Is it possible to perform scp (or similar) of a file on initial user login?

Hi

I have an ever increasing number of Citrix templates and I often have to create new ones as and when I update various scripts that are on the templates.

I was wondering if it is possible to copy the scripts to the newly created (from template) VMs when the user initially logs into the VM ( a one time only copy).  This would mean that I would not need to include my scripts on the template and would therefore not need to update them as I update my scripts.

Regards
micktAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Tony JLead Technical ArchitectCommented:
I think from your description, a group policy preference (GPP) for the files will do just that.

Copy the files to a share, set the GPP to create (you can try update - that _should_ work) and apply the policy to a user group.
0
Daniel HelgenbergerCommented:
What's the deployed OS? Linux?
You can do so by putting the scp script  in your vm:
/etc/profile.d/

Open in new window


Do you need these scripts user writable?

I you need to define a standard ssh-key and register this with .authorized_keys in your ssh server. Just let the script check if the location locally exits. Use -i to define a key file in your script:
scp -i /path/to/key.file

Open in new window


A much better way than this would be to use for instance Git to deploy your scripts. I do so. Setup the a special read only user for the repo or a public repo in git. Then, a cron job does this at reboots:
cd /path/to/location
git -q clone ssh://user@myserver/repo

Open in new window


See @reboot cron jobs:
http://www.cyberciti.biz/faq/linux-execute-cron-job-after-system-reboot/
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
micktAuthor Commented:
Thanks guys

I think helge000's suggestion of adding to profile.d may be the simplest.  I have various RHEL and Centos distributions and it looks as if git is not available in all.
0
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

micktAuthor Commented:
Actually, thought better of it as profile.d will result in unnecessary copies.  Doing as a cron task is open to user deletion.

Decided to throw script into /etc/init.d.
0
Daniel HelgenbergerCommented:
You can do the cron task as root, put it in /etc/cron.d/. If you use Cent/RHEL be aware the /etc/init.d will be depreciated in the future with systemd. I assume the the scripts static, so they really only need to be copied one? And your users only need r+x permissions?
0
micktAuthor Commented:
Yep, only r+x required.  The guys here generally don't bother looking in init.d but would be using cron a lot.  I'll also give it .name so it is hidden.  What they don't see they'll not worry about.
0
Daniel HelgenbergerCommented:
Ok, so your users all have sudo rights, I assume? Then there is really little you can do prevent them from anything - not even using ls -a ;)
I have to test it, but I do not think scripts starting with . are run in /etc/cron.d. Test it with:
run-parts -v –test /etc/cron.d

Open in new window

You can also modify /etc/crontab directly or use a special user's crontab.
0
micktAuthor Commented:
They create their own VMs from Citrix templates so have full unrestricted access.  I have admin scripts that they use to configure the VMs and install all our S/W etc.  But as I update the scripts I also have to update the templates.  This way I'll not need to do so.

It's more an issue that they may accidentally remove a script or a cron task; just trying to make it less likely.
0
Daniel HelgenbergerCommented:
I see! Sorry, I'd not get the templates are already for the user. I this case, I think it is best to put it in /etc/crontab with a comment; and not even with a script but a 'oneliner'.
0
micktAuthor Commented:
I think there may also be some instances where cron is wiped by way of cleaning out the box when a new setup is created.

I think I'll stick with init.d for the moment.  I'll include a file size check so that it will only scp if the files differ.
0
Daniel HelgenbergerCommented:
I think there may also be some instances where cron is wiped by way of cleaning out the box when a new setup is created.
No, the mentioned location would not be 'wiped' in any normal case. But of course no system is prone to users which do not know what they do. In case of your VMs, they can always kill it and create a new one?

Suggestion: Better than the file size would be a check sum, it will detect any change:
md5sum myscript.sh

Open in new window

and of course best would be to use rsync via ssh; this can be run at every boot with very little overhead.
0
micktAuthor Commented:
Good idea about the checksum.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux

From novice to tech pro — start learning today.