#!/bin/sh
kill -STOP $$                                   # suspend myself 
                                                 # ... until I receive SIGCONT
exec $@                                          # exec argument list

然后称之为：

sudo -u $SOME_USER start-stopped.sh mycommand &  # start mycommand in stopped state
MYCOMMAND_PID=$!
setup_iptables $MYCOMMAND_PID                    # use its PID to setup iptables
sudo -u $SOME_USER kill -CONT $MYCOMMAND_PID     # make mycommand continue
wait $MYCOMMAND_PID                              # wait for its termination
MYCOMMAND_EXIT_STATUS=$?                         
teardown_iptables                                # remove iptables rules
report $MYCOMMAND_EXIT_STATUS                    # report errors,if necessary

然而,这一切都是矫枉过正的.您不需要在挂起状态下生成进程以完成工作.只需创建一个包装器脚本setup_iptables_and_start：

#!/bin/sh
setup_iptables $$            # use my own PID to setup iptables
exec sudo -u $SOME_USER $@    # exec'ed command will have same PID

然后称之为

setup_iptables_and_start mycommand || report errors
teardown_iptables