Protecting your shell prompt when accessing a chroot

If you run any chroot environments such as schroot, they will generally set your prompt as a reminder that you are actually running within a chroot. For example with schroot, I have:

$ schroot -c oneiric
(oneiric):~$ echo hello
hello
(oneiric):~$ exit
$


When you're in the chroot, you get the chroot name prepended to the prompt (here "(oneiric)"). But if you play tricks with your prompt variables (PS1, PS2, etc) using maybe the magic bash PROMPT_COMMAND variable, you need to take care. I use screen, tmux, or byobu so need to take twice the amount of care since:

  • I modify my prompt quite extensively
  • I only have 1 window which multiplexes all my terminals
    (it's easier to make a mistake :)
The problem is that if you forget which window you're in, you may end up modifying the wrong environment - installing packages in a minimal chroot rather than in your main (non-chroot) environment, or maybe trashing your live system rather than a throw-away chroot!


The solution I've adopted is extremely simple: make use of the a simple shell feature that really should get more air-time: read-only variables. Simply modify the prompt variables in your chroot to be read-only. Once done, their value cannot be changed, so they will always show you that you're in a chroot.

To create a read-only variable with bash, use "typeset -r". For example:

$ typeset -r foo=bar
$ echo $foo
bar
$ foo=hello
bash: foo: readonly variable
$ echo $?
1
$

Here's a script fragment I run whenever I create a new chroot:

for file in /srv/chroots/*/etc/bash.bashrc
do
  grep "^PS1=.*debian_chroot" $file &>/dev/null
  if [ $? -eq 0 ]
  then
    # make variable read-only to ensure my clever prompt setting (with
    # screen, etc) don't overwrite the chroot prompt!!
    sudo sed -i 's/^\(PS1=.*$\)/typeset -r \1/g' $file
  else
    echo "ERROR: You need to ensure PS1 shows chroot name" >&2
    exit 1
  fi
done

Now, when I enter a chroot from an environment that attempts to change my prompt I get:

$ schroot -c oneiric
-bash: PS1: readonly variable
(oneiric):~$

The message is bash telling me (well, my scripts) that it will not honour the request to change the value of PS1. Yeah, it's slightly icky seeing this warning message, but it's a good reminder of what is going on.

Read-only variables have other uses, particularly for sysadmins that wish to constrain a users activities. For example, it is possible to "lock-down" PATH by making it a read-only variable. However, it's easy to get tripped up with read-onlies:

$ echo $PWD
/home/james
$ typeset -r PWD
$ cd /
-bash: PWD: readonly variable
$ echo $PWD
/home/james
$ pwd
/
$

Oops! :)

Comments

Post a Comment

Popular posts from this blog

Byobu Bling with Unicode Custom Indicators

Image
Introduction In these heady times of almost daily advances in UI pizzazz, you could be forgiven for thinking the terminal is somewhat of a dead-zone when it comes to excitement. Oh how wrong you would be though...! If you've never used  Byobu ,  Dustin's  awesome text-based window manage, sudo apt-get install it without delay to be bathed in pure terminal goodness. As shown below, byobu comes with a whole host of standard indicators, allowing the display of useful snippets of information. The indicators are minimal out of terminal-width real estate necessity, but that's also their strength - they provide just the details you really care about in a tight ASCII format. And they're cute of course :-) However, byobu has a well-kept secret: when running with the tmux backend, it supports Unicode indicators. So with the proviso that you are running " byobu-tmux " rather than " byobu-screen ", you can squeeze down those indicators even further...
Read more

Procenv 0.46 - now with more platform goodness

I have just released procenv version 0.46 . Although this is a very minor release for the existing platforms (essentially 1 bug fix), this release now introduces support for a new platform... Darwin Yup - OS X now joins the ranks of supported platforms. Although adding support for Darwin was made significantly easier as a result of the recent internal restructure of the procenv code, it did present a challenge: I don't own any Apple hardware. I could have borrowed a Macbook, but instead I decided to see this as a challenge: Could I port procenv to Darwin without actually having a local Apple system?  Well, you've just read the answer, but how did I do this? Stage 1: Docker Whilst surfing around I came across this interesting docker image: https://hub.docker.com/r/andrewd/osxcross/ It provides a Darwin toolchain that I could run under Linux. It didn't take very long to follow my own instructions on porting procenv to a new platform . But although I...
Read more

Upstart User Sessions in Ubuntu Raring

Image
Overview Ubuntu Raring now includes Upstart 1.8 . Upstart 1.7 and 1.8 combined mark a major milestone since they bring the proven power of Upstart to the user as never before: not only is Upstart now managing the system, but it is also capable of managing the default Ubuntu user's desktop sessions too. Why? Question:  Why reuse a system facility at the user level in this way? The modern Linux desktop environment is a very dynamic one: users start and stop applications, switch workspaces, search the dash, adjust personal settings in the panel, connect to different networks, hot-plug USB devices and so on. All of these activities can be represented by "events". Stepping back a second, recall that Upstart was written  from the outset  to take advantage of  the dynamic nature of a modern Linux system . Long gone are the days when a system booted serially. A modern Linux system abounds with "events" from all sorts of different sources: The user plugs or ...
Read more