Solved

Login Running a Captive Shell Script

Posted on 2004-04-06
7
1,699 Views
Last Modified: 2013-12-27
I have written a shell script (ksh) that allows a user to use a menu selection to nfs mount remote partitions.  I want this shell script to automatically launch when the user logs into a dedicated login, run without the user being able to exit it <ctl c>, and log out when the user selects <exit> from the menu selections.  The login account will have sudoer permission to mount/unmount only.

Should the shell be launched from the .profile?
What needs to be in the shell to prevent a <ctl c>, etc, exit?
Special permissions on the script or the .profile?
Any "how-tos" in case I'm forgetting (to ask) something?

Tips/Comments/Suggestions appreciated!
Thanks.
0
Comment
Question by:dskhunter
7 Comments
 
LVL 12

Assisted Solution

by:stefan73
stefan73 earned 150 total points
ID: 10765607
Hi dskhunter,
You can trap signals and error conditions in ksh:

trap exit INT TERM HUP TSTP ERR

this will invoke exit for both CTRL-c and CTRL-z, errors, kill, etc.

See "man -s 3HEAD signal" for a list of all signals.



Cheers,
Stefan
0
 
LVL 20

Assisted Solution

by:tfewster
tfewster earned 150 total points
ID: 10765638
The simple, but not foolproof way: At the end of the .profile add the lines:

trap 'echo "Ctrl-C disabled" ' 1 2 3 15
/path/to/menu_script
exit


However, it may be possible for them to ^C out while the .profile is executing, before the trap, so either make the "trap" statement 1st thing in the .profile or alternatively:

Amend their login shell in /etc/passed to be "/path/to/menu_script";  You may need to add this to /etc/shells;  Put the trap and  exit statements in the menu script
0
 
LVL 12

Expert Comment

by:stefan73
ID: 10765743
dskhunter,
Just make sure that the login shell exits as soon as your shell script is finished. You could use .profile for the shell script. Also check that the trap command is the first you call.


Stefan
0
Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

 
LVL 6

Expert Comment

by:durindil
ID: 10769460
The best way to do this is set up an RBAC role, and a profile shell.  Trap the CTL-C inputs, and even if they can break out, they are still in the profile shell, and only have the permissions you assign to them.
0
 
LVL 4

Assisted Solution

by:Otetelisanu
Otetelisanu earned 50 total points
ID: 10772023
With the trap is OK but
you can start your programm
with
exec <program>

look man exec

0
 
LVL 4

Expert Comment

by:Otetelisanu
ID: 10772027
Sory
the exec <program> must be
in the .profile

0
 
LVL 51

Accepted Solution

by:
ahoffmann earned 150 total points
ID: 10776448
write your shell like follows:

#!/bin/ksh
trap myexit 1 2 3 4 5 6 7 8 10 11 12 13 14 15
function myexit
{
  exit 1
}
# your stuff here
exit 0

then simply use this script in /etc/passwd as login shell
I'd never use .profile or alike for this
0

Featured Post

Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Using libpcap/Jpcap to capture and send packets on Solaris version (10/11) Library used: 1.      Libpcap (http://www.tcpdump.org) Version 1.2 2.      Jpcap(http://netresearch.ics.uci.edu/kfujii/Jpcap/doc/index.html) Version 0.6 Prerequisite: 1.      GCC …
Why Shell Scripting? Shell scripting is a powerful method of accessing UNIX systems and it is very flexible. Shell scripts are required when we want to execute a sequence of commands in Unix flavored operating systems. “Shell” is the command line i…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question