topic Re: login shell in Operating System - HP-UX

login shell

Kwhite_1 — Fri, 05 Sep 2008 15:35:20 GMT

Friend,

I am writing trying to write a shell script that will given a user menu options. The issue is that when I put exit the user comes back to the shell promt. I need that when he uses the exit option he should be completely logged off from the system.

Kindly advice on what how the account should be created or a sample script will be greatly appreciated.

Re: login shell

Tim Nelson — Fri, 05 Sep 2008 15:38:36 GMT

Two options.

1) use the script as the shell in /etc/passwd

2) in the profile start the script with exec /scriptname

(if you use the profile option and the user has ftp access then they can simply replace the profile to circumvent the existing one.)

The shell in the password file is more secure.

(script must start with #!/usr/bin/ksh (or sh).

Do not forget to set the traps as well ( trap 1 2 3 ...)

Re: login shell

Pete Randall — Fri, 05 Sep 2008 15:46:40 GMT

I'm just throwing out this question because I don't know the answer and if the answer is yes, it is pertinent to this question:

Does the script need to be listed in /etc/shells if you're going to put it in the password file?

Pete

Re: login shell

James R. Ferguson — Fri, 05 Sep 2008 15:52:37 GMT

Hi:

> Pete: Does the script need to be listed in /etc/shells if you're going to put it in the password file?

No, it doesn't.

Substituting the menu-based script for the normal login shell prevents smart users who might have a 'more' pipeline in the menu from shelling-out with a bang (!) into a real shell, circumventing the menu. Hence, of the techniques Tim mentioned, this is my preference.

Regards!

...JRF...

Re: login shell

Kwhite_1 — Fri, 05 Sep 2008 16:04:09 GMT

I am not getting this how should the account look like

Re: login shell

Tim Nelson — Fri, 05 Sep 2008 16:10:13 GMT

/etc/shell entry >> Only if you want FTP to work.

/etc/passwd entry.

user1:*:1000:200::/home/user1:/user/local/bin/menu.ksh

Re: login shell

Tim Nelson — Fri, 05 Sep 2008 16:11:13 GMT

oops.. typo
change
user1:*:1000:200::/home/user1:/user/local/bin/menu.ksh

to
user1:*:1000:200::/home/user1:/usr/local/bin/menu.ksh

you get the idea.

Re: login shell

Pete Randall — Fri, 05 Sep 2008 16:11:14 GMT

> how should the account look like

In /etc/passwd? Something like this:

user_nam:encrypted_password:101:101::/home/user_name:full_path_name_of_script

Pete

Re: login shell

Kwhite_1 — Fri, 05 Sep 2008 16:16:11 GMT

Got it thanks all

Re: login shell

Dennis Handly — Fri, 05 Sep 2008 17:19:54 GMT

>Pete: Does the script need to be listed in /etc/shells if you're going to put it in the password file?

As JRF said, no. login doesn't look at shells(4), only ftp and a few others.

Re: login shell

Bill Hassell — Fri, 05 Sep 2008 22:12:06 GMT

One very important feature that your menu script (as well as 8every* shell script) must have is line #1 with the interpreter listed. If you write the script in ksh, then line 1 must be:

#!/usr/bin/ksh

Or if you use the POSIX shell: #!/usr/bin/sh

And of course the script must be executable by all the users, typically 755 (never 777) permissions.

What will happen at login is that the menu script will be run and any attempt to exit the script returns to another login request. Make sure your script does not provide a menu item for vi or other program that allows the user to call a shell (using the ! character). Just to be sure, you can set the SHELL variable in your script:

export SHELL=/usr/bin/false