I just ssh-ed to some remote server and found that stdout and stderr of all commands/processes I am trying to run in bash is redirected to somewhere. So, I got following questions
我刚刚向某个远程服务器发送了sh-ed,发现我在bash中试图运行的所有命令/进程的stdout和stderr都被重定向到某个地方。我有几个问题。
How to detect:
如何检测:
1) Which file stdout, stderr is beeing rerouted in Linux?
1)stdout, stderr在Linux中被重新路由了吗?
and
和
2) And how reroute by default stdout and stderr back to /dev/tty?
2)如何在默认情况下重新路由stdout和stderr到/dev/tty?
Thank you in advance.
提前谢谢你。
4 个解决方案
#1
10
A command that should do literally what you asked for in (2) is
应该按照(2)中的要求执行的命令是
exec >/dev/tty 2>&1
But I suspect that your analysis of the problem is incorrect. It would be useful to see the output of ssh -v ... (where ... is whatever arguments you typed in your original ssh command).
但我怀疑你对这个问题的分析是错误的。可以看到ssh -v的输出…(在…是您在原始ssh命令中键入的任何参数)。
#2
8
The command:
命令:
ls -l /proc/$$/fd/{1,2}
will show you which files are open as stdout (file descriptor 1) and stderr (file descriptor 2).
将显示哪些文件是作为stdout(文件描述符1)和stderr(文件描述符2)打开的。
#3
1
It can only be done if your longing shell is started with a pipe to tee command with another console as a parameter.
只有当您渴望的shell以一个到tee命令的管道启动,并以另一个控制台作为参数时,才可以这样做。
Let me explain.
让我解释一下。
If you are logging in /dev/tty1 and someone else is logging in /dev/tty2. If you start your shell (bash) by following command all the STDOUT/STDERR will be rerouted/copied to another shell (/dev/tty2 in this case).
如果您正在登录/dev/tty1,而其他人正在登录/dev/tty2。如果您通过以下命令启动shell (bash),那么所有STDOUT/STDERR将被重新路由/复制到另一个shell(在本例中为/dev/tty2)。
bash 2>&1 | tee /dev/tty2
So, someone sitting in /dev/tty2 will see all of your activity.
所以,坐在/dev/tty2中的人会看到你所有的活动。
If someone logins shell is /bin/bash 2>&1 | tee /dev/tty2 instead of /bin/bash It'll happen every time he logs in. But I am not sure login shell can be set that way.
如果有人登录shell是/bin/bash 2>和1 | tee /dev/tty2而不是/bin/bash,每次他登录时都会发生这种情况。但是我不确定登录shell是否可以这样设置。
If someone reroutes all the output of your shell this way you can check it just by checking if any tee is running in background.
如果有人以这种方式重新运行shell的所有输出,您可以通过检查是否有任何tee在后台运行来检查它。
ps ax | grep tee
This will output something like
它会输出类似的东西
tee /dev/tty2
#4
1
An answer to your first question could be found in /proc/self/fd. It contains symlinks to the files (or other things, pipes, sockets, etc) that your bash instance is connected to.
第一个问题的答案可以在/proc/self/fd中找到它包含到您的bash实例连接到的文件(或其他东西、管道、套接字等)的符号链接。
root@mammon:~# ls -l /proc/self/fd
total 0
lrwx------ 1 root root 64 May 21 02:18 0 -> /dev/pts/3
lrwx------ 1 root root 64 May 21 02:18 1 -> /dev/pts/3
lrwx------ 1 root root 64 May 21 02:18 2 -> /dev/pts/3
lr-x------ 1 root root 64 May 21 02:18 3 -> /proc/15529/fd/
root@mammon:~# ls -l /proc/self/fd < /dev/null
total 0
lr-x------ 1 root root 64 May 21 02:18 0 -> /dev/null
lrwx------ 1 root root 64 May 21 02:18 1 -> /dev/pts/3
lrwx------ 1 root root 64 May 21 02:18 2 -> /dev/pts/3
lr-x------ 1 root root 64 May 21 02:18 3 -> /proc/15536/fd/
root@mammon:~# ls -l /proc/self/fd | cat
total 0
lrwx------ 1 root root 64 May 21 02:18 0 -> /dev/pts/3
l-wx------ 1 root root 64 May 21 02:18 1 -> pipe:[497711]
lrwx------ 1 root root 64 May 21 02:18 2 -> /dev/pts/3
lr-x------ 1 root root 64 May 21 02:18 3 -> /proc/15537/fd/
root@mammon:~#
In the first example, you can see the first 3 file descriptors (which are the standard output, input, and error, respectively) all point to my pseudo-terminal /dev/pts/3. In the second example I've redirected the input to /dev/null, so the standard input file descriptor points to /dev/null. And in the final example I've sent the output of ls to cat through a pipe, and the standard input file descriptor reflects this. As far as I know there is no way to find which process has the other end of the pipe. In all examples there is the fourth file descriptor that represents the handle that ls has for reading /proc/self/fd. In this case it says /proc/15537 because /proc/self is in fact a symlink to /proc/pid where pid is the PID of the process accessing /proc/self.
在第一个示例中,您可以看到前3个文件描述符(分别是标准输出、输入和错误)都指向我的伪终端/dev/pts/3。在第二个示例中,我将输入重定向到/dev/null,因此标准输入文件描述符指向/dev/null在最后一个示例中,我通过管道将ls的输出发送给cat,标准输入文件描述符反映了这一点。就我所知,没有办法找出哪个过程与管道的另一端有关系。在所有示例中,第四个文件描述符表示ls用于读取/proc/self/fd的句柄在这种情况下,它说/proc/15537,因为/proc/self实际上是/proc/pid的一个符号链接,其中pid是访问/proc/self的进程的pid
#1
10
A command that should do literally what you asked for in (2) is
应该按照(2)中的要求执行的命令是
exec >/dev/tty 2>&1
But I suspect that your analysis of the problem is incorrect. It would be useful to see the output of ssh -v ... (where ... is whatever arguments you typed in your original ssh command).
但我怀疑你对这个问题的分析是错误的。可以看到ssh -v的输出…(在…是您在原始ssh命令中键入的任何参数)。
#2
8
The command:
命令:
ls -l /proc/$$/fd/{1,2}
will show you which files are open as stdout (file descriptor 1) and stderr (file descriptor 2).
将显示哪些文件是作为stdout(文件描述符1)和stderr(文件描述符2)打开的。
#3
1
It can only be done if your longing shell is started with a pipe to tee command with another console as a parameter.
只有当您渴望的shell以一个到tee命令的管道启动,并以另一个控制台作为参数时,才可以这样做。
Let me explain.
让我解释一下。
If you are logging in /dev/tty1 and someone else is logging in /dev/tty2. If you start your shell (bash) by following command all the STDOUT/STDERR will be rerouted/copied to another shell (/dev/tty2 in this case).
如果您正在登录/dev/tty1,而其他人正在登录/dev/tty2。如果您通过以下命令启动shell (bash),那么所有STDOUT/STDERR将被重新路由/复制到另一个shell(在本例中为/dev/tty2)。
bash 2>&1 | tee /dev/tty2
So, someone sitting in /dev/tty2 will see all of your activity.
所以,坐在/dev/tty2中的人会看到你所有的活动。
If someone logins shell is /bin/bash 2>&1 | tee /dev/tty2 instead of /bin/bash It'll happen every time he logs in. But I am not sure login shell can be set that way.
如果有人登录shell是/bin/bash 2>和1 | tee /dev/tty2而不是/bin/bash,每次他登录时都会发生这种情况。但是我不确定登录shell是否可以这样设置。
If someone reroutes all the output of your shell this way you can check it just by checking if any tee is running in background.
如果有人以这种方式重新运行shell的所有输出,您可以通过检查是否有任何tee在后台运行来检查它。
ps ax | grep tee
This will output something like
它会输出类似的东西
tee /dev/tty2
#4
1
An answer to your first question could be found in /proc/self/fd. It contains symlinks to the files (or other things, pipes, sockets, etc) that your bash instance is connected to.
第一个问题的答案可以在/proc/self/fd中找到它包含到您的bash实例连接到的文件(或其他东西、管道、套接字等)的符号链接。
root@mammon:~# ls -l /proc/self/fd
total 0
lrwx------ 1 root root 64 May 21 02:18 0 -> /dev/pts/3
lrwx------ 1 root root 64 May 21 02:18 1 -> /dev/pts/3
lrwx------ 1 root root 64 May 21 02:18 2 -> /dev/pts/3
lr-x------ 1 root root 64 May 21 02:18 3 -> /proc/15529/fd/
root@mammon:~# ls -l /proc/self/fd < /dev/null
total 0
lr-x------ 1 root root 64 May 21 02:18 0 -> /dev/null
lrwx------ 1 root root 64 May 21 02:18 1 -> /dev/pts/3
lrwx------ 1 root root 64 May 21 02:18 2 -> /dev/pts/3
lr-x------ 1 root root 64 May 21 02:18 3 -> /proc/15536/fd/
root@mammon:~# ls -l /proc/self/fd | cat
total 0
lrwx------ 1 root root 64 May 21 02:18 0 -> /dev/pts/3
l-wx------ 1 root root 64 May 21 02:18 1 -> pipe:[497711]
lrwx------ 1 root root 64 May 21 02:18 2 -> /dev/pts/3
lr-x------ 1 root root 64 May 21 02:18 3 -> /proc/15537/fd/
root@mammon:~#
In the first example, you can see the first 3 file descriptors (which are the standard output, input, and error, respectively) all point to my pseudo-terminal /dev/pts/3. In the second example I've redirected the input to /dev/null, so the standard input file descriptor points to /dev/null. And in the final example I've sent the output of ls to cat through a pipe, and the standard input file descriptor reflects this. As far as I know there is no way to find which process has the other end of the pipe. In all examples there is the fourth file descriptor that represents the handle that ls has for reading /proc/self/fd. In this case it says /proc/15537 because /proc/self is in fact a symlink to /proc/pid where pid is the PID of the process accessing /proc/self.
在第一个示例中,您可以看到前3个文件描述符(分别是标准输出、输入和错误)都指向我的伪终端/dev/pts/3。在第二个示例中,我将输入重定向到/dev/null,因此标准输入文件描述符指向/dev/null在最后一个示例中,我通过管道将ls的输出发送给cat,标准输入文件描述符反映了这一点。就我所知,没有办法找出哪个过程与管道的另一端有关系。在所有示例中,第四个文件描述符表示ls用于读取/proc/self/fd的句柄在这种情况下,它说/proc/15537,因为/proc/self实际上是/proc/pid的一个符号链接,其中pid是访问/proc/self的进程的pid