in
a-z) echo "the value is a alphabet"
edit by bakunin: please use CODE-tags. We REALLY mean it. (9 Replies)
Hi,
I have a .pcap.gz file and I would like to initially gzip it and then pass the resulting .pcap filename as an argument to a piped tool; the right-hand tool is not standardized linux tool but a custom one that strictly requires the string name of a given .pcap file in order for the pcap file... (2 Replies)
I am trying to pass a second argument like so:
if ] then
export ARG2=$2
else
message "Second argument not specified: USAGE - $PROGRAM_NAME ARG1 ARG2"
checkerror -e 2 -m "Please specify if it is a history or weekly (H or W) extract in the 2nd argument"
fi
however, it always goes... (4 Replies)
Discussion started by: MIA651
4 Replies
LEARN ABOUT PHP
setuid
SETUID(1) General Commands Manual SETUID(1)NAME
setuid - run a command with a different uid.
SYNOPSIS
setuid username|uid command [ args ]
DESCRIPTION
Setuid changes user id, then executes the specified command. Unlike some versions of su(1), this program doesn't ever ask for a password
when executed with effective uid=root. This program doesn't change the environment; it only changes the uid and then uses execvp() to find
the command in the path, and execute it. (If the command is a script, execvp() passes the command name to /bin/sh for processing.)
For example,
setuid some_user $SHELL
can be used to start a shell running as another user.
Setuid is useful inside scripts that are being run by a setuid-root user -- such as a script invoked with super, so that the script can
execute some commands using the uid of the original user, instead of root. This allows unsafe commands (such as editors and pagers) to be
used in a non-root mode inside a super script. For example, an operator with permission to modify a certain protected_file could use a
super command that simply does:
cp protected_file temp_file
setuid $ORIG_USER ${EDITOR:-/bin/vi} temp_file
cp temp_file protected_file
(Note: don't use this example directly. If the temp_file can somehow be replaced by another user, as might be the case if it's kept in a
temporary directory, there will be a race condition in the time between editing the temporary file and copying it back to the protected
file.)
AUTHOR
Will Deich
local SETUID(1)