#!/bin/bash

ENABLED=yes
[[ ${ENABLED} == "yes" ]] || exit 0
DEBUGMODE=no

unset ROOTFS; [[ -d /usr/lib/ublinux ]] || ROOTFS=.
SOURCE=${ROOTFS}/usr/lib/ublinux/functions; [[ -f ${SOURCE} ]] && . ${SOURCE} 2>/dev/null || exit 0
SOURCE=${ROOTFS}/usr/lib/ublinux/default; [[ -f ${SOURCE} ]] && . ${SOURCE} 2>/dev/null || exit 0
debug_mode "$0" "$@"

SYSCONF="${ROOTFS}${SYSCONF}"
SOURCE=${SYSCONF}/config; [[ -f ${SOURCE} ]] && . ${SOURCE} 2>/dev/null
SOURCE=${SYSCONF}/security; [ -f ${SOURCE} ] && . ${SOURCE} 2>/dev/null

exec_access_denied_exec(){
## Ограничить запуск интерпретаторов языков программирования в интерактивном режиме
    if [[ -n ${ACCESS_DENIED_EXEC[@]} ]]; then
	for PATH_WORK_EXEC in "${!ACCESS_DENIED_EXEC[@]}"; do
	    [[ ${ACCESS_DENIED_EXEC[${PATH_WORK_EXEC}],,} == "interpreter" ]] && ACCESS_DENIED_EXEC[${PATH_WORK_EXEC}]="gbr3,python,python2,python3,perl,perl6,php,ruby,node,awk,gawk"
	    DENIED_EXEC=$(tr [[:space:]],\; $'\n' <<< ${ACCESS_DENIED_EXEC[${PATH_WORK_EXEC}]})
	    [[ ${PATH_WORK_EXEC} == 0 ]] && PATH_WORK_EXEC="${ROOTFS}/usr/bin ${ROOTFS}/usr/local/bin ${ROOTFS}/usr/local/sbin ${ROOTFS}/home"
	    LIST_EXEC=$(printf " -name %s -o" ${DENIED_EXEC})
	    PATH_WORK_EXEC=$(tr ,\; ' ' <<< ${PATH_WORK_EXEC})
	    eval "find -L ${PATH_WORK_EXEC} -type f -perm /o=x \( ${LIST_EXEC%-o*} \) -exec chmod --quiet o-x {} +"
	done
    fi
}

################
##### MAIN #####
################

    exec_access_denied_exec $@