Shulou(Shulou.com)06/01 Report--

This article will explain in detail the example analysis of the initialization mechanism in bash. Xiaobian thinks it is quite practical, so share it with you as a reference. I hope you can gain something after reading this article.

Bash initialization file

Interactive login shell

We can get a login shell in the following cases:

The top-level shell you get when you log in to the system, whether you log in through a local terminal or through network ssh. The login shell obtained in this case is an interactive shell.

Calling bash from the terminal with the--login option gives you an interactive login shell.

Call bash in script with--login option (e.g.#!/ bin/bash --login) to get a non-interactive login shell.

When su -switches to a specified user, gets the login shell for that user. If you don't use-, you get a non-login shell.

login shell starts by reading the/etc/profile global configuration, then looking for the ~/.bash_profile,~/.bash_login,~/.profile configuration files, and reading the first found and readable file.

Read and execute commands in ~/.bash_logout when login shell exits. If the profile exists but is not readable, an error message is displayed; if the file does not exist, bash automatically searches for the next file.

Global environment variables PATH, USER, MAIL, HOSTNAME, HISTSIZE, etc. are defined by default in the/etc/profile file, and the/etc/bashrc file (containing system-level shell functions and aliases), as well as all *.sh files in the/etc/profile.d path that are used to initialize specific programs, are automatically imported.

Interactive non-login shell

A non-login shell means you don't have to pass system authentication at startup. The terminal opened by the user in the GUI defaults to a non-login shell, which can be determined by the logout command:

#Open a terminal on the Ubuntu GUI desktop> logoutbash: logout: not login shell: use `exit'> bash --login> logout #Logout normally nothing will be output

Non-login shells only read ~/.bashrc resource files when initialized, and ~/.bashrc files are automatically loaded by ~/.bash_profile or ~/.profile, so to ensure that login shells and interactive non-login shells get the same configuration, environment variables are generally defined in ~/.bashrc files.

> echo "export sflag=\"login shell will see this message\"" >> ~/.profile > bash > echo $sflag #exit > bash --login > echo $sflag login shell will see this message > logout

noninteractive shell

Execution of scripts via bash starts the shell in a non-interactive manner, ensuring that the script is executed without user interference. When a non-interactive script starts, only files pointed to by the BASH_ENV variable are loaded. Note, however, that since PATH variables are not loaded by default by non-interactive shells, the value of the variable BASH_ENV should be an absolute path.

Special variables-You can view the current shell mode:

> echo $-himBHs #with 'i' is interactive shell

Another simple way to check is to check if the prompt environment variable PS1 exists in the current shell.

if [ -z "$PS1" ]; then echo "non-interactive";else echo "interactive";fi

special circumstances

compatibility mode

If bash is invoked with the sh command, bash is initialized as sh for compatibility. When launched as a login shell, bash reads the/etc/profile and ~/.profile configuration files in turn. When launched as a non-login shell, bash only reads files pointed to by the environment variable ENV.

POSIX mode

When bash is started by:

Set set -o posix or export POSIXLY_CORRECT=1

bash --posix

bash initializes as much as possible according to POSIX standards and reads only files pointed to by the environment variable ENV.

Remote boot script

The rshd remote boot script loads only ~/.bashrc files, but it is important to avoid remote commands such as rlogin, telnet, rsh, rcp, which transmit unencrypted plaintext information. If remote access is required, try to use SSH.

UID does not match EUID

When a process is created, it records the information it needs to run in task_struct. UID (real user ID) is used to record the ID of the user who created the process, EUID (effective user ID) is used to determine the access level of the current process to the file, generally UID = EUID. If the set-user-ID: SUID bit of an executable file is valid (e.g.: -rwsr-xr-x, x for user is replaced by s), it means that when the file is executed, the process has the permissions of the file owner rather than the executor (the value of EUID is the ID of the file owner).

If we set the set-user-id flag to the bash executable, then since its default owner is root, when bash is run by other non-root users, the UID of the process will not equal the EUID, in which case bash will not load any files during initialization for security reasons.

Restricted shell

Rbash or bash --restricted or bash -r will generate a shell with limited functionality when started, which is manifested as follows:

The cd command cannot be used and the command cannot contain/cd.

You cannot change the SHELL, PATH, ENV, and BASH_ENV environment variables

Parameters to the source command cannot contain files with/

hash -p The command used to alias a path must not include/in its arguments.

Initialization does not import functions from files and ignores SHELLOPTS

Redirection cannot be used

The exec command cannot be used.

Cannot add delete command with enable -f/-d

command -p cannot be used to specify the path required to run the command

Limit mode cannot be actively turned off

This function theoretically allows users to execute specified files in specified folders to complete limited functions, but if the environment variable is not set properly, the user can easily remove the restriction:

> rbash> cd /etcrbash: cd: restricted> bash> cd /etc #can be executed successfully because we are in bash environment at this time, there are no restrictions

An effective way to do this is to limit the commands that a new user can execute. For example, we can create a new ruser that can only execute ftp commands:

> useradd -s /bin/rbash ruser #Set the shell provided when the user logs in> chown -R root:ruser /home/ruser/.bashrc /home/ruser/.bash_profile#Set root to owner, ruser group is the group owner (default input ruser group for new ruser)> chmod 640 /home/ruser/.bashrc /home/ruser/.bash_profile# root can read and write, users in ruser group are read-only Other users can't do anything> mkdir /home/ruser/bin #Store user's executable file or link> echo "export PATH=/home/ruser/bin" > /home/ruser/.bash_profile> ln -s /user/bin/ftp /home/ruser/bin/ftp About" Example analysis of initialization mechanism in bash" This article is shared here, I hope the above content can be of some help to everyone, so that you can learn more knowledge, if you think the article is good, please share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.