0

I need to verify if a particular file system has the noexec option set.

For example /dev/shm. I am running the command in the following manner:

get_val=$(mount|grep /dev/shm )
if [[ -z get_val ]] ; then
   # Error
else
   value=$(echo "${get_val}" | cut -d " " -f 6 | grep noexec)
   if [ "${value}" = "" ]; then
     # Not set
   else
     # Set
    fi
fi

The value of get_val is something like devshm on /dev/shm type devshm (rw,noexec,nosuid,gid=5,mode=0620)

Next what I want to do is check if gid and mode has been set to a certain value. However, with the above procedure, I can only check if an option is set.

So I tried this:

echo "${get_val}"| cut -d " " -f 6 | awk -F, '{
if ($4 == "gid=123"){
print 1;
}
else
{ print 0;}
if ($5 == "mode=123)"){
print 1;
}
else
{ print 0;}'

However, this seems too hassle-ish and I am not sure what will be the better way to do this.

Also other parameters could be set in a filesystem such as nodev etc which would make $5 or $2 different.

any suggestions?

CoderBC
  • 1,262
  • 2
  • 13
  • 30

3 Answers3

1

Looks like you really should be turning to Awk even for the basic processing.

if mount | awk '$1 == "/dev/shm" && $6 ~ /(^|,)noexec(,|$)/ &&
    $6 ~ /(^|,)gid=123(,|$)/ && $6 ~ /(^|,)mode=123(,|$)/ { exit 0 }
  END { exit 1 }'
then
    echo fine
else
    echo fail
fi

The (^|,) and (,|$) anchors are to make sure the matches are bracketed either by commas or beginning/end of field, to avoid partial matches (like mode=1234).

Getting Awk to set its return code so it can be used idiomatically in an if condition is a little bit of a hassle, but a good general idea to learn.

tripleee
  • 175,061
  • 34
  • 275
  • 318
  • `/dev/shm` might not be the first argument output in the line, as you can see in the sample output i have provided – CoderBC Jun 24 '16 at 10:02
  • Right - convert to a regex then, or examine `$3` instead of `$1` if it's always the third field. – tripleee Jun 24 '16 at 10:11
0

Why not directly use globbing with [[:

[[ ${get_val} == *\(*gid=5*\)* ]] && echo 'Matched'

Similarly, with "mode=0620":

[[ ${get_val} == *\(*mode=0620*\)* ]] && echo 'Matched'

If you prefer Regex way:

[[ ${get_val} =~ \(.*gid=5.*\) ]] && echo 'Matched'
[[ ${get_val} =~ \(.*mode=0620.*\) ]] && echo 'Matched'
heemayl
  • 39,294
  • 7
  • 70
  • 76
  • There is a catch here: If the mountpoint path contains `gid=5` (say `/tmp/gid=5` or stupid `/dev/shm-who-uses-such-weird-names-gid=5`) these regex will match & give wrong results. So, we should match substring of `$get_val`, to match only the options part of the result... – anishsane Jun 22 '16 at 06:47
  • No, now this will return `Matched`, even if there is no match in the line. e.g. try with `get_val='devshm on /dev/shm type devshm (rw,noexec,nosuid,gid=5)'` `[[ ${get_val} == *(*mode=0620*)* ]] && echo 'Matched'` – anishsane Jun 22 '16 at 07:10
  • @anishsane Good catch, thanks. Forgot about the `extglob`-ing. Check now. – heemayl Jun 22 '16 at 07:14
  • `get_val='devshm on /dev/shm type devshm (rw,noexec,nosuid,gid=5)' [[ ${get_val} == *\(*gid=58*\)* ]] && echo 'Matched'` also matches – CoderBC Jun 22 '16 at 07:59
0

Sorry if this is stupid, but isn't it as simple as

mount | grep -E '^/dev/shm.*noexec' && value=1
((value)) && #Do something useful

If you wist to check multiple fields you can pipe the grep like below :

mount | grep -E '^/dev/shm.*noexec' \
| grep -E 'gid=5.*mode=0620|mode=0620.*gid=5' >/dev/null && value=1

((value==1)) && #Do something useful
Мона_Сах
  • 322
  • 3
  • 12