Solved

Login Running a Captive Shell Script

Posted on 2004-04-06
7
1,668 Views
Last Modified: 2013-12-27
I have written a shell script (ksh) that allows a user to use a menu selection to nfs mount remote partitions.  I want this shell script to automatically launch when the user logs into a dedicated login, run without the user being able to exit it <ctl c>, and log out when the user selects <exit> from the menu selections.  The login account will have sudoer permission to mount/unmount only.

Should the shell be launched from the .profile?
What needs to be in the shell to prevent a <ctl c>, etc, exit?
Special permissions on the script or the .profile?
Any "how-tos" in case I'm forgetting (to ask) something?

Tips/Comments/Suggestions appreciated!
Thanks.
0
Comment
Question by:dskhunter
7 Comments
 
LVL 12

Assisted Solution

by:stefan73
stefan73 earned 150 total points
ID: 10765607
Hi dskhunter,
You can trap signals and error conditions in ksh:

trap exit INT TERM HUP TSTP ERR

this will invoke exit for both CTRL-c and CTRL-z, errors, kill, etc.

See "man -s 3HEAD signal" for a list of all signals.



Cheers,
Stefan
0
 
LVL 20

Assisted Solution

by:tfewster
tfewster earned 150 total points
ID: 10765638
The simple, but not foolproof way: At the end of the .profile add the lines:

trap 'echo "Ctrl-C disabled" ' 1 2 3 15
/path/to/menu_script
exit


However, it may be possible for them to ^C out while the .profile is executing, before the trap, so either make the "trap" statement 1st thing in the .profile or alternatively:

Amend their login shell in /etc/passed to be "/path/to/menu_script";  You may need to add this to /etc/shells;  Put the trap and  exit statements in the menu script
0
 
LVL 12

Expert Comment

by:stefan73
ID: 10765743
dskhunter,
Just make sure that the login shell exits as soon as your shell script is finished. You could use .profile for the shell script. Also check that the trap command is the first you call.


Stefan
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 6

Expert Comment

by:durindil
ID: 10769460
The best way to do this is set up an RBAC role, and a profile shell.  Trap the CTL-C inputs, and even if they can break out, they are still in the profile shell, and only have the permissions you assign to them.
0
 
LVL 4

Assisted Solution

by:Otetelisanu
Otetelisanu earned 50 total points
ID: 10772023
With the trap is OK but
you can start your programm
with
exec <program>

look man exec

0
 
LVL 4

Expert Comment

by:Otetelisanu
ID: 10772027
Sory
the exec <program> must be
in the .profile

0
 
LVL 51

Accepted Solution

by:
ahoffmann earned 150 total points
ID: 10776448
write your shell like follows:

#!/bin/ksh
trap myexit 1 2 3 4 5 6 7 8 10 11 12 13 14 15
function myexit
{
  exit 1
}
# your stuff here
exit 0

then simply use this script in /etc/passwd as login shell
I'd never use .profile or alike for this
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Attention: This article will no longer be maintained. If you have any questions, please feel free to mail me. jgh@FreeBSD.org Please see http://www.freebsd.org/doc/en_US.ISO8859-1/articles/freebsd-update-server/ for the updated article. It is avail…
Every server (virtual or physical) needs a console: and the console can be provided through hardware directly connected, software for remote connections, local connections, through a KVM, etc. This document explains the different types of consol…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now