Ubuntu – Is quoting filenames enough security for running `xargs sudo rm -rf`

bashcommand linermscriptsSecurity

I wrote a script that deletes all except the last two files in a folder:

#!/bin/bash
ls -1 --quoting-style=shell-always /path/to/some/folder \
    | head -n -2 \
    | xargs printf -- "'/path/to/some/folder/%s'\n" \
    | xargs sudo rm -rf

This script will be executed as a cron job every day.

The reasoning is as follows:

Obtain a list of all files using ls -1 (so that I get one file per line);
Remove the last two from the list using head -n -2;
Since ls prints relative paths, use the xargs printf thing to prepend the folder path and make it an absolute path;
Send them to sudo rm -rf using xargs.

Everyone has access to this folder, so anyone can create and delete any files in this folder.

The problem is: sudo rm -rf is scary. xargs sudo rm -rf is incredibly scary.

I want to be sure that no one can damage other folders/systems by creating clever files to be deleted (either accidentally or on purpose). I don't know, something clever like:

file with / spaces.txt

which could result in a super scary sudo rm -rf /.

EDIT: My mistake, file names cannot contain /, so this specific problem wouldn't happen, but the question about whether or not there are other risks still stands.

This is why I am using --quoting-style=shell-always, this should prevent any tricks with files with spaces. But now I am wondering if someone could be extra clever with spaces and quotes in the filename, perhaps.

Is my script safe?

Note: I need sudo because I am acessing the folder remotely (from a mapped network drive using mount), and I couldn't get it to work without sudo.

Best Answer

In Linux, any character is a valid filename constituting character except:

\0 (ASCII NUL): as used for string termination in C
/ (forward slash): as used for path separation

So, your approach will definitely not work in many cases as you can imagine e.g. does it handle a newline (\n) in filename? (Hint: No).

Few notes:

Don't parse ls; use dedicated tools (there is at least one for most use cases)
When dealing with filenames, try to leverage the NUL separated output provided by almost all GNU tools that work with such data
Take care when piping, make sure both programs can understand NUL separations
Whenever you're invoking xargs, see if you can get away with find ... -exec; in most cases, you will be fine with just find alone

I think these will get you going for now. steeldriver already provided the NUL separated idea in the comment (printf -- '%s\0' /path/to/some/folder/* | head -zn -2 | xargs -0 rm), use this as a starting point.

Related Solutions

Ubuntu – How to make the shell to recognize the file names returned by a `ls -A` command, and these names contain spaces

ls -A for me writes multiple filenames on one line, separated by white space. If you tried adding -1 as in ls -A1 that would output one filename per line, and might work better for you.

I've run into the same problems with spaces in filename, espeically when using find, but separating names with a null character handles spaces & newlines in filenames:
find (...) -print0 | xargs -0 (do stuff here)

But, if you just want to rename files you might consider man rename it can do things like:

For example, to rename all files matching "*.bak" to strip the extension,
you might say
     rename 's/\.bak$//' *.bak
To translate uppercase names to lower, you'd use
     rename 'y/A-Z/a-z/' *

Or for a gui solution for a few directories Thunar has a nice Rename Multiple Files interface that can do numbering how you're describing too. I just tried some filenames with spaces combined with find to Thunar and it seems to work:
find . -type f -print0 | xargs -0 thunar -B

Ubuntu – Why isn’t this script to delete part of the command history working on the computer

In one sentence: it doesn't work because you aren't calling it correctly.

First, since your script doesn't start with #!/bin/bash, it isn't actually a bash script. Which shell it is executed by depends on how you invoke it. When you invoke it from the bash command line, bash forks a new instance of itself (this has to happen to execute any external command anyway), and it's this new instance that executes the script. So the script is executed with the same settings (including the history so far) as the parent shell. It is executed with different options; in particular, history tracking is off for the commands in the script (which suits you, since otherwise it would add to the history that you want to modify).

Whether the bash instance executing the script has the HISTFILE variable set depends on whether it was exported in the parent (which is a little weird). If it isn't exported and thus set in the child, then the child script won't save the modified history when it ends.

If HISTFILE is exported, then the child script will modify your history file. However, unless you've configured your interactive shell to reload the history after every command, the modified history will only be picked up by newly started instances of bash.

If you want to run a shell snippet that affects the current shell instance, you must run that shell in the current shell instance, instead of running it as a subprocess. You'd run into a similar problem if you wanted to do other things that affect the shell process itself, such as changing directories, setting variables, etc. Use the . (“dot”) or source builtin to run a script in the current shell process.

. idelhistory 300 365

Alternatively, you could define this as a function in your .bashrc.

Best Answer

Related Solutions

Ubuntu – How to make the shell to recognize the file names returned by a `ls -A` command, and these names contain spaces

Ubuntu – Why isn’t this script to delete part of the command history working on the computer

Related Question