I have a server with a very limited used whom I want to be able to run two very specific (and custom) instructions through SSH. In order to do that, I have set the shell for that limited user to be a custom BASH script that will only accept those two "commands".
This is the /etc/passwd for that user:
limited:x:1000:1000:,,,:/home/limited:/usr/sbin/limited_shell.bash
This is the limited_shell.bash script (well, what I have so far, which is not working properly):
#!/bin/bash
readonly RECORDER_SCRIPT="/usr/sbin/record.py"
echo "Verifying params: \$1: $1, \$2: $2"
shift
case $1 in
[0-9]*)
nc -z localhost $1 < /dev/null >/dev/null 2>&1
result=$?
if [[ $result -eq 0 ]]
then
echo "O"
else
echo "C"
fi
exit $result
;;
record)
$RECORDER_SCRIPT ${*:3}
exit $?
;;
*)
exit 0
;;
esac
exit 0
As you might deduce from the script, the two commands I want limited_shell.bash to accept are: a number and a "record" string. When limited_shell.bash is called with a number, it will return whether it corresponds with an opened or closed local port. The other allowed command triggers a call to a python script (/usr/sbin/record.py) which then records some video from an input. This second command needs to be called with extra arguments, and that's where the problems start.
When, in another machine I try to remotely execute the record command...
ssh [email protected] record -option1 foo -option2 bar
... what actually arrives to limited_shell.bash is: -c 'record -option1 foo -option2 bar' (technically two arguments, one of them being -c and the second one being the whole string command+args that I want to execute)
I thought about shifting the first argument (the -c), and split the second argument (the actual record command with arguments) by space, but that is dirty and will give me a lot of troubles if one of the parameters I want to pass to the record.py script is an string containing an space.
What is the right way of parsing the commands? I'm sure there has to be a better way than shifting and splitting.
