Forming sanitary shell commands or system calls in Ruby

Question

I\'m building a daemon that will help me manage my server(s). Webmin works fine, as does just opening a shell to the server, but I\'d prefer to be able to control server ope

Answer 1

It doesn't look like you need a shell for what you're doing. See the documentation for system here: http://ruby-doc.org/core/classes/Kernel.html#M001441

You should use the second form of system. Your example above would become:

system 'usermod', '-p', @options['shadow'], @options['username']

A nicer (IMO) way to write this is:

system *%W(usermod -p #{@options['shadow']} #{@options['username']})

The arguments this way are passed directly into the execve call, so you don't have to worry about sneaky shell tricks.