I like your idea of a program. As is, I use "screen", which has an "idle timeout". But I do like the idea of forcing this on users of idle TTYs. Vlock doesn't really work on non-vc's (Linux consoles), but I bet you can take the source and adapt it to your program. It might be, in the end, a function to add to the user's shell. You could hack the MAILCHECK command feature, which looks at a file to see if it should print "You have new mail". (Does anyone use standard UNIX mailboxes these days?) Or you could modify the behavior of TMOUT:
Quote:
TMOUT If set to a value greater than zero, TMOUT is treated as the
default timeout for the read builtin. The select command termi-
nates if input does not arrive after TMOUT seconds when input is
coming from a terminal. In an interactive shell, the value is
interpreted as the number of seconds to wait for input after
issuing the primary prompt. Bash terminates after waiting for
that number of seconds if input does not arrive.
A final hack would be using PROMPT_COMMAND to run a program after each time the prompt is printed. This command could be a program that locks if it's been X minutes since the last time the message was printed. Seems to me this would be a bit "heavy" on the system.
Nice program! A couple of bugs:
Probably a bad idea to do inside a signal handler. Also, why, other than to annoy the user. If it's to hide what the user was doing, I doubt this will prevent the terminal's scroll-back from working.
You really need greater-than-or-equal to here. You cannot guarantee that the signal handler will be invoked every second. Oh, and that reminds me:
You just need sleep() here. In the C library and system calls, sleep does not take an argument, as it does with perl and the shell.
And last, but definitely not least: an attacker could crash the program by entering more than 20 characters into the password prompt. You Using scanf() and strcmp() here are really bad ideas. You should use fgets() and strncmp() to ensure that at most N characters are read into the stream.
There are other improvements to be made, such as turning off echo on the input stream so that typed characters are not displayed, and such as using PAM or the getent() calls to verify the user's own password (otherwise EVERY user could figure this out). If you do install it as-is, turn off the read bit on the executable. Otherwise, one could get the password with:
FYI, when we run that daemon, if user is prompted to enter password, any input that user type don't show on screen (don't know why)
It might be because it hasn't actually grabbed the console from the parent process, which is still trying to read characters itself. You might find that entering the password doesn't work. I've seen that when a background process got forked off and tried to read input. You ended up seeing every second character on the command line.
Quote:
And, is that "getent()" used to call "real" user password??
It gets the encrypted version of whatever is accessible through /etc/nsswitch.conf, so normally, yes. To compare, you have to encrypt the inputted password in the same fashion and then compare with what getent() returned. With Linux, you should go through PAM, but I realize that's a lot of work for something like this. However, it would be more secure.
You just need sleep() here. In the C library and system calls, sleep does not take an argument, as it does with perl and the shell.
just a tiny correction: sleep does take an argument, which is number of seconds to sleep
On my SysV box
/usr/include/unistd.h:extern unsigned sleep(unsigned);
What kind of problems can be faced if any session which connects to unix server is open for longer time?
How to find out from how much time that session is idle? :) (1 Reply)
Hi all,
I have to test some user priviliges. The goal is to be sure that an unauthorized user can't restart some modules (ssh, mysql etc...).
I'm trying to automate it with a shell script but in same cases I got the syslog broadcast message.
Is there any way to simply get a return code... (3 Replies)
How would i force The server console to be locked automatically after 5 minutes ?
I want it to happen for X as well as terminal session of the machine.
My Linux distribution details.
LSB Version: :core-3.1-ia32:core-3.1-noarch:graphics-3.1-ia32:graphics-3.1-noarch
Distributor ID:... (11 Replies)
Hello all,
If anyone has time, I have a few questions:
How do I do the following in Linux. We are using Red Hat and Oracle Enterprise Linux, which is based on Red Hat too.
1. How to lock the account after a few (like 3) invalid password attempts?
2. How do you lock a screen after 30... (1 Reply)
:confused:Hi
This was installed on the Linux box a few weeks back by a guy that no longer works for us. All worked fine until last week. Now when we connect its just a blank screen with no icons.
I get a whole bunch of errors when starting the service too:
Tue Feb 23 14:29:45 2010
... (1 Reply)
I need to find the idle time on a machine in the manner: How long time ago somebody did the last action with mouse or keyboard? Unfortunately "w" doesn't do this. It produced the following output on a machine a user was actually working on with an application:
15# w
15:55:28 up 15 days, ... (1 Reply)
We are using software (Pegasys) which runs on SunOS 5.8 and reads images from a Philips nuclear camera. The software is designed to run from the console. I need to be able to capture the images it produces on the display. The caveat is that I cannot use the X Windows display because the X Server... (3 Replies)
how can I lock my keyboard while I'm away from the computer without using lock command. What other commands gives me the option to lock keyboard device?
thanks (7 Replies)