Linux - 专用登陆机器上,禁止指定命令运行
需求来源
在登陆机器上,禁止指定命令运行,以确保这类机器足够流畅。
需求分析
(本例演示需要)假设需要禁止的命令有sleep
与matlab
。
程序设计
代码实现
#!/bin/bash
# Author: thesre
# Date: 2021.01.01
# singleton
[ "${FLOCKER}" != "$0" ] && exec env FLOCKER="$0" flock -en "$0" "$0" "$@" || :
cmds_to_kill="sleep matlab"
# convert 'command01 commnand02' to '\\<command01\\>|\\<command02\\>'
pattern_to_kill='\\<'`echo "$cmds_to_kill"|sed -e 's#^\s*##g' -e 's#\s*$##g'|sed -r 's#\s+#\\\\\\\\>|\\\\\\\\<#g'`'\\>'
#echo $pattern_to_kill
# get all process which need to be killed.
procs=`ps -N -u root -o pid,user,comm,tty,args:256 | awk -v pat="$pattern_to_kill" '$3 ~ pat {print}'`
#echo "$procs"
# check
[[ -z "$procs" ]] && echo "No process to be killed at this time." && exit 0
while read proc
do
pid=`echo $proc | awk '{print $1}'`
cmd=`echo $proc | awk '{print $3}'`
tty=`echo $proc | awk '{print $4}'`
pids="$pid $pids"
# kill gracefully by sending SIGTERM
kill $pid
#echo kill $pid
[[ $tty != '?' ]] && echo "$cmd has been killed because it's not allowed to be run on this dedicated host." > /dev/$tty
done <<< "$procs"
# in case of some process haven't been killed yet.
sleep 30
kill -9 $pids