7aa8a021ea
* Support readonly vtysh for sudoers (#7383) Why I did it Support readonly version of the command vtysh How I did it Check if the command starting with "show", and verify only contains single command in script. * Fix the type issue in rvtysh
23 lines
746 B
Bash
Executable File
23 lines
746 B
Bash
Executable File
#!/bin/bash
|
|
|
|
# The command rvtysh can be run as root priviledge by any user without password, only allow to execute readonly commands.
|
|
|
|
# The options in the show command cannot contains any charactors to run multiple sub-commands potentially, such as "\n", "\r", "|", "&", "$" and ";".
|
|
if printf -- "$*" | grep -qPz '[\n\r|&$;]'; then
|
|
echo "Not allow to run the command, please use the comand 'sudo vtysh' instead." 1>&2
|
|
exit 1
|
|
fi
|
|
|
|
# The sub commands must start with "show"
|
|
LAST_PARAM=
|
|
for param in "$@"
|
|
do
|
|
if [ "$LAST_PARAM" == "-c" ] && [[ "$param" != show* ]]; then
|
|
echo "Not allow to run the command '$param', please use the comand 'sudo vtysh' instead." 1>&2
|
|
exit 1
|
|
fi
|
|
LAST_PARAM=$param
|
|
done
|
|
|
|
vtysh "$@"
|