How to disable vim commands in vimrc to secure vim [closed] - command

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I'm trying to disable the 'r' and 'o' commands in vim so people who use it can't open other files from within vim.
I tried to use the cmap r <Nop> and cmap o <Nop>, which work but have an undesirable side-effect... those 2 letters can never be used in vim command line nor when searching for something...
If you try to search for the word, "word" the search line displays: /wd.
So is there another way to disable opening files from with vimrc ?

If you really want to secure Vim (and not just provide a superficial appearance of certain disallowed features), you have to remove those features from the source code and compile (and test!) a limited version of Vim. (Or maybe you can use a operating-system wrapper that sandboxes the Vim process and filters certain system calls, but I don't know any such thing.)
Any Vimscript obstruction can be circumvented: Your remappings can be undone via :cunmap, any more elaborate protection in Vimscript can be stopped by pressing <C-c> at the right time.

You can launch Vim with a flag:
$ vim -R (readonly)
$ vim -Z (restricted)
$ vim -m (no writing)
$ vim -M (no text modification)
But none of those will block :e or :r or any of the myriad of similar commands. And… the ~/.vimrc could probably be edited with nano or whatever to remove any eventual command anyway.
What about completely sandboxing Vim or its user?
What about explaining why you would want that?

If you want to allow editing of a specific file with root permissions, without allowing commands or editing of other files (as you've now indicated in a separate comment), why don't you do this as outlined in man 8 sudoedit:
Temporary copies are made of the files to be edited
with the owner set to the invoking user.
The editor specified by the policy is run to edit the
temporary files. The sudoers policy uses the
SUDO_EDITOR, VISUAL and EDITOR environment variables
(in that order). If none of SUDO_EDITOR, VISUAL or
EDITOR are set, the first program listed in the editor
sudoers(5) option is used.
If they have been modified, the temporary files are
copied back to their original location and the
temporary versions are removed.
It is much safer to launch the editor in the user's context, not root context. (Plus, the user get's his Vim settings, not the unmaintained ones from the root account!) Just the sync back of the edited temp file must be done with root priviledges; with the help of sudo, all of this can be implemented in a few lines of shell script.

Related

Fish Shell: "error: Unable to open universal variable file '/': Permission denied" [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 1 year ago.
Improve this question
I am using the Fish shell (version 3.3.1) on MacOS. Every time I run a command it shows this error multiple times:
error: Unable to open universal variable file '/': Permission denied
The commands still run perfectly, but it's very annoying to see these errors. They are still on the screen even after a clear command.
Fish has a feature where it'll store so called "universal" variables to a file on disk, so they can easily be persisted and shared among open fishes.
This error:
error: Unable to open universal variable file '/': Permission denied
Shows that fish is trying to open the file at "/", the root of the filesystem. This points to a misconfiguration, because "/" isn't a file, by definition. It's a directory.
The file is supposed to be in the config directory, which is at:
$XDG_CONFIG_HOME/fish, if that variable is set
$HOME/.config/fish, if it isn't
I can't find the specific sequence to reproduce this, but it appears that $XDG_CONFIG_HOME or $HOME are set when fish is started (by its parent process, probably the terminal), and to non-functional values.
Was having this same issue after installing using brew install fish.
What finally worked was uninstalling fish.
brew uninstall fish
Then removing fish from my .config folder.
cd ~
rm -rf .config/fish
Then I just installed fish using the fish GUI installer.

Have two emacs. Want to use spacemacs with one and leave the other intact

I have emacs24 and emacs25 on my machine. I want to use spacemacs with emacs24 and keep emacs25...well...as emacs. When I install spacemacs my ~/.emacs and ~/.emacs.d are changed. Both emacs start using spacemacs, which I do not want. Is there a way to have a spacemacs and an emacs at the same time. Tried looking for a solution and came across a solution to keep separate config files. But how to make emacs look for a specific config file. By the way if you still haven't guessed...I'm a noob.
At one level, this is quite easy to do. However, at another, there can be some
complications, depending on what you really want to do.
Emacs supports a command line switch -l to tell emacs where to find the config
file. So, from a very simple perspective, you could just create two wrapper
scripts my-spacemacs.sh and my-plainemacs.sh and inside them have the scripts
call emacs with a specific -l /path/to/config. You can pass $* to pick up other
command line arguments if you want.
The potential problem with this approach is that emacs will still use .emacs.d
to store all sorts of other information, including possibly elpa packages and
this could cause problems. To be safer, it is better to keep things completely
separate.
If you don't need to run both versions at the same time, the easy solution is to
have to separate directories, such as ~/.spacemacs-emacs.d and ~/plain-emacs.d
and then have a sym link called .emacs.d which points to whichever of the
versions you want to run. The two main problems with this approach is that you
need to reset the symbolic link whenever you want to change emacs flavors and
this won't work if you want to run both versions at the same time.
I guess we really need to know about your actual use case - why do you need two
different configurations? Knowing this could help identify a better approach.
As an example, I use org mode and babel to manage my emacs config. I have a
number of different versions and a simple script which I can run to generate
whichever init.el file I want from the different org files. I have a minimal.org
file, which has the most minimal emacs configuration I can bare and I have my
standard init.org which generates my working init.el and then I have an
experimental.org which is used to generate an init.el file which I use for
experimenting with new configurations or packages. It is trivial to switch
configurations, but I never need to run two different configurations at the same
time.
I often like to check out some of the other pre-cooked emacs setups, like
spacemacs, prelude, etc. for these, I just grab the current git version and use
a symbolic link to point .emacs.d at the root fo the git repo I want to
experiment with.
you can also use the following approach:
create a directory ~/spacemacs.
extract/copy the spacemacs .emacs.d into ~/spacemacs (so that it is ~/spacemacs/.emacs.d).
create a desktop link called Spacemacs (or menu entry) and enter the following command:
HOME=$HOME/spacemacs emacs
You can also start spacemacs from the shell with this command.
This way, you can run vanilla emacs and spacemacs simultaneously, each with its own configuration directory and elpa repository. The only disadvantage might be that you need to change a directory level upward to reach your real home directory, not the „fake” one set via the variable.
btw, this is how I run several emacs versions and configurations, as needed for diverse stuff.
The best solution seems to be using chemacs: https://github.com/plexus/chemacs

path of perl scripts [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions concerning problems with code you've written must describe the specific problem — and include valid code to reproduce it — in the question itself. See SSCCE.org for guidance.
Closed 9 years ago.
Improve this question
I am following the book 'Google Hacks'. It has many ready-made perl scripts, but it does not clearly say exactly where I need to save those perl scripts. I think I have to invoke these scripts from command line, but cannot figure out the location where these scripts should be stored. I am using Strawberry perl.
Also, it would be helpful I can run perl scripts from local environment setting with Internet connection, for example, to scrap Google search results. Thank you
note: I am using Apache webserver and windows 7 operating system
Are they on your server, or are they on your local machine? I'm assuming they're on your local system:
On Unix/Mac/Linux, the setup is fairly straight forward:
Make sure that the shebang points to your Perl executable. I make it #! /usr/bin/env perl which will find the perl command in my path.
Put the scripts in a directory in your $PATH variable.
On Windows, the setup is a bit more involved:
You need to setup your %PATH% environment variable to point to include your Perl scripts. You can do this by going into the System Control Panel (the easiest way is to right click on Computer on your desktop, and select Properties. Then go into Advanced Settings, and click on the Environment Varables... button on the bottom. Path is one of the System Variables.
You need to associate your *.pl suffix with your Perl executable. The problem is that Microsoft keeps changing this. However, the following works for Windows 7 and earlier:
Find a Perl script and view it in Windows Explorer. Right click on it, and open Properties. In Properties, there's an Opens with selection. Click on the Change button and select your Perl interpreter as your interpreter. Make sure the Always use the selected program to open this kind of file checkbox is checked.
Finally, you may want to set %PATHEXT% to include .pl as one of the executables. This way, you can type your Perl program without having to type the suffix all of the time. On Unix/Linux/Mac, you don't need suffixes because the shebang will point to the correct interpreter, but Windows must have a suffix associated with the executable. Now, instead of typing foo.pl on the command line, you can just type foo.
Once this is done, you can simply type in the name of your executable Perl script from any directory in the Command Prompt terminal and run your program.
The 1st thing you need to do, is to make sure that the .pl (or as some use, .plx) extension is associated in the windows registry as a perl program and that perl programs should be run by your perl.exe. At this point you should be able to run perl programs that don't require command line parameters just by double clicking them in Windows Explorer. I know that the installer for ActiveState Perl does this for you by default. I can't vouch for Strawberry.
To run them on the command line, you can just name their complete path ( C:\Mypath\Myprog.pl) or put them in a directory named in your PATH environment variable.
If you're trying to run them via Apache, you'll need to configure Apache with a CGI-BIN directory and put your CGI compatible perl programs in that directory. Again, Apache on Windows depends on the file extension associations in the registry, so make sure you've done that 1st step.

a question about clearcase: how to open a file checked out in emacs?

I have a question about clearcase. in linux, I open a terminal, and use "xclearcase" command to lunch file browser of clearcase. Then I check out a file and I want to open it in Emacs, I know I should cd to the folder contains the checked out file, but before I do this, the terminal still effected by the "xclearcase" command, how could I type some commands now?
When you launch xclearcase, do so by adding a & to the end of it. This will make the shell send it to the background so you can do more stuff in your shell. E.g.
xclearcase &
That will allow you to further interact with your shell while xclearcase is running.
Also, if you're working in the terminal, I would recommend getting comfortable with cleartool for basic operations. For example, to checkout and edit a file:
cleartool co src/path/to/file.c
emacs src/path/to/file.c
Then, to checkin the file:
cleartool ci src/path/to/file.c
As Nemo mentions in the comments, the vc-clearcase Emacs mode allows you to checkout a file right from an Emacs session (C-x v v).
It will handle hijacked file, asking whether to keep the changes in said hijacked file through the question "Claim lock retaining changes?"
It will ask for a comment
It allows for checkouting a directory
It handle file with a -nocheckout rule on their config spec

Compilation in Emacs [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 5 years ago.
Improve this question
I configure and install emacs but i don't know how to compile a c program.
please give me full info.
Take a look at the following docs containing information on running your compiler from emacs:
http://www.gnu.org/software/emacs/manual/html_node/emacs/Compilation.html
http://www.slac.stanford.edu/comp/unix/gnu-info/emacs_26.html
As already answered the compile command triggers a build which automatically routes errors to a buffer.
M-x compile
The default behavior is to run make in the directory that the file you are editing is in.
make -k
The -k means keep going on errors and make as many targets as you can. You can edit the command line at this stage.
There are two issues you might have with this setup. Firstly if your source file is not in the directory the makefile is in, then you need to set the default directory file variable. You can do this by adding a line like this at the top of the source file.
// -*- mode: C++; default-directory: "c:/somewhere/yourmakefiledirectory/" -*-
Another issue is if you don't want a makefile. This happens if you have a simple program containing one, or only a few, cpp files, and you just want to quickly compile them.
You can do this by setting the compile-command file variable. Now when you run the compile command, this will show up as the default way to build you program, rather than make.
// -*- compile-command: "g++ -lpsapi -mwindows windowsprogram.cpp -g -o windowsprogram.exe"; -*-
Once you've compiled and possibly got some errors you can run the commands next-error and previous-error to move up and down the source file viewing them. I didn't like the default keys, and I tend to use this setup.
(global-set-key [f5] 'compile)
(global-set-key [f7] 'previous-error)
(global-set-key [f8] 'next-error)
More tips like this on my blog.
M-x compile will by default run make. You will need to have the appropriate compiler installed, and a makefile setup to do this, though. Once this is done you can use C-x ` to go to the next error.
There are a couple of ways actually. The simplest is to create a make file and place it in the same directory as your source. Then use M-x(Alt-x) to compile it. The other way is to launch a shell from within emacs using M-x eshell. The third way is to go and write a script using elisp if you are familiar with it.