Confirmation prompt for chmod, chown

Question

I'm just trying to add a confirmation prompt to a few linux commands like chmod and chown.

I've tried to google this but I can't find much information on the topic.

While searching I found out that there is a solution for rm using the -i option, though that can be overwritten with -f

However there is safe-rm package which you can install on your server which blacklists certain important directories which is quite a good solution, but sadly there is no similar package for chmod and chown.

So my ideal solution would be where chmod and chown have confirmation prompts and also certain directories are blacklisted from being chmod-ed and chown-ed.

Any answers much appreciated !!!

Answer 1

The commands chown (1) and chmod (1) do not natively have sunch an option. If you want to add that functionality then you either:

1. Have to change the source and recompile.
2. Or write a wrapper.

The first option is the cleanest. The second the easier. If you get stuck writing that then you need a new question which is likely a better fit for [SO], but briefly:

1) move chmod somewhere else. e.g. mv /bin/chmod /bin/chmold.therealthing

2) Create an executable script called chmod which does what you want (and which calls the real chmod).

Untested something from a non-shell script person (aka me:)

#!/usr/bin/env bash
echo "/bin/chmod (Shell script) called with these arguments:"
echo $@

read -p "Are you sure you want to do this? (y/n) " RESPONSE
if [ "$RESPONSE" = "y" ]; then
    exec /bin/chmod.therealthing $@        
else
    echo "OK, aborting."
fi

if you want more granular control then the script rapidly becomes more complex. Stiill, of you wish you could parse the input and execute a chmod for every file (after checking for a valid syntax).

Answer 2

A solution in bash would be to use shell functions and aliases. You could put them in /etc/bashrc or ~/.bashrc if you only want them for specific users. Here's some function and alias definitions you could use to do something like what you asked.

DANGERLIST=/etc/dangerous.paths

_dangerouspath() {
        file=$(readlink -e "$1")
        [ -z "${file}" ] && return 1

        while read pattern
        do
                [[ "${file}" =~ ^${pattern}$ ]] && return 0
        done < ${DANGERLIST}

        return 1
}

_checkpaths() {
        shift
        while [ -n "$1" ]
        do
                [[ "X$1" =~ ^X[^-].* ]] && _dangerouspath $1 && return 0
                shift
        done

        return 1
}

_saferun() {
        p="$1"
        shift
        if _checkpaths $*
        then
                read -p "Are you sure you want to do this? (y/n) " r && [ "$r" = "y" ]  && $p $*
        else
                $p $*
        fi
}

alias chown="_saferun /bin/chown"
alias chgrp="_saferun /bin/chgrp"
alias chmod="_saferun /bin/chmod"

You'd need to create a list of paths you want to protect in "$DANGERLIST" (/etc/dangerous.paths) which would be something like

/
/home
/etc.*
/usr/bin.*
/bin.*