By definition, where they can create files, they can delete files. Your scheme is flawed.
I may have the root user crontab copy the contents of the files the user logs to a file owned and controlled by root. However, on this thread i m still seeking help to get the script to work as desired i.e. Enforce explanation for login or kick the user out of the system.
I tried this but then it is going in INFINITE loop. See below output:
Output showing infinite loop as soon as i enter my credentials for login.
Please suggest.
---------- Post updated at 05:23 PM ---------- Previous update was at 05:20 PM ----------
Well i dont know. i am simply login in so i believe it got to be the default shell. One thing i can see is that it does execute the .profile file as i first login.
No. It is not the system default shell. It is the login shell for whatever user's login ID you're using when you login. Since it is executing .profile, we know that it is not csh nor one of its derivatives. And, #! lines in a sourced file are just comments, they have absolutely no effect on the shell that will be used to evaluate the commands in that script. The code in that script will be executed by the login shell of the user who is logging in. You need to be sure that you're only using commands in your script that can be recognized by any shell on your system that will be used as a login shell for the users running that script. (I.e., you'll need one script for users logging in with a shell that uses Bourne shell syntax (and it can't use [[...]] or $(...) or source) and a different script for users logging in with a shell that uses csh syntax.)
Quote:
Originally Posted by mohtashims
I may have the root user crontab copy the contents of the files the user logs to a file owned and controlled by root. However, on this thread i m still seeking help to get the script to work as desired i.e. Enforce explanation for login or kick the user out of the system.
And you're going to build enough intelligence into this script so it won't accept any of the following as a reason for logging in:
or even just a line containing a <space> character?
And, anything you put in the user's .profile or .cshrc can be removed by that user as soon as they have suffered through your attempt to micromanage them once.
If your code doesn't log the user's login data directly to a safe repository that the user logging in can't write to, the user can easily remove that data before any cron job you set up has a chance to capture it and copy it to its final resting place.
This User Gave Thanks to Don Cragun For This Post:
First of all let me explain what i did to resolve the ticket based upon the suggestions received.
1. sourced the tracklogin.sh in the .profile or for that matter in all the files containing "profile" or "rc" in their filenames.
2. used trap to exit on Ctrl+C and Ctrl+D
3. To resolve the recursive infinite error msg: .profile[3]: read: no query process I changed
To
Now coming back to the concerns shared by Corona, Don Cragun and others.
Firstly i do not know what would be the correct / professional way to achieve what i want to achieve. Enforce every user to log an explanation for Login else kick them out of the server. If you have any document / steps to follow. Kindly share.
Now, that i m able to achieve the above my way, I will see if i could trigger a backup of the logs by root user by continuously monitoring the cksum of the /tmp/root_log folder. Incase the cksum changes; then the root takes a backup. I will also insert a 3 seconds sleep in the tracklogin.sh script so that the crontab can take a backup before the user gets control. I think this will be done by setting the crontab to run say every 3 secs which will be too short a time for anyone to modify the logs.
Do you appreciate that if I fire up a cron job every day shortly after midnight that invokes the following script with the pathname of that day's log file as an operand:
then the script that you're running every 3 seconds to capture updates will have much less than a 1% chance of capturing anything written to that log file before my script obliterates it? And, if I didn't care about preserving what had already been put in that file, the following script run every second would have a 66% chance of wiping out any updates before your script running every 3 seconds would capture it:
Are we having fun yet?
Your scheme is fundamentally flawed. Any file that the user who is logging in can write to can be truncated by that user before you can reliably capture it!
Anything that you are writing into one of my personal startup files can be removed, commented out, or disabled the first time I login after you install it.
Not enough fun yet: A system with a race condition between several jobs tends to have recources bound to doing these jobs. In other words: at some point in time the system will be so busy executing the logging-job, the anti-logging-job, the anti-anti-logging-job, the anti-anti-anti-logging-job, etc., so that little to no system resources will be left to do whatever the system was designed to do in first place.
Ultimately one won't need all the anti-anti-....scripts any more because nobody would want to log in to such a sluggish system.
Quote:
let me explain what i did to resolve the ticket
There is only two things to do to resolve such a ticket: first write a log comment that this is an <derogatory adjective of your choice> idea and you don't have time to waste on nonsense and then, second, close it. That is the sensible thing to do and in fact "best practice".
.
.
.
Well i dont know. i am simply login in so i believe it got to be the default shell. One thing i can see is that it does execute the .profile file as i first login.
Well, wouldn't it be time to become acquainted with the environment you're working in? Here, you are using a bashism in a ksh shell:
Quote:
Output showing infinite loop as soon as i enter my credentials for login.
...
man ksh:
Quote:
The -p option causes the input line to be taken from the input pipe of a process spawned by the shell using |&.
Joining the general chorus questioning the goal you are pursueing: On a production system, any user with a valid account should have reason to log in, shouldn't s/he? Why, then, question it? And, would making him/her wait additional seconds improve the acceptance of the system?
Well, wouldn't it be time to become acquainted with the environment you're working in? Here, you are using a bashism in a ksh shell:
man ksh:
Joining the general chorus questioning the goal you are pursueing: On a production system, any user with a valid account should have reason to log in, shouldn't s/he? Why, then, question it? And, would making him/her wait additional seconds improve the acceptance of the system?
Did you miss the part in post #17 where mohtashims says that this wondrous code is going into all of the files in everyone's login directory where the filename contains profile or rc. So, these bashisms aren't just being run by bash and ksh users, they are also going to be run by original Bourne sh, csh, and tcsh users and will probably cause error messages every time advanced vi/vim users start an editing session, advanced mail users login or open their mailbox, etc. Oh, well...
Hello I install AT&T UNIX System V Release 4 Version 2.1 (3.5) on Emulator Bochs 2.6.8 here I done with all Base .img file upload after uploading 10 the base img file System take restart and after that System ask for console Login.
which is as root and password set by me.
But it will NOT allow... (7 Replies)
I have four AIX 6.1.7.4 systems freshly built and ready for our DBAs to do their work. Of the three one runs into an odd issue while logging in as himself, using Putty with ssh protocols. He logs in successfully, but also gets the following error message:
: 3004-300 You entered an invalid login... (2 Replies)
Hello - Could anyone please explain what is login class in unix..? is it supported by Linux, AIX, HP-UX, Solaris?
Also how do we update this when a user is created? I looked into man pages for useradd/usermod and mkuser, but could not find any option to add/update login class for a user.
... (5 Replies)
Hi,
I need to implement something that will enforce login to a Solaris server as a particular, specifed user. After this login stage, users will be able to "su -" to whichever user they wish, by which time their activity will be captured by some sort of script (yet to be written). What I need... (7 Replies)
What is the command to list all UNIX system login accounts?
What is the command to list all system password parameters for UNIX(minimum length, complexity,age, invalid lockout attempts, expiration date , user inactivity lockout) (1 Reply)
We have made numerous requests to our system administrator to add new employees at login screen ( passwords not required ) to no avail.
I can login into root but not sure how to proceed from there.
We have a 10 yr. old version of SCO
Can anyone help?
I know very few unix commands okay... (1 Reply)
I m using linux os...and my friend using windows....we both having internet connection...Is there any possible to enter his system from my system using this internet connection..... (1 Reply)
Hi,
I'm new to solaris/ Unix and would like to know how to check in the system what
was the last login user were doing. Is there any way to check this? Thanks in advanced. (1 Reply)
Dear All,
how to check the unix log file which mean how many(who) user has been log in the server for the day, when they log in & when they log out? (8 Replies)