Solved

Execution upon directory entrance?

Posted on 2004-03-26
17
349 Views
Last Modified: 2010-04-21
Just curious

If this is not possible, you'll still receive full credit saying "not possible"

But I was wondering if unix can automatically execute a script, (shell script or perl), upon entering a directory.

For example, lets say:

/usr/bin contains a script called "file_filter.sh".

Now, lets just say that "file_filter.sh" just contains a command like: ls -lart | grep -i ramble

So, we do this:

# pwd
/
# cd temp
# cd website
# cd Ramble
-rwx------   1 ramble    user       2166 Mar 19 11:21 index.html
-rw-------   1 ramble    user        877 Mar 19 11:21 something.cgi
drwx------   6 ramble    user        512 Mar 25 09:01 ..
-rwx------   1 ramble    user        852 Mar 26 11:22 README
drwxr-xr-x   2 ramble    user        512 Mar 26 14:38 .
#pwd
/temp/website/Ramble

So, upon entering the Ramble directory, the file_filter.sh script was executed, and displayed.


thanks_ramble
0
Comment
Question by:ramble
  • 4
  • 3
  • 2
  • +5
17 Comments
 
LVL 7

Assisted Solution

by:fim32
fim32 earned 50 total points
ID: 10691532
hmm, but to run a script and stay in the directory...

i would do this.  make your file_filter.sh like so:
#!/bin/sh
cd ${1}
ls -lart | grep -i ramble

then, make an alias named something like "chdir" (which doesn't exist on unix):
alias chdir=". file_filter.sh"

and then when you use chdir, it will work.

don't think you can alias cd and expect it to, tho, because the cd that you're using in your script would also get aliased... making a messy loop.
0
 
LVL 6

Assisted Solution

by:bira
bira earned 50 total points
ID: 10691973
Create an user whose home directory is /temp/website/ramble
create a .profile file to this user in this directory, containing the command:
 ls -lart | grep -i ramble

  Anytime you log as this user, the command will run
  automatically.
0
 
LVL 44

Assisted Solution

by:Karl Heinz Kremer
Karl Heinz Kremer earned 50 total points
ID: 10694445
It's not possible, this is not Windows :-) You may be able to play tricks with aliasing the cd command, but this will not work if you e.g. do a cd with the chdir system call (which would allow you to write your own cd command with e..g a Perl script that would circumvent your program).
0
 
LVL 9

Assisted Solution

by:Alf666
Alf666 earned 50 total points
ID: 10694883
Securitywise, it would be like hell with traps every other dir :-)

Imagine you are root, cd to /tmp and voila.... A nice hidden root shell script is created somewhere else.

BAAAAAD :-)
0
 

Author Comment

by:ramble
ID: 10695635

Yes, but perhaps it could be use *for* security purposes.  Kind of a tracking mechanism.  Imagine if the file_filter.sh was a mail.sh script, that would email someones pager, upon a user/power user entering/exploring areas that are otherwise restricted. (as well as logging enter time, and frequency)

Just a thought.
0
 
LVL 44

Expert Comment

by:Karl Heinz Kremer
ID: 10695696
I figured that you want to use this "non-feature" for security related purposes. That's why I said that it could be circumvented by very simple means.
You could modify your kernel file system drivers so that some program gets started (or the event gets logged to a log file), but short of messing with the kernel, it's not possible.
0
 
LVL 51

Accepted Solution

by:
ahoffmann earned 50 total points
ID: 10696663
not possible, as khkremer said.
either replace or alias cd and/or ls, that's it
but keep in mind that you need to take everywher when you alias basic system or shell commands, there're infinite dragons ...
0
 
LVL 61

Assisted Solution

by:gheist
gheist earned 50 total points
ID: 10698795
ftp
ftp> !
$ cd /
$ .....
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 20

Assisted Solution

by:Gns
Gns earned 50 total points
ID: 10703812
... Just to add another "non-solution" (I agree with the above nay-sayers (Karl Heinz and Achim mainly:))... Some shells have a "prompt command feature" that you could vell use too... Horribly inefficient, and as easily fooled. For "security" of this kind we're looking at "(non-)shell menu systems" or accounting and hostbased IDSes.

-- Glenn
0
 
LVL 7

Expert Comment

by:fim32
ID: 10705990
ah, now if you really, really, really wanted to make this work... you could just rewrite the sh code?
0
 
LVL 9

Expert Comment

by:Alf666
ID: 10707742
fim32 : Nope. As stated before. The real place is in the kernel. Though I would not want to have to write a kernel option that messes with user space files content...

If you just rewrite the shell, only the shell gets the security feature. Any other prog will circumvent it.

You'd have to add code to the chdir() and optionally open() system calls.
0
 
LVL 61

Expert Comment

by:gheist
ID: 10708083
and modify semantics of any of few thousands of syscalls and make a system unlike any other in the world ....
0
 

Author Comment

by:ramble
ID: 10715506

gheist: what are you doing with the ftp?  Just wondering what you're thinking...

0
 
LVL 61

Expert Comment

by:gheist
ID: 10716020
that you can exec any command from within ftp client, telnet client, vi editor and many more, especially alternate shell.

Have a look at jail from freebsd and systrace from openbsd, one makes restricted full system within running system subtree, another allows to imply restrictions on syscalls made by programs, there must be something alike for Linux too.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 10721042
gheist, don't tell people the power of a 250kb program (vi), which they abandoned 20 years ago ;-))
0
 

Author Comment

by:ramble
ID: 10722407
Well, I undertood you were firing off a shell, but I wasn't sure what the:

$ .....

Which now, i presume, just means: etc...
0
 
LVL 61

Expert Comment

by:gheist
ID: 10723092
..... which means that you have unrestricted shell back.....
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
AIX 5.3 group password policy changes 7 27
How would you as a DBA (DB2) answer this question? 9 74
Hyper-threading config in Solaris 6 105
OpenLDAP Proxy to Active Directy 6 212
When you do backups in the Solaris Operating System, the file system must be inactive. Otherwise, the output may be inconsistent. A file system is inactive when it's unmounted or it's write-locked by the operating system. Although the fssnap utility…
Why Shell Scripting? Shell scripting is a powerful method of accessing UNIX systems and it is very flexible. Shell scripts are required when we want to execute a sequence of commands in Unix flavored operating systems. “Shell” is the command line i…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now