Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Capture child processes and change return values question
Top Forums UNIX for Advanced & Expert Users Capture child processes and change return values question Post 302340917 by tuxhats on Tuesday 4th of August 2009 04:40:40 PM
Old 08-04-2009
Question Capture child processes and change return values question
Thanks in advance.
My environment is Ubuntu 9.04 desktop customized to be a high school classroom server for teaching code development. I have a unique "fake" jail called "lshell" which is very easy to setup and restricts users to commands that I dictate DISALLOWING ANYTHING ELSE. These questions below represent the last piece we would love to have for this open project.

I have a very specific need. I need to accomplish the following (without discussion about jail environments please).

I'd like users in a shell to enter "gedit" or other software/IDE, and do work. When the user makes a "File and Open" step they can only see or examine their directory and nowhere else.
Questions: Can I use one of the traces(l,p,s) or is their another way to restrict "what they can see"? Can these commands, along with some scripting, be used to return their top directory as $theirusername only and not be able to navigate elsewhere? Perhaps change some returning value say of
/home/jail/home/user to /user .

I can post the lshell.py script that I am using as the limited shell, if needed.

Thanks
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

what are parent and child processes all about?

I don't follow what these are... this is what my text says... "When a process is started, a duplicate of that process is created. This new process is called the child and the process that created it is called the parent. The child process then replaces the copy for the code the parent... (1 Reply)
Discussion started by: xyyz
1 Replies

2. Programming

Controlling child processes

Hello all, I am trying to create n child processes and control them from a parent process; say make child 3 print its pid and then child 5 do the same and some other stuff. Is there a way to accomplishing this after all the child processes are created via a call to fork(). Thank you, FG (23 Replies)
Discussion started by: forumGuy
23 Replies

3. Shell Programming and Scripting

Parent/Child Processes

Hello. I have a global function name func1() that I am sourcing in from script A. I call the function from script B. Is there a way to find out which script called func1() dynamically so that the func1() can report it in the event there are errors? Thanks (2 Replies)
Discussion started by: yoi2hot4ya
2 Replies

4. Programming

fork() and child processes

Hello, How many child processes are actually created when running this code ? #include <signal.h> #include <stdio.h> int main () { int i ; setpgrp () ; for (i = 0; i < 10; i++) { if (fork () == 0) { if ( i & 1 ) setpgrp () ; printf ("Child id: %2d, group: %2d\n", getpid(),... (0 Replies)
Discussion started by: green_dot
0 Replies

5. Shell Programming and Scripting

fork() and child processes

Hello, How many child processes are actually created when running this code ? #include <signal.h> #include <stdio.h> int main () { int i ; setpgrp () ; for (i = 0; i < 10; i++) { if (fork () == 0) { if ( i & 1 ) setpgrp () ; printf ("Child id: %2d, group: %2d\n",... (1 Reply)
Discussion started by: green_dot
1 Replies

6. UNIX for Advanced & Expert Users

killing all child processes

Hi, Is there a way I can kill all the child processes of a process, given its process id. Many thanks in advance. J. (1 Reply)
Discussion started by: superuser84
1 Replies

7. Shell Programming and Scripting

how to capture PID for a child script

Hi, I'm looking for a method where we can capture the PID and if possible the progress of child process especially the ones running in background. can anyone help? (6 Replies)
Discussion started by: aman jain
6 Replies

8. Programming

How to capture messages from child process?

Hi all, I'm new in programming, but want to start writing a simple GUI for linux console application,say, wget.(for educational purpose :) ). The question is: how to start child process from C++ code and then start capture messages from its stdout? Thanks in advance. (2 Replies)
Discussion started by: vahagn_iv
2 Replies

9. Shell Programming and Scripting

How to capture C program return values in Kshell

I have a K shell script (ksh) that needs to return an email address. A C program was written (prog1) to now access the email address off of an oracle table. The call to the program in the ksh is prog1 -p parm1 Based on Parm1 the program will read an oracle table and retrieve the email... (2 Replies)
Discussion started by: jclanc8
2 Replies

10. Shell Programming and Scripting

Get all child processes of a process

is there a universal way of getting the children of a particular process? i'm looking for a solution that works across different OSes...linux, aix, sunos, hpux. i did a search online and i kept finding answers that were specific to Linux..i.e. pstree. i want to be able to specify a process... (2 Replies)
Discussion started by: SkySmart
2 Replies

LEARN ABOUT DEBIAN

lshell

lshell(1)						      General Commands Manual							 lshell(1)

NAME

       lshell - Limited Shell

SYNOPSIS

       lshell [OPTIONS]

DESCRIPTION

       lshell  provides  a  limited  shell  configured per user.  The configuration is done quite simply using a configuration file.  Coupled with
       ssh's authorized_keys or with /etc/shells and /etc/passwd , it becomes very easy to restrict user's access to a limited set of command.

OPTIONS

       --config <FILE>
	      Specify config file

       --log <DIR>
	      Specify the log directory

       -h, --help
	      Show help message

       --version
	      Show version

CONFIGURATION

       You can configure lshell through its configuration file:

	      On Linux -> /etc/lshell.conf
	      On *BSD  -> /usr/{pkg,local}/etc/lshell.conf

       lshell configuration has 4 types of sections:

	      [global]	 -> lshell system configuration (only 1)
	      [default]  -> lshell default user configuration (only 1)
	      [foo]	 -> UNIX username "foo" specific configuration
	      [grp:bar]  -> UNIX groupname "bar" specific configuration

       Order of priority when loading preferences is the following:

	      1- User configuration
	      2- Group configuration
	      3- Default configuration

   [global]
       logpath
	      config path (default is /var/log/lshell/)

       loglevel
	      0, 1, 2, 3 or 4  (0: no logs -> 4: logs everything)

       logfilename
	      - set to syslog in order to log to syslog
	      - set log file name, e.g. %u-%y%m%d (i.e foo-20091009.log):     %u -> username
		  %d -> day   [1..31]
		  %m -> month [1..12]
		  %y -> year  [00..99]
		  %h -> time  [00:00..23:59]

       syslogname
	      in case you are using syslog, set your logname (default: lshell)

   [default] and/or [username] and/or [grp:groupname]
       aliases
	      command aliases list (similar to bash's alias directive)

       allowed
	      a list of the allowed commands or set to 'all' to allow all commands in user's PATH

       allowed_cmd_path
	      a list of path; all executable files inside these path will be allowed

       env_path
	      update the environment variable $PATH of the user (optional)

       env_vars
	      set environment variables (optional)

       forbidden
	      a list of forbidden characters or commands

       history_file
	      set the history filename. A wildcard can be used:
		  %u -> username (e.g. '/home/%u/.lhistory')

       history_size
	      set the maximum size (in lines) of the history file

       home_path (deprecated)
	      set the home folder of your user. If not specified, the home directory is set to the $HOME environment variable. This variable  will
	      be removed in the next version of lshell, please use your system's tools to set a user's home directory. A wildcard can be used:
		  %u -> username (e.g. '/home/%u')

       intro  set the introduction to print at login

       passwd password of specific user (default is empty)

       path   list of path to restrict the user geographically. It is possible to use wildcards (e.g. '/var/log/ap*').

       prompt set the user's prompt format (default: username)
		  %u -> username
		  %h -> hostname

       prompt_short
	      set  sort  prompt  current  directory update - set to 1 or 0 overssh list of command allowed to execute over ssh (e.g. rsync, rdiff-
	      backup, scp, etc.)

       scp    allow or forbid the use of scp connection - set to 1 or 0

       scpforce
	      force files sent through scp to a specific directory

       scp_download
	      set to 0 to forbid scp downloads (default is 1)

       scp_upload
	      set to 0 to forbid scp uploads (default is 1)

       sftp   allow or forbid the use of sftp connection - set to 1 or 0

       sudo_commands
	      a list of the allowed commands that can be used with sudo(8)

       timer  a value in seconds for the session timer

       strict logging strictness. If set to 1, any unknown command is considered as forbidden, and user's warning counter is decreased. If set	to
	      0, command is considered as unknown, and user is only warned (i.e. *** unknown synthax)

       warning_counter
	      number of warnings when user enters a forbidden value before getting exited from lshell. Set to -1  to disable the counter, and just
	      warn the user.

SHELL BUILTIN COMMANDS

       Here is the set of commands that are always available with lshell:

       clear  clears the terminal

       help, ?
	      print the list of allowed commands

       history
	      print the commands history

       lpath  lists all allowed and forbidden path

       lsudo  lists all sudo allowed commands

EXAMPLES

       $ lshell
	      Tries to run lshell using default ${PREFIX}/etc/lshell.conf as configuration file. If it fails a warning is printed  and	lshell	is
	      interrupted.  lshell options are loaded from the configuration file

       $ lshell --config /path/to/myconf.file --log /path/to/mylog.log
	      This will override the default options specified for configuration and/or log file

USE CASE

       The  primary  goal  of  lshell, was to be able to create shell accounts with ssh access and restrict their environment to a couple a needed
       commands.  In this example, User 'foo' and user 'bar' both belong to the 'users' UNIX group:

       User foo:
	       - must be able to access /usr and /var but not /usr/local
	       - user all command in his PATH but 'su'
	       - has a warning counter set to 5
	       - has his home path set to '/home/users'

       User bar:
	       - must be able to access /etc and /usr but not /usr/local
	       - is allowed default commands plus 'ping' minus 'ls'
	       - strictness is set to 1 (meaning he is not allowed to type an unknown command)

       In this case, my configuration file will look something like this:

	      # CONFIURATION START
	      [global]
	      logpath	      : /var/log/lshell/
	      loglevel	      : 2

	      [default]
	      allowed	      : ['ls','pwd']
	      forbidden       : [';', '&', '|']
	      warning_counter : 2
	      timer	      : 0
	      path	      : ['/etc', '/usr']
	      env_path	      : ':/sbin:/usr/bin/'
	      scp	      : 1 # or 0
	      sftp	      : 1 # or 0
	      overssh	      : ['rsync','ls']
	      aliases	      : {'ls':'ls --color=auto','ll':'ls -l'}

	      [grp:users]
	      warning_counter : 5
	      overssh	      : - ['ls']

	      [foo]
	      allowed	      : 'all' - ['su']
	      path	      : ['/var', '/usr'] - ['/usr/local']
	      home_path       : '/home/users'

	      [bar]
	      allowed	      : + ['ping'] - ['ls']
	      path	      : - ['/usr/local']
	      strict	      : 1
	      scpforce	      : '/home/bar/uploads/'
	      # CONFIURATION END

NOTES

       In order to log a user's warnings into the logging directory (default /var/log/lshell/) , you must firt create the folder  (if  it  doesn't
       exist yet) and chown it to lshell group:

	      # addgroup --system lshell
	      # mkdir /var/log/lshell
	      # chown :lshell /var/log/lshell
	      # chmod 770 /var/log/lshell

       then add the user to the lshell group:

	      # usermod -aG lshell user_name

       In order to set lshell as default shell for a user:

	      On Linux:
	      # chsh -s /usr/bin/lshell user_name

	      On *BSD:
	      # chsh -s /usr/{pkg,local}/bin/lshell user_name

AUTHOR

       Currently maintained by Ignace Mouzannar (ghantoos)

EMAIL

       Feel free to send me your recommendations at <ghantoos@ghantoos.org>

v0.9.15 							  March 13, 2012							 lshell(1)
All times are GMT -4. The time now is 11:15 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy