Solved

Login Running a Captive Shell Script

Posted on 2004-04-06
7
1,683 Views
Last Modified: 2013-12-27
I have written a shell script (ksh) that allows a user to use a menu selection to nfs mount remote partitions.  I want this shell script to automatically launch when the user logs into a dedicated login, run without the user being able to exit it <ctl c>, and log out when the user selects <exit> from the menu selections.  The login account will have sudoer permission to mount/unmount only.

Should the shell be launched from the .profile?
What needs to be in the shell to prevent a <ctl c>, etc, exit?
Special permissions on the script or the .profile?
Any "how-tos" in case I'm forgetting (to ask) something?

Tips/Comments/Suggestions appreciated!
Thanks.
0
Comment
Question by:dskhunter
7 Comments
 
LVL 12

Assisted Solution

by:stefan73
stefan73 earned 150 total points
ID: 10765607
Hi dskhunter,
You can trap signals and error conditions in ksh:

trap exit INT TERM HUP TSTP ERR

this will invoke exit for both CTRL-c and CTRL-z, errors, kill, etc.

See "man -s 3HEAD signal" for a list of all signals.



Cheers,
Stefan
0
 
LVL 20

Assisted Solution

by:tfewster
tfewster earned 150 total points
ID: 10765638
The simple, but not foolproof way: At the end of the .profile add the lines:

trap 'echo "Ctrl-C disabled" ' 1 2 3 15
/path/to/menu_script
exit


However, it may be possible for them to ^C out while the .profile is executing, before the trap, so either make the "trap" statement 1st thing in the .profile or alternatively:

Amend their login shell in /etc/passed to be "/path/to/menu_script";  You may need to add this to /etc/shells;  Put the trap and  exit statements in the menu script
0
 
LVL 12

Expert Comment

by:stefan73
ID: 10765743
dskhunter,
Just make sure that the login shell exits as soon as your shell script is finished. You could use .profile for the shell script. Also check that the trap command is the first you call.


Stefan
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 6

Expert Comment

by:durindil
ID: 10769460
The best way to do this is set up an RBAC role, and a profile shell.  Trap the CTL-C inputs, and even if they can break out, they are still in the profile shell, and only have the permissions you assign to them.
0
 
LVL 4

Assisted Solution

by:Otetelisanu
Otetelisanu earned 50 total points
ID: 10772023
With the trap is OK but
you can start your programm
with
exec <program>

look man exec

0
 
LVL 4

Expert Comment

by:Otetelisanu
ID: 10772027
Sory
the exec <program> must be
in the .profile

0
 
LVL 51

Accepted Solution

by:
ahoffmann earned 150 total points
ID: 10776448
write your shell like follows:

#!/bin/ksh
trap myexit 1 2 3 4 5 6 7 8 10 11 12 13 14 15
function myexit
{
  exit 1
}
# your stuff here
exit 0

then simply use this script in /etc/passwd as login shell
I'd never use .profile or alike for this
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Attention: This article will no longer be maintained. If you have any questions, please feel free to mail me. jgh@FreeBSD.org Please see http://www.freebsd.org/doc/en_US.ISO8859-1/articles/freebsd-update-server/ for the updated article. It is avail…
Every server (virtual or physical) needs a console: and the console can be provided through hardware directly connected, software for remote connections, local connections, through a KVM, etc. This document explains the different types of consol…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

28 Experts available now in Live!

Get 1:1 Help Now