Shulou(Shulou.com)06/02 Report--

This article mainly introduces the detailed explanation of the initialization mechanism in bash, which is introduced in great detail through the sample code, which has a certain reference value for everyone's study or work. Bash initialization File Interactive login shell

We can get a login shell in the following cases:

The top-level shell you get when logging in to the system, whether you log in through a local terminal or through a network ssh. The login shell obtained in this case is an interactive shell.

Call bash under the terminal with the-- login option to get an interactive login shell.

Call bash with the-- login option in the script (for example: #! / bin/bash-- login) to get a non-interactive login shell.

Use su-when you switch to a specified user, get the login shell for that user. If you don't use -, you get non-login shell.

When login shell starts, it first reads the global configuration of / etc/profile system, then looks for ~ / .bash_profile, ~ / .bash_login, ~ / .profile configuration files in turn, and reads the first found and readable file.

Read and execute the commands in ~ / .bash_logout when login shell exits. If the configuration file exists but is not readable, an error message is displayed; if the file does not exist, bash automatically searches for the next file.

Global environment variables such as PATH, USER, MAIL, HOSTNAME, HISTSIZE, etc. are defined by default in the / etc/profile file, and the / etc/bash.bashrc file (including system-level shell functions and aliases) is automatically imported, as well as all * .sh used for initialization for a specific program under the / etc/profile.d path.

Interactive non-login shell

Non-login shell means that you do not have to authenticate the system at startup. The terminal opened by a user in GUI defaults to non-login shell, which can be determined by the logout command:

# Open a terminal on the Ubuntu GUI desktop > logoutbash: logout: not login shell: use `exit' > bash-- login > logout # nothing will be output if you log out normally

Non-login shell only reads ~ / .bashrc resource files during initialization, and ~ / .bashrc files are automatically loaded by ~ / .bashrc or ~ / .profile, so in order to ensure that login shell and interactive non-login shell have the same configuration, environment variables are generally defined in ~ / .bashrc files.

> echo "export sflag=\" login shell will see this message\ "> > ~ / .profile > bash > echo $sflag # if this variable is not found, a blank line will be printed > exit > bash-- login > echo $sflag login shell will see this message > logout non-interactive shell

When the script is executed through the bash command, shell is started in a non-interactively manner, which ensures that the script will not be interfered with by the user during the execution of the script. When a non-interactive script starts, only the files pointed to by the BASH_ENV variable are loaded. Note, however, that since the PATH variable is not loaded by non-interactive shell by default, the value of the variable BASH_ENV should be an absolute path.

Through special variables-you can view the mode of the current shell:

> echo $- himBHs # with'i' is interactive shell

Another simple way is to check whether the prompt environment variable PS1. Exe exists in the current shell.

If [- z "$PS1"]; then echo "non-interactive"; else echo "interactive"; fi special case compatibility mode

If you call bash with the command sh, bash is initialized in the same way as sh to ensure compatibility. When starting as login shell, bash reads the / etc/profile and ~ / .profile configuration files in turn. When starting as non-login shell, bash reads only the files pointed to by the environment variable ENV.

POSIX mode

When bash is started in the following ways:

Set set-o posix or export POSIXLY_CORRECT=1bash-- posix

Bash initializes as much as possible according to the POSIX standard, reading only the files pointed to by the environment variable ENV.

Remote startup script

Only ~ / .bashrc files are loaded when using rshd remote startup scripts, but be careful not to use remote commands such as rlogin, telnet, rsh, rcp, etc., as these commands transfer unencrypted plaintext information. Try to use SSH if you need remote access.

UID and EUID do not match

The information that the process needs to run is recorded in task_struct when the process is created. Where UID (real user ID) is used to record the ID,EUID (valid user ID) of the user who created the process, which is used to determine the access level of the current process to the file. In general, UID = EUID. If the executable's set-user-ID: SUID bit is valid (for example:-rwsr-xr-x, the user's x is replaced with s), it means that when the file is executed, the process has the permissions of the file owner rather than the executor (the value of EUID is the file owner's ID).

If we set the set-user-id flag for the bash executable, because its default owner is root, when other non-root users run bash, the UID of the process will not be equal to EUID. In this case, for security, bash will not load any files during the initialization phase.

Restricted shell

When you start through rbash or bash-- restricted or bash-r, you will generate a shell with limited functionality, as shown in:

The cd command cannot be used and the command cannot contain /

SHELL, PATH, ENV, and BASH_ENV environment variables cannot be changed

The argument of the source command cannot contain a file with /

Hash-p cannot include / in the arguments of the command used to alias the path

Functions in the file are not imported and SHELLOPTS is ignored during initialization

Cannot use redirection

You cannot use the exec command

You cannot add delete commands using enable-fplink.

You cannot use command-p to specify the path needed to run a command

Cannot actively turn off restricted mode

This feature theoretically allows the user to execute specified files within a specified folder to perform limited functions, but if the environment variable is not set properly, the user can easily release the restriction:

> rbash > cd / etcrbash: cd: restricted > bash > cd / etc # can be executed successfully, because there are no restrictions in the bash environment at this time.

An effective approach is to limit the commands that can be executed by new users. For example, we can create a new ruser that can only execute ftp commands:

> useradd-s / bin/rbash ruser # set shell provided when user logs in > chown-R root:ruser / home/ruser/.bashrc / home/ruser/.bash_profile# set root as owner, ruser group as group owner (new ruser default input ruser group) > chmod 640s / home/ruser/.bashrc / home/ruser/.bash_profile# root can read and write, users in ruser group can only read and write Other users can do nothing > mkdir / home/ruser/bin # Store the user's executable files or links > echo "export PATH=/home/ruser/bin" > > / home/ruser/.bash_profile > ln-s / user/bin/ftp / home/ruser/bin/ftp

So much for this article on the detailed explanation of the initialization mechanism in bash.

Original address: https://www.linuxprobe.com/bash-initialization-mechanism.html

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.