Mercurial > rm-limit
changeset 1:1217ea1da6d7
Ready for testing.
author | Eris Caffee <discordia@eldalin.com> |
---|---|
date | Tue, 17 May 2011 05:00:54 -0500 |
parents | c1b3644bfc04 |
children | eb4d7d34889e |
files | rm-limit.pl |
diffstat | 1 files changed, 61 insertions(+), 15 deletions(-) [+] |
line diff
1.1 --- a/rm-limit.pl Mon May 09 20:15:10 2011 -0500 1.2 +++ b/rm-limit.pl Tue May 17 05:00:54 2011 -0500 1.3 @@ -18,7 +18,36 @@ 1.4 # along with this program. If not, see <http://www.gnu.org/licenses/>. 1.5 # 1.6 ################################################################################ 1.7 - 1.8 +# 1.9 +# A limited rm wrapper. 1.10 +# 1.11 +# This scripts has 3 lists: 1.12 +# A blacklist of directories from which this script will absolutely refuse 1.13 +# to delete anything. 1.14 +# A whitelist of directories from which deletions are always allowed. 1.15 +# A whitelist of directories from which deletions are always allowed only if 1.16 +# they occur in subdirectories of the listed main directory. 1.17 +# 1.18 +# Any file not specified as whitelisted or blacklisted will generate a 1.19 +# warning prompt and offer the user a chance to cancel the deletion. 1.20 +# 1.21 +# The purpose is to help prevent accidental deletion of important system files. 1.22 +# 1.23 +# To use this, install this script somewher ein your path and add something 1.24 +# like the following to your default login scripts, such as the .bash_profile 1.25 +# file of the root user. 1.26 +# 1.27 +# alias | grep -q "alias rm=" 1.28 +# if [ $? -eq 0 ] ; then 1.29 +# RM_Opts=$(alias | awk '/alias rm=/ { sub(/^rm /, "", $2); print $2}' FS="'") 1.30 +# fi 1.31 +# 1.32 +# unalias rm 2> /dev/null 1.33 +# alias rm="rm-limit ${RM_Opts}" 1.34 +# 1.35 +# By installing this as an alias for rm that is set up in .bash_profile, it will 1.36 +# only be active during interactive logins, and not when scripts are running. 1.37 +# 1.38 1.39 use strict; 1.40 use warnings; 1.41 @@ -27,16 +56,13 @@ 1.42 use File::Basename; 1.43 1.44 1.45 -my $debug = 1; 1.46 - 1.47 -# Any file not in either the whitelist of the blacklist will generate a warning 1.48 -# asking the user to confirm the command before proceeding. 1.49 - 1.50 ################################################################################ 1.51 # 1.52 # Note: / itself is protected by default. You are not allowed to delete the 1.53 # entire filesystem using this script no matter what. 1.54 # 1.55 +# Protecting or exposing a directory affects all subdirectories underneath it. 1.56 +# 1.57 # The whitelist consists of directories from which we may always delete. 1.58 1.59 my @whitelist = ( 1.60 @@ -59,13 +85,21 @@ 1.61 1.62 my @blacklist = ( 1.63 '/bin/', 1.64 + '/boot', 1.65 '/etc', 1.66 '/lib/', 1.67 - '/boot', 1.68 + '/lib64', 1.69 + '/sbin', 1.70 ); 1.71 1.72 ################################################################################ 1.73 1.74 +my $debug = 0; 1.75 + 1.76 +my $rm="/bin/rm"; 1.77 +my $echo="/bin/echo"; 1.78 + 1.79 + 1.80 my $proceed = "yes"; 1.81 my $fail = 0; 1.82 my $file = 0; 1.83 @@ -83,6 +117,10 @@ 1.84 next; 1.85 } 1.86 1.87 + if (check_whitelist_subdirs($path) ) { 1.88 + next; 1.89 + } 1.90 + 1.91 $proceed = "no"; 1.92 1.93 if (check_blacklist($path)) { 1.94 @@ -117,9 +155,14 @@ 1.95 $proceed = <STDIN>; 1.96 } 1.97 1.98 +chomp($proceed); 1.99 if ($proceed eq "yes"){ 1.100 - exec('/usr/bin/echo', ('/bin/rm', @ARGV)); 1.101 -} 1.102 + if ($debug) { 1.103 + exec($echo, ($rm, @ARGV)); 1.104 + } else { 1.105 + exec($rm, @ARGV); 1.106 + } 1.107 +} 1.108 1.109 ################################################################################ 1.110 # Expand to full paths, append / to ends of directories. 1.111 @@ -174,13 +217,14 @@ 1.112 my $path = normalize_name($_); 1.113 for (my $i = 0; $i <= $#whitelist_subdirs; $i += 1) { 1.114 $regex = "^".quotemeta($whitelist_subdirs[$i]); 1.115 - if ($whitelist_subdirs[$i] !~ m{/$}) { 1.116 - $regex = $regex."$$"; 1.117 - } 1.118 ($debug) and print("regex is $regex\n"); 1.119 if (($path =~ $regex) and ($path ne $whitelist_subdirs[$i])) { 1.120 - $debug and print("Whitelisted for being in $whitelist_subdirs[$i]: $_\n"); 1.121 - return 1; 1.122 + $regex = $regex.".*/.+"; 1.123 + ($debug) and print("new regex is $regex\n"); 1.124 + if ($path =~ $regex) { 1.125 + $debug and print("Whitelisted for being subdir of $whitelist_subdirs[$i]: $_\n"); 1.126 + return 1; 1.127 + } 1.128 } 1.129 } 1.130 1.131 @@ -225,8 +269,10 @@ 1.132 $whitelist[$i] = $whitelist[$i]."/"; 1.133 } 1.134 } 1.135 + 1.136 + # All entries on the whitelist_subdirs list _must_ be directories. 1.137 for (my $i = 0; $i <= $#whitelist_subdirs; $i += 1) { 1.138 - if (-d $whitelist_subdirs[$i] and $whitelist_subdirs[$i] !~ m{/$}) { 1.139 + if ($whitelist_subdirs[$i] !~ m{/$}) { 1.140 $whitelist_subdirs[$i] = $whitelist_subdirs[$i]."/"; 1.141 } 1.142 }