X-Git-Url: https://git.madduck.net/code/molly-guard.git/blobdiff_plain/048c6a97f910e0dc1401015065cf56ff9bc86e19..ac6d0fc0d68fb8e81bc815eb65808a820e2bac07:/shutdown?ds=sidebyside diff --git a/shutdown b/shutdown index 2489827..be733b7 100755 --- a/shutdown +++ b/shutdown @@ -1,15 +1,16 @@ #!/bin/sh # -# shutdown -- wrapper script to prevent erroneous shutdowns via SSH +# shutdown -- wrapper script to guard against accidental shutdowns # # Copyright © martin f. krafft # Released under the terms of the Artistic Licence 2.0 # -# $Id: shutdown 299 2006-10-16 14:40:47Z madduck $ -# set -eu ME=molly-guard +VERSION=0.4 +SCRIPTSDIR=/etc/molly-guard/run.d +SCRIPTSDIR="${0%/*}/run.d" CMD="${0##*/}" EXEC="/sbin/$CMD" @@ -34,29 +35,31 @@ esac usage() { cat <<-_eousage - Usage: $ME [options] + Usage: $ME [options] [-- script options] (shielding $EXEC) + + molly-guard's primary goal is to guard against accidental + shutdowns/reboots. $ME will run all scripts in $SCRIPTSDIR and only + invokes $EXEC if all scripts exited successfully. + + Specifying --molly-guard-do-nothing as argument to the command will + make $ME echo the command it would execute rather than actually + executing it. - Instead of invoking $EXEC directly, $ME will prompt the user for the - machine's hostname to guard against accidental shutdowns/reboots, if the - current shell is a child of an SSH connection (or --pretend-ssh) has been - given on the command line, if the shell is connected to an interactive - terminal, and the actual command to execute is does not involve --help or is - \`shutdown -c'. + Options following the double hyphen will be passed unchanged to the + scripts. - Only if the user enters the machine's hostname correctly will $ME take - action. Specifying --molly-guard-do-nothing as argument to the command will - make $ME echo the command it would execute rather than actually executing - it. + Please see molly-guard(8) for more information. The actual command's help output follows: _eousage } -ARGS= +CMDARGS= +SCRIPTARGS= +END_OF_ARGS=0 DO_NOTHING=0 -PRETEND_SSH=0 for arg in "$@"; do case "$arg" in (*-molly-guard-do-nothing) DO_NOTHING=1;; @@ -65,18 +68,24 @@ for arg in "$@"; do eval $EXEC --help 2>&1 exit 0 ;; - (*-pretend-ssh) PRETEND_SSH=1;; - *) ARGS="${ARGS:+$ARGS }$arg";; + --) END_OF_ARGS=1;; + *) + if [ $END_OF_ARGS -eq 0 ]; then + CMDARGS="${args:+$args }$arg" + else + SCRIPTARGS="${args:+$args }--arg $arg" + fi + ;; esac done do_real_cmd() { if [ $DO_NOTHING -eq 1 ]; then - echo "$ME: would run: $EXEC $ARGS" + echo "$ME: would run: $EXEC $CMDARGS" exit 0 else - eval exec $EXEC "$ARGS" + eval exec $EXEC "$CMDARGS" fi } @@ -84,45 +93,26 @@ if [ $DO_NOTHING -eq 1 ]; then echo "I: demo mode; $ME will not do anything due to --molly-guard-do-nothing." fi -# require an interactive terminal connected to stdin -test -t 0 || do_real_cmd - -# only run if we are being called over SSH, that is if the current terminal -# was created by sshd. -PTS=$(readlink /proc/$$/fd/0) -if ! pgrep -f "^sshd.+${PTS#/dev/}[[:space:]]*$" >/dev/null; then - if [ $PRETEND_SSH -eq 1 ]; then - echo "I: this is not an SSH session, but --pretend-ssh was given..." - else - do_real_cmd - fi -else - echo "W: $ME: SSH session detected!" -fi - # pass through certain commands -case "$CMD $ARGS" in - (*shutdown\ *-c*) - echo "I: executing $CMD $ARGS regardless of SSH session." +case "$CMD $CMDARGS" in + (*shutdown\ *-c*) + # allow canceling shutdowns + echo "I: executing $CMD $CMDARGS regardless of check results." do_real_cmd ;; esac -HOSTNAME="$(hostname --short)" +MOLLYGUARD_CMD=$CMD; export MOLLYGUARD_CMD +MOLLYGUARD_DO_NOTHING=$DO_NOTHING; export MOLLYGUARD_DO_NOTHING +MOLLYGUARD_SETTINGS="/etc/default/$ME"; export MOLLYGUARD_SETTINGS -sigh() -{ - echo "Good thing I asked; I won't $CMD $HOSTNAME ..." - exit 2 -} - -trap 'echo;sigh' 1 2 3 9 10 12 15 - -echo -n "Please type in hostname of the machine to $CMD: " -read HOSTNAME_USER || : - -[ "$HOSTNAME_USER" = "$HOSTNAME" ] || sigh - -trap - 1 2 3 9 10 12 15 +for script in $(run-parts --test $SCRIPTSDIR); do + ret=0 + eval $script $SCRIPTARGS || ret=$? + if [ $ret -ne 0 ]; then + echo "W: aborting $CMD due to ${script##*/} exiting with code $ret." + exit $ret + fi +done do_real_cmd