Mercurial > rm-limit

changeset 1:1217ea1da6d7

find changesets by author, revision, files, or words in the commit message
Ready for testing.
author Eris Caffee <discordia@eldalin.com>
date Tue, 17 May 2011 05:00:54 -0500
parents c1b3644bfc04
children eb4d7d34889e
files rm-limit.pl
diffstat 1 files changed, 61 insertions(+), 15 deletions(-) [+]
line diff
     1.1 --- a/rm-limit.pl	Mon May 09 20:15:10 2011 -0500
     1.2 +++ b/rm-limit.pl	Tue May 17 05:00:54 2011 -0500
     1.3 @@ -18,7 +18,36 @@
     1.4  # along with this program.  If not, see <http://www.gnu.org/licenses/>.
     1.5  #
     1.6  ################################################################################
     1.7 -
     1.8 +#
     1.9 +# A limited rm wrapper.
    1.10 +#
    1.11 +# This scripts has 3 lists:
    1.12 +#     A blacklist of directories from which this script will absolutely refuse
    1.13 +#         to delete anything.
    1.14 +#     A whitelist of directories from which deletions are always allowed.
    1.15 +#     A whitelist of directories from which deletions are always allowed only if
    1.16 +#         they occur in subdirectories of the listed main directory.
    1.17 +#
    1.18 +# Any file not specified as whitelisted or blacklisted will generate a
    1.19 +# warning prompt and offer the user a chance to cancel the deletion.
    1.20 +#
    1.21 +# The purpose is to help prevent accidental deletion of important system files.
    1.22 +#
    1.23 +# To use this, install this script somewher ein your path and add something 
    1.24 +# like the following to your default login scripts, such as the .bash_profile 
    1.25 +# file of the root user.
    1.26 +#
    1.27 +#    alias | grep -q "alias rm="
    1.28 +#    if [ $? -eq 0 ] ; then
    1.29 +#	RM_Opts=$(alias | awk '/alias rm=/ { sub(/^rm /, "", $2); print $2}' FS="'")
    1.30 +#    fi
    1.31 +#
    1.32 +#    unalias rm 2> /dev/null
    1.33 +#    alias rm="rm-limit ${RM_Opts}"
    1.34 +#
    1.35 +# By installing this as an alias for rm that is set up in .bash_profile, it will
    1.36 +# only be active during interactive logins, and not when scripts are running.
    1.37 +#
    1.38  
    1.39  use strict;
    1.40  use warnings;
    1.41 @@ -27,16 +56,13 @@
    1.42  use File::Basename;
    1.43  
    1.44  
    1.45 -my $debug = 1;
    1.46 -
    1.47 -# Any file not in either the whitelist of the blacklist will generate a warning 
    1.48 -# asking the user to confirm the command before proceeding.
    1.49 -
    1.50  ################################################################################
    1.51  #
    1.52  # Note: / itself is protected by default. You are not allowed to delete the 
    1.53  # entire filesystem using this script no matter what.
    1.54  #
    1.55 +# Protecting or exposing a directory affects all subdirectories underneath it.
    1.56 +#
    1.57  # The whitelist consists of directories from which we may always delete.
    1.58  
    1.59  my @whitelist = (
    1.60 @@ -59,13 +85,21 @@
    1.61  
    1.62  my @blacklist = (
    1.63      '/bin/',
    1.64 +    '/boot',
    1.65      '/etc',
    1.66      '/lib/',
    1.67 -    '/boot',
    1.68 +    '/lib64',
    1.69 +    '/sbin',
    1.70      );
    1.71  
    1.72  ################################################################################
    1.73  
    1.74 +my $debug = 0;
    1.75 +
    1.76 +my $rm="/bin/rm";
    1.77 +my $echo="/bin/echo";
    1.78 +
    1.79 +
    1.80  my $proceed = "yes";
    1.81  my $fail = 0;
    1.82  my $file = 0;
    1.83 @@ -83,6 +117,10 @@
    1.84  	    next;
    1.85  	}
    1.86  
    1.87 +	if (check_whitelist_subdirs($path) ) {
    1.88 +	    next;
    1.89 +	}
    1.90 +
    1.91  	$proceed = "no";
    1.92  
    1.93  	if (check_blacklist($path)) {
    1.94 @@ -117,9 +155,14 @@
    1.95      $proceed = <STDIN>;
    1.96  }
    1.97  
    1.98 +chomp($proceed);
    1.99  if ($proceed eq "yes"){
   1.100 -    exec('/usr/bin/echo', ('/bin/rm', @ARGV));
   1.101 -}
   1.102 +    if ($debug) {
   1.103 +	exec($echo, ($rm, @ARGV));
   1.104 +    } else {
   1.105 +	exec($rm, @ARGV);
   1.106 +    }
   1.107 +} 
   1.108  
   1.109  ################################################################################
   1.110  # Expand to full paths, append / to ends of directories.
   1.111 @@ -174,13 +217,14 @@
   1.112      my $path = normalize_name($_);
   1.113      for (my $i = 0; $i <= $#whitelist_subdirs; $i += 1) {
   1.114  	$regex = "^".quotemeta($whitelist_subdirs[$i]);
   1.115 -	if ($whitelist_subdirs[$i] !~ m{/$}) {
   1.116 -	    $regex = $regex."$$";
   1.117 -	}
   1.118  	($debug) and print("regex is $regex\n");
   1.119  	if (($path =~ $regex) and ($path ne $whitelist_subdirs[$i])) {
   1.120 -	    $debug and print("Whitelisted for being in $whitelist_subdirs[$i]: $_\n");
   1.121 -	    return 1;
   1.122 +	    $regex = $regex.".*/.+";
   1.123 +	    ($debug) and print("new regex is $regex\n");
   1.124 +	    if ($path =~ $regex) {
   1.125 +		$debug and print("Whitelisted for being subdir of $whitelist_subdirs[$i]: $_\n");
   1.126 +		return 1;
   1.127 +	    }
   1.128  	}
   1.129      }
   1.130  
   1.131 @@ -225,8 +269,10 @@
   1.132  	    $whitelist[$i] = $whitelist[$i]."/";
   1.133  	}
   1.134      }
   1.135 +
   1.136 +    # All entries on the whitelist_subdirs list _must_ be directories.
   1.137      for (my $i = 0; $i <= $#whitelist_subdirs; $i += 1) {
   1.138 -	if (-d $whitelist_subdirs[$i]  and $whitelist_subdirs[$i] !~ m{/$}) {
   1.139 +	if ($whitelist_subdirs[$i] !~ m{/$}) {
   1.140  	    $whitelist_subdirs[$i] = $whitelist_subdirs[$i]."/";
   1.141  	}
   1.142      }