Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Limiting a user to a script upon login, nothing else.
Homework and Emergencies Emergency UNIX and Linux Support Limiting a user to a script upon login, nothing else. Post 302395547 by JohnGH on Tuesday 16th of February 2010 11:07:27 AM
Old 02-16-2010
Bug
Quote:
Originally Posted by ppucci
I have already on my script the exit commands to logout, but should the user break the script I still want him to be logged out or to return to the script, meaning I do not want him getting to the shell prompt by no means.
If you're worried about security then you'll need to be careful about what commands you use in your menu option.

If you're doing commands like:


echo "2 - Display something"
...
echo "5 - List some stuff"
echo "6 - Display system information"


You may be thinking to pipe multi-page output to less or more so the user can page through it.

A place I once worked had menu scripts that ran as root and paged files with less, which I found rather convenient when I needed a root shell on that box in an emergency... all I needed to do was go into the menu and choose the file viewer and type !<Enter> and I had a root shell!

If you read the less man page you will find:


When the environment variable LESSSECURE is set to 1, less runs in a "secure" mode. This means these features are disabled:
! the shell command
| the pipe command
:e the examine command.
v the editing command
s -o log files
-k use of lesskey files
-t use of tags files
metacharacters in filenames, such as *
filename completion (TAB, ^L)


That'll be something you'll want to export as a variable in the top of your script if you're going to use less.

When you try to lock something down your own way, using tools that weren't designed specifically for embedding in secure menus, you need to be smart enough to be able to second-guess everyone who will get access to the system, and shut off any loop-holes they could abuse before they find them.
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

user login script question

hi all, what file(s) needs to be changed and in what way in order to do the following: when user A logs onto freebsd 4.8 automaticaly he needs to start up a script a made that executes: sets ltp0 in polling mode, executes tn5250 keyboard mapping starts tn5250 with the correct parameters. ... (2 Replies)
Discussion started by: termiEEE
2 Replies

2. Shell Programming and Scripting

User Login Monitor Script

I need some help writing a script that I can run as a cron job. I want this script to be able find all the users that have logged on to this machine since the last time the script was run (plan to run daily at 11:30pm, so everyone who logged on that day) and email me who logged on, and when. ... (2 Replies)
Discussion started by: Drewser
2 Replies

3. AIX

Limiting length of user in while creating user

Hi all, I am a newbe to aix 5.2. I want to specify the characters used by users while creating user in aix like specifying the length of the password should i use some sript for that if it is then please let me know how to do this if yes give me the link for the scripts. Thanks in advance ... (2 Replies)
Discussion started by: Satya Mishra
2 Replies

4. Shell Programming and Scripting

login to different user completely within the script

I am trying to write a script where I would login to a userid with id and password while staying completely within the script. I am doing this in order to edit a file where I change permissions. The objective is to allow one user only to edit a file. This is what I have now. cd $HOME/data ... (1 Reply)
Discussion started by: yakdiver
1 Replies

5. Shell Programming and Scripting

limiting data inputs for the user

if my user has to enter the name of months to carry out a search how can I limit the input values to only the month names and nothing else? so far my input criteria for the user is this: i would like it so the user can only enter the months in the way i have stated. otherwise they would... (11 Replies)
Discussion started by: amatuer_lee_3
11 Replies

6. Shell Programming and Scripting

Running script from other user rather than login user

Hi, My requirement is that i am login from ROOT in a script but when any command is coming which is logging to sqlplus then i have to run it with normal user as only normal user have permission to connect to sqlplus . i tried making a script like this : #! /bin/ksh su -... (3 Replies)
Discussion started by: rawatds
3 Replies

7. UNIX for Dummies Questions & Answers

User login monitoring script.

Hi guys, I'm need to write a script that runs an infinite loop to check users that login/out of a server. I'm just not sure about the syntax with while loops and whether or not you can include a nested if-statement? Cheers Spaulds (2 Replies)
Discussion started by: Spaulds
2 Replies

8. UNIX for Dummies Questions & Answers

Limiting User mailbox size in /var/spool

How can one limit the size of user mailboxes in /var/spool/mail? (0 Replies)
Discussion started by: proactiveaditya
0 Replies

9. Shell Programming and Scripting

How to Login as another user through Shell script from current user[Not Root]

Hi Every body, I would need a shell script program to login as different user and perform some copy commands in the script. example: Supppose ora_toms is the active user ora_toms should be able to run a script where user: ftptomsp pass: XXX should login through and run the commands ... (9 Replies)
Discussion started by: ujjwal27
9 Replies

10. Shell Programming and Scripting

Login into another user from user inside script

now i have logged in username : ramesh in unix Now i have to created script file to login into another user and have run a command inside that user and after executing the command i have to exit from that user. Inside script, i have to login into su - ram along with password : haihow and have to... (4 Replies)
Discussion started by: rammm
4 Replies

LEARN ABOUT MOJAVE

script

SCRIPT(1)						    BSD General Commands Manual 						 SCRIPT(1)

NAME

     script -- make typescript of terminal session

SYNOPSIS

     script [-adkpqr] [-F pipe] [-t time] [file [command ...]]

DESCRIPTION

     The script utility makes a typescript of everything printed on your terminal.  It is useful for students who need a hardcopy record of an
     interactive session as proof of an assignment, as the typescript file can be printed out later with lpr(1).

     If the argument file is given, script saves all dialogue in file.	If no file name is given, the typescript is saved in the file typescript.

     If the argument command is given, script will run the specified command with an optional argument vector instead of an interactive shell.

     The following options are available:

     -a      Append the output to file or typescript, retaining the prior contents.

     -d      When playing back a session with the -p flag, do not sleep between records when playing back a timestamped session.

     -F pipe
	     Immediately flush output after each write.  This will allow a user to create a named pipe using mkfifo(1) and another user may watch
	     the live session using a utility like cat(1).

     -k      Log keys sent to the program as well as output.

     -p      Play back a session recorded with the -r flag in real time.

     -q      Run in quiet mode, omit the start, stop and command status messages.

     -r      Record a session with input, output, and timestamping.

     -t time
	     Specify the interval at which the script output file will be flushed to disk, in seconds.	A value of 0 causes script to flush after
	     every character I/O event.  The default interval is 30 seconds.

     The script ends when the forked shell (or command) exits (a control-D to exit the Bourne shell (sh(1)), and exit, logout or control-D (if
     ignoreeof is not set) for the C-shell, csh(1)).

     Certain interactive commands, such as vi(1), create garbage in the typescript file.  The script utility works best with commands that do not
     manipulate the screen.  The results are meant to emulate a hardcopy terminal, not an addressable one.

ENVIRONMENT

     The following environment variables are utilized by script:

     SCRIPT
	    The SCRIPT environment variable is added to the sub-shell.	If SCRIPT already existed in the users environment, its value is overwrit-
	    ten within the sub-shell.  The value of SCRIPT is the name of the typescript file.

     SHELL  If the variable SHELL exists, the shell forked by script will be that shell.  If SHELL is not set, the Bourne shell is assumed.  (Most
	    shells set this variable automatically).

SEE ALSO

     csh(1)

HISTORY

     The script command appeared in 3.0BSD.

     The -d, -p and -r options first appeared in NetBSD 2.0 and were ported to FreeBSD 9.2.

BUGS

     The script utility places everything in the log file, including linefeeds and backspaces.	This is not what the naive user expects.

     It is not possible to specify a command without also naming the script file because of argument parsing compatibility issues.

     When running in -k mode, echo cancelling is far from ideal.  The slave terminal mode is checked for ECHO mode to check when to avoid manual
     echo logging.  This does not work when the terminal is in a raw mode where the program being run is doing manual echo.

     If script reads zero bytes from the terminal, it switches to a mode when it only attempts to read once a second until there is data to read.
     This prevents script from spinning on zero-byte reads, but might cause a 1-second delay in processing of user input.

BSD
								 December 4, 2013							       BSD
All times are GMT -4. The time now is 06:54 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy