Skip to content

Prevent command with a specific option to be run on your server

May 12, 2017Aurore Malherbes1 min read

One week ago, our production server was down for a few seconds because of the command supervisorctl reload had restarted the server.

Thus, I made some research to prevent the command to be run again with the reload option.

The first clue Stack Overflow gave me, was to create a new binary file with the name of this command and to change my path variable to override the native one.

This has side effects: your binary files can be used by other scripts that you don’t know of, or worse, you can introduce security breaches by changing the user’s rights of your binary file ... Moreover, this solution let you only override the whole command.

Finally, aliases saved my life (or at least, my server’s life).

To override a command, in your .bashrc file, create a function with the exact same name. For instance, if you want to make fun of one of your colleagues, you can do:

Capture d’écran 2017-05-12 à 14.28.48

More seriously, you can test the argument given to your command and specify different behaviours: and override the option(s) you want to: Capture d’écran 2017-05-12 à 14.30.51

If your command works with flags, you should use getopts, which have a nicer syntax.

With this trick you can prevent users to run --force, --rf and some other dangerous options on your production servers. But remember, as the joke shows, it’s just a safeguard, not a real security.

Please feel free to share your tips as well!