Prevent command with a specific option to be run on your server
Aurore Malherbes2 min read
One week ago, our production server was down for a few seconds because of the command supervisorctl reload
had restarted the server.
Thus, I made some research to prevent the command to be run again with the reload option.
The first clue Stack Overflow gave me, was to create a new binary file with the name of this command and to change my path variable to override the native one.
This has side effects: your binary files can be used by other scripts that you don’t know of, or worse, you can introduce security breaches by changing the user’s rights of your binary file … Moreover, this solution let you only override the whole command.
Finally, aliases saved my life (or at least, my server’s life).
To override a command, in your .bashrc file, create a function with the exact same name. For instance, if you want to make fun of one of your colleagues, you can do:
More seriously, you can test the argument given to your command and specify different behaviours: and override the option(s) you want to:
If your command works with flags, you should use getopts, which have a nicer syntax.
With this trick you can prevent users to run --force
, --rf
and some other dangerous options on your production servers. But remember, as the joke shows, it’s just a safeguard, not a real security.
Please feel free to share your tips as well!