Question

有一些shell脚本问题。

在我们的办公室中，我们只设置了几个命令，当他们尝试ssh到服务器时可用于开发人员。它是在.ssh / authorized_keys文件和用户可用命令的帮助下配置的，有bash脚本：

#!/bin/sh


if [[ $1 == "--help" ]]; then
        cat <<"EOF"


        This script has the purpose to let people remote execute certain commands without logging into the system.
        For this they NEED to have a homedir on this system and uploaded their RSA public key to .ssh/authorized_keys (via ssh-copy-id)
        Then you can alter that file and add some commands in front of their key eg :

        command="/usr/bin/dev.sh",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty

        The user will do the following : ssh testuser@server tail testserver.example.com/2017/01/01/user.log

EOF

exit 0;
fi

# set global variable
set $SSH_ORIGINAL_COMMAND

# set the syslog path where the files can be found
PATH="/opt/syslog/logs"


# strip ; or any other unwanted signs out of the command, this prevents them from breaking out of the setup command
if [[ $1 != "" ]]; then
        COMMAND=$1
        COMMAND=${COMMAND//[;\`]/}
fi
if [[ $2 != "" ]]; then
        ARGU1=$2
        ARGU1=${ARGU1//[;\`]/}

fi
if [[ $3 != "" ]]; then
        ARGU2=$3
        ARGU2=${ARGU2//[;\`]/}
fi

if [[ $4 != "" ]]; then
        ARGU3=$4
        ARGU3=${ARGU3//[;\`]/}
fi

# checking for the commands
case "$COMMAND" in
   less)
        ARGU2=${ARGU1//\.\./}
        FILE=$PATH/$ARGU1
        if [ ! -f $FILE ]; then
                echo "File doesn't exist"
                exit 1;
        fi
        #echo " --------------------------------- LESS $FILE"
        /usr/bin/less $FILE
        ;;
   grep)
        if [[ $ARGU2 == "" ]]; then
                echo "Pls give a filename"
                exit 1
        fi
        if [[ $ARGU1 == "" ]]; then
                echo "Pls give a string to search for"
                exit 1
        fi
        ARGU2=${ARGU2//\.\./}
        FILE=$PATH/$ARGU2
        /usr/bin/logger -t restricted-command -- "------- $USER Executing grep $ARGU1 \"$ARGU2\" $FILE"
        if [ ! -f $FILE ]; then
                echo "File doesn't exist"
                /usr/bin/logger -t restricted-command -- "$USER Executing $@"
                exit 1;
        fi
        /bin/grep $ARGU1 $FILE

        ;;
   tail)
        if [[ $ARGU1 == "" ]]; then
                echo "Pls give a filename"
                exit 1
        fi
        ARGU1=${ARGU1//\.\./}
        FILE=$PATH/$ARGU1
        if [ ! -f $FILE ]; then
                echo "File doesn't exist"
                /usr/bin/logger -t restricted-command -- "$USER Executing $@ ($FILE)"
                exit 1;
        fi
        /usr/bin/tail -f $FILE
        ;;
   cat)
        ARGU2=${ARGU1//\.\./}
        FILE=$PATH/$ARGU1
        if [ ! -f $FILE ]; then
                echo "File doesn't exist"
                exit 1;
        fi
        /bin/cat $FILE
        ;;
   help)
        /bin/cat <<"EOF"

        # less LOGNAME (eg less testserver.example.com/YYYY/MM/DD/logfile.log)

        # grep [ARGUMENT] LOGNAME 

        # tail LOGNAME (eg tail testserver.example.com/YYYY/MM/DD/logfile.log)

        # cat LOGNAME (eg cat testserver.example.com/YYYY/MM/DD/logfile.log)

        In total the command looks like this : ssh user@testserver.example.com COMMAND [ARGUMENT] LOGFILE

EOF
        /usr/bin/logger -t restricted-command -- "$USER HELP requested $@"
        exit 1
        ;;
   *)
     /usr/bin/logger -s -t restricted-command -- "$USER Invalid command $@"
     exit 1
     ;;
esac

/usr/bin/logger -t restricted-command -- "$USER Executing $@"

问题是下一个：当我尝试执行某些命令时，它只需要第一个参数，如果我使用{n，n1，n2}在文件中进行递归 - 它不起作用：

[testuser@local ~]$ ssh testuser@syslog.server  less srv1838.example.com/2017/02/10/local1.log |grep 'srv2010' | wc -l
0
[testuser@local ~]$ ssh testuser@syslog.server  less srv2010.example.com/2017/02/10/local1.log |grep 'srv2010' | wc -l
11591
[testuser@local ~]$ ssh testuser@syslog.server  less srv{1838,2010}.example.com/2017/02/10/local1.log |grep 'srv2010' | wc -l
0
[testuser@local ~]$ ssh testuser@syslog.server  less srv{2010,1838}.example.com/2017/02/21/local1.log |grep 'srv2010' | wc -l
11591

有人可以帮助我，我如何解析\ count命令参数使其工作？谢谢你，祝你有愉快的一天！

Answer 1

bash脚本的参数数量为$#。作为一个简单的例子：

#!/bin/bash
narg=$#
typeset -i i
i=1

while [ $i -le  $narg ] ; do
    echo " $# $i: $1"
    shift
    i=$i+1
done

给出bash tst.sh a b {c,d}

 4 1: a
 3 2: b
 2 3: c
 1 4: d

在您的脚本中，要执行的命令（cat，less，...）仅显式地显示脚本的第二个参数。如果你想读取所有参数，你应该做这样的事情（注意：只提示，删除各种检查等等。）

command="$1"
shift
case $command in
(grep)  pattern="$1"
        shift 
        while [ $# -gt 0 ] ; do
            grep "$pattern" "$1"
            shift
        done
        ;;
esac

注意：在评论建议中添加了一些引号，但是，只是一个提示，您应该仔细查看引用和您自己脚本中的检查。

Answer 2

现在减少命令工作：

case "$COMMAND" in
   less)
        if [[ $ARGU1 == "" ]]; then
                echo "Pls give a filename"
                exit 1
        fi
        FILES_LIST=${@:2}
        FILE=(${FILES_LIST//\.\./})
        for v in "${FILE[@]}";do
                v=${v//[;\']/}
                if [ ! -f $v ]; then
                        echo "File doesn't exist"
                fi
                /usr/bin/less $PATH/$v
        done;;

tail命令也适用于2个或更多文件，但不幸的是我无法对两个文件执行tail -f命令。

无法将带有大括号扩展操作的字符串解析为命令

2 个答案: