bash lore: NUL character and variables

vaab — Sat, 03 May 2014 10:29:27 +0000

Bash variables are often thought as being able to store any binary content.

Please bear in mind that it can't store NUL character, and only this one.

Here you are:

$ ascii_table() { echo -en "$(echo '\'0{0..3}{0..7}{0..7} | tr -d " ")"; }
$ ascii_table | hd
00000000  00 01 02 03 04 05 06 07  08 09 0a 0b 0c 0d 0e 0f  |................|
00000010  10 11 12 13 14 15 16 17  18 19 1a 1b 1c 1d 1e 1f  |................|
00000020  20 21 22 23 24 25 26 27  28 29 2a 2b 2c 2d 2e 2f  | !"#$%&'()*+,-./|
00000030  30 31 32 33 34 35 36 37  38 39 3a 3b 3c 3d 3e 3f  |0123456789:;<=>?|
00000040  40 41 42 43 44 45 46 47  48 49 4a 4b 4c 4d 4e 4f  |@ABCDEFGHIJKLMNO|
00000050  50 51 52 53 54 55 56 57  58 59 5a 5b 5c 5d 5e 5f  |PQRSTUVWXYZ[\]^_|
00000060  60 61 62 63 64 65 66 67  68 69 6a 6b 6c 6d 6e 6f  |`abcdefghijklmno|
00000070  70 71 72 73 74 75 76 77  78 79 7a 7b 7c 7d 7e 7f  |pqrstuvwxyz{|}~.|
00000080  80 81 82 83 84 85 86 87  88 89 8a 8b 8c 8d 8e 8f  |................|
00000090  90 91 92 93 94 95 96 97  98 99 9a 9b 9c 9d 9e 9f  |................|
000000a0  a0 a1 a2 a3 a4 a5 a6 a7  a8 a9 aa ab ac ad ae af  |................|
000000b0  b0 b1 b2 b3 b4 b5 b6 b7  b8 b9 ba bb bc bd be bf  |................|
000000c0  c0 c1 c2 c3 c4 c5 c6 c7  c8 c9 ca cb cc cd ce cf  |................|
000000d0  d0 d1 d2 d3 d4 d5 d6 d7  d8 d9 da db dc dd de df  |................|
000000e0  e0 e1 e2 e3 e4 e5 e6 e7  e8 e9 ea eb ec ed ee ef  |................|
000000f0  f0 f1 f2 f3 f4 f5 f6 f7  f8 f9 fa fb fc fd fe ff  |................|
00000100

But:

$ echo -n "$(ascii_table)" | hd
00000000  01 02 03 04 05 06 07 08  09 0a 0b 0c 0d 0e 0f 10  |................|
00000010  11 12 13 14 15 16 17 18  19 1a 1b 1c 1d 1e 1f 20  |............... |
00000020  21 22 23 24 25 26 27 28  29 2a 2b 2c 2d 2e 2f 30  |!"#$%&'()*+,-./0|
00000030  31 32 33 34 35 36 37 38  39 3a 3b 3c 3d 3e 3f 40  |123456789:;<=>?@|
00000040  41 42 43 44 45 46 47 48  49 4a 4b 4c 4d 4e 4f 50  |ABCDEFGHIJKLMNOP|
00000050  51 52 53 54 55 56 57 58  59 5a 5b 5c 5d 5e 5f 60  |QRSTUVWXYZ[\]^_`|
00000060  61 62 63 64 65 66 67 68  69 6a 6b 6c 6d 6e 6f 70  |abcdefghijklmnop|
00000070  71 72 73 74 75 76 77 78  79 7a 7b 7c 7d 7e 7f 80  |qrstuvwxyz{|}~..|
00000080  81 82 83 84 85 86 87 88  89 8a 8b 8c 8d 8e 8f 90  |................|
00000090  91 92 93 94 95 96 97 98  99 9a 9b 9c 9d 9e 9f a0  |................|
000000a0  a1 a2 a3 a4 a5 a6 a7 a8  a9 aa ab ac ad ae af b0  |................|
000000b0  b1 b2 b3 b4 b5 b6 b7 b8  b9 ba bb bc bd be bf c0  |................|
000000c0  c1 c2 c3 c4 c5 c6 c7 c8  c9 ca cb cc cd ce cf d0  |................|
000000d0  d1 d2 d3 d4 d5 d6 d7 d8  d9 da db dc dd de df e0  |................|
000000e0  e1 e2 e3 e4 e5 e6 e7 e8  e9 ea eb ec ed ee ef f0  |................|
000000f0  f1 f2 f3 f4 f5 f6 f7 f8  f9 fa fb fc fd fe ff     |...............|
000000ff

So bash variables (and $(...) idiom) are reasonably strong: if you know your content hasn't any NUL characters you can safely use them. All this is probably linked to the fact that command line arguments cannot hold NUL characters neither, a common string termination in C programs.

If you really need to store full binary content in a bash variable, you should think about encoding it (base64, xxd, or any format of yours).

Please understand that bash might also be able to do what you want without using variables but only pipes (stdin and stdout). They won't suffer from this limitation of course.

Using ACL on linux system to mimic samba’s “force user”

vaab — Sat, 21 May 2011 18:05:49 +0000

I'm using samba to share files across a network. I found force user and force group very usefull in a classical team working together on project.

This is the sample /etc/samba/smb.conf:

...
force user = %U
force group = dev-team
create mask = 0775
directory mask = 0775
force create mode = 0660
force directory mode = 0660
...

It ensures that any file created will receive full read, write permission for member of "dev-team" group.

But I have bunch of the user that have a direct access to these directory. And without going through samba, the policy is not enforced.

The solution is quite simple and involves linux ACL.

Install ACL

Your system should already have package acl installed. You can install it (or make sure you already have it) by typing:

apt-get install acl

Then you should edit your /etc/fstab to contain the option acl on the mounted partition you need to get. My fstab looks like:

...
UUID=9cd6deba-e3a6-427c-82e1-48cfaf0793b1 /shares ext4 defaults,acl 0 2
...

Once the /etc/fstab edited, you can remount your partition on the fly with:

mount -o remount /shares

Using ACL

I can mimick the behavior of samba's policy by simply typing:

setfacl -R -d -m u::rwx,g:dev-team:rwx,o::r-x /shares

Options are:

`-R`	is the same than -R for chown or chmod ... it will apply to subdirectory also.
`-d`	is switching to default permissions for newly created files.
`-m`	is adding the following permission rules that are expressed as: u::rwx same as chmod u+rwx g:dev-team:rwx same as chgrp dev-team AND chmod g+rwx o::r-x same as chmod o+rx

You can check ACLs of a given directory with getfacl:

$ getfacl /shares
# file: shares/assistance/
# owner: musicalta
# group: assistance
# flags: -s-
user::rwx
group::rwx
other::r-x
default:user::rwx
default:group::rwx
default:group:dev-team:rwx
default:mask::rwx
default:other::r-x

If you need more info on the topic, this blog post was of some help.

http://brunogirin.blogspot.com/2010/03/shared-folders-in-ubuntu-with-setgid.html

Valentin's Lab » linux

bash lore: NUL character and variables

Using ACL on linux system to mimic samba’s “force user”

Install ACL

Using ACL