topic Re: Scripting Challenge in Operating System - HP-UX

Scripting Challenge

Patrick Wallek — Thu, 06 Nov 2003 09:51:55 GMT

Howdy Everyone,

I have a scripting problem that I can't quite get solved.

We have an MC/SG environment and I need a script that I can run when users log in that will somehow determine the MC/SG package they are telnet'ing and based on the package set some environment variables for their session.

I have written a script that generally works, but the problem I am having is that this must also work if a user uses 'su' to switch to a different user.

Any and all suggestions welcome!

Re: Scripting Challenge

Mark Grant — Thu, 06 Nov 2003 10:03:45 GMT

Patrick,

It was all going so well until your last sentence. It must work with "su". I take you mean that we can't guarantee .profile is going to get run?

Re: Scripting Challenge

TSaliba — Thu, 06 Nov 2003 10:07:39 GMT

hi
i thing you try "su user", if yes try the following:

su - user

Re: Scripting Challenge

Pete Randall — Thu, 06 Nov 2003 10:08:44 GMT

Patrick,

How about replacing "su" with a script that invokes the real "su" - with the - option?

Pete

Re: Scripting Challenge

Jean-Luc Oudart — Thu, 06 Nov 2003 10:09:55 GMT

Not sure about the issue.

Are you trying to figure out who is the user originally ?
whoami vs who am i ?

Rgds,
JL

Re: Scripting Challenge

Elmar P. Kolkman — Thu, 06 Nov 2003 10:10:16 GMT

When using the telnetting, it is doable by using the tty which relates to a telnetd which could be related to a lsof which gives the IP adress the connection was to. This is a save method as using the who -R and using the from address to find the to address in netstat, because a user could open several sessions from the save host.
pid=$(ps -t$(tty |sed 's|/dev/||') | grep telnetd | awk '{print $1}')
[ -n "$pid" ] && lsof -p $pid | grep TCP | sed 's|^.*>$.*$:.*$|\1|' | uniq

But with the su, I, not sure I understand what you want. If you want the same effect as with the telnetting, it would work here to.

Another way, which we use, is give users a homedirectory in the package. Then it is easy to do. But this only works if a user is package specific. Which is apparently not your case.

Hope this helps you solve the problem.

Re: Scripting Challenge

Chris Wilshaw — Thu, 06 Nov 2003 10:11:26 GMT

For su, you can use ps to find out who's using the pty;

# ps -t `basename \`tty\`` -ouser

USER
root
cw16791n
root

If more than 2 entries are returned, you know that it's the USER header, the original id and any su id.

Chris.

Re: Scripting Challenge

Patrick Wallek — Thu, 06 Nov 2003 10:12:19 GMT

OK, sorry folks. When I said "must also work is a user uses su..." I did mean that they would use 'su - username' to switch users.

My big problem, even with 'su - user' is how do you tell what package name / IP they connected to originally?

Re: Scripting Challenge

Steve Lewis — Thu, 06 Nov 2003 10:12:53 GMT

I would use `logname` or $LOGNAME.

e.g.

$id
uid=222(dba) gid=201(...)
$ su informix
Password:
$ echo $LOGNAME
dba
$ echo `logname`
dba
$ exit
$ su - informix
Password:
...
$ echo $LOGNAME
dba
$ echo `logname`
dba

Re: Scripting Challenge

A. Clay Stephenson — Thu, 06 Nov 2003 10:13:54 GMT

A rather easy answer is to set up an alias for su that is actually su='su - '.

Re: Scripting Challenge

Mark Grant — Thu, 06 Nov 2003 10:35:33 GMT

Thinking about it, I do not think it's possible like this. The ip you connected to is just not available anywhere. Even if you wrote your own telnetd and listened on the port yourself, you still wouldn't be able to tell what ip address they connected to. Maybe some tcp/ip sniffer could read the packet headers to get the destination address but I don't think that is going to be a script.

Re: Scripting Challenge

Ralph Grothe — Thu, 06 Nov 2003 10:49:20 GMT

I'm not sure if this is of any help?

You can track the PID of the login shell that issued the "su - someone" by putting something like this in .profile

ORIG_SHELL=$(UNIX95= ps -o ppid= -p $$)

With this PID you could further track the associated pseudo terminal an try to match with output from "who -u".

If you have lsof on the box I guess you could even track down the sockets used by the telnetd that served the login which uses the pty.

Re: Scripting Challenge

Ralph Grothe — Thu, 06 Nov 2003 10:55:38 GMT

I think even if you lack lsof there is some hope.
At least you could narrow possible telnet sockets by parsing netstat with something like

# netstat -anfinet|awk '$4~/\.23$/{print$5}'

will list foreign IPs of telnet sockets.
The least we know is the port they connected trhough.
netstat also give the local IPs which are the 4th column and should correspond to your MC/SG packages' IPs.

Re: Scripting Challenge

Mark Greene_1 — Thu, 06 Nov 2003 11:20:37 GMT

who -um will return the IP address of the client telnet connection, even if you su or su -

mark

Re: Scripting Challenge

Patrick Wallek — Thu, 06 Nov 2003 11:42:20 GMT

Elmar's trick got me going in the right directions. His code snippets produced the machine that the telnet was originating from , but it was fairly simple to get the address that the telnet was going to from the lsof output.

I wound up doing this to get the package name the user telnet'ed to (and this still worked when the user did a 'su - username' to switch user):

PID=$(ps -t $(tty |sed 's|/dev/||') | grep telnetd | awk '{print $1}')

TOPACKAGE=$([ -n "$PID" ] && /usr/local/bin/lsof -p $PID | grep TCP | awk '{print $9}' | awk -F : '{print $1}' | awk -F . '{print $1}' | uniq)

The last 3 awk statements is my crude way of getting the name of the package (without the domain name) the user telnet'ed to. I'm sure there is a better way to do it, but this works for me.

Man I LOVE these forums.

Re: Scripting Challenge

Elmar P. Kolkman — Fri, 07 Nov 2003 01:05:56 GMT

I realized I got the wrong IP address from the lsof output the moment I left the building here... Sorry.
I was thinking about calling someone to put it right (and score some points) but thought you would be able to do this too.

Happy it solved your problem.