Prevent command with a specific option to be run on your server

Prevent command with a specific option to be run on your server

One week ago, our production server was down for a few seconds because the command supervisorctl reload had restarted the server.

Thus, I made some research to prevent the command to be run again with the reload option.

The first clue Stack Overflow gave me, was to create a new binary file with the name of this command and to change my path variable to override the native one. This has side effects: your binary files can be used by other scripts that you don’t know of, or worse, you can introduce security breaches by change the the user’s rights of your binary file … Moreover, this solution let you only override the whole command.

Finally, aliases saved my life (or at least, my server’s life).

To override a command, in your .bashrc file, create a function with the exact same name. For instance if you want to make fun of one of your colleagues, you can do:

Capture d’écran 2017-05-12 à 14.28.48

More seriously, you can test the argument given to your command and specify different behaviours: and override the option(s) you want to:

Capture d’écran 2017-05-12 à 14.30.51

If your command works with flags, you should use getopts, which have a nicer syntax.

With this trick you can prevent users to run --force, --rf and some other dangerous options on your production servers. But remember, as the joke shows, it’s just a safeguard, not a real security.

Please feel free to share your tips as well!


You liked this article? You'd probably be a good match for our ever-growing tech team at Theodo.

Join Us

  • Aurelien

    Nice. It will help to test an alias for “rm -rf” that asks the user to double check what she is doing since it’s a prod server :)