topic Re: Non-Command Line users in Operating System - HP-UX

Non-Command Line users

Brian Atkins — Thu, 07 Dec 2000 19:16:47 GMT

We have a number of users that login and immediately go into the application and never see the command line. Is there a way to prevent them from using ctrl-c or shell escape to break out of the application? Also, can the same method be used if the user is supposed to go into sqlplus (i.e.:if they exit sqlplus, they are logged off?

Re: Non-Command Line users

James R. Ferguson — Thu, 07 Dec 2000 19:26:18 GMT

Brian:

At the very beginning of the user's profile place a trap like this:

# trap "" 1 2 3

At the end of the user's profile do this:

# exec sqlplus

Regards!

...JRF...

Re: Non-Command Line users

Brian Atkins — Thu, 07 Dec 2000 19:43:36 GMT

James,
Thanks for the quick response. But, would you mind expanding on what:
trap "" 1 2 3
does?

Re: Non-Command Line users

Tracey — Thu, 07 Dec 2000 19:56:20 GMT

I use:

stty -isig

in the beginning of their profile. This disable the terminals checking of special control characters against the INTR and QUIT parameters. This will not allow them to CTRL-C anywhere, even when running a report, which I don't want them to do either!

Re: Non-Command Line users

Madhu Sudhan_1 — Thu, 07 Dec 2000 20:08:45 GMT

Another way is to edit /etc/passwd file and in the 7th field put the application binary with path of instead regular sh or ksh.

Hope this helps.
...Madhu

Re: Non-Command Line users

James R. Ferguson — Thu, 07 Dec 2000 20:57:46 GMT

Brian:

The 'trap' is an interrupt routine. A 'trap' command is used to catch a signal such as the CTRL_C key sequence. If argument to the trap is a null string ('' or ""), as here, each signal specified is simply ignored. Thus the CTRL_C or "INT" signal becomes a no-op, and the user cannot break-out. To see a list of signals, do:

# kill -l

The 'exec' command replaces the current shell with a new shell or program. In this case, exiting sqlplus (or an application that you have 'exec'ed) exits the then current environment and logs the user off.

...JRF...

Re: Non-Command Line users

Suhas_2 — Mon, 18 Dec 2000 15:26:43 GMT

Brian,
I would like to add something to what JRF says...
1> In the . profile you append one more line....
trap " " 1 2 3
exec sqlplus
exit $?

2> OR you can put this in /etc/profile. (this is because the .profile may be tampered by the user , as it is owned by him)...as below...

if [ $LOGNAME="xyz>" -o $LOGNAME = "yud" ]
then
export SHELL=/bin/false
exec /usr/oracle/bin/sqlplus
exit $?
fi

Thus,
** you can cover-up multiple users from same file, which is writeable only by the root.
** Secondly as the SHELL has been exported as /bin/false, even if the user tries to use "!" at sqlplus> prompt , he won't be able to fall into shell.
** all signal will be trapped.
** And he will be thrown out of the system, the moment he exits the sqlplus.

Try this...it works fine on our systems.
Suhas...

Re: Non-Command Line users

Paul Frederiksen — Mon, 18 Dec 2000 15:41:04 GMT

Or you can just chown the .profile under a different user and all anyone to read it. Thats how I do it.

Re: Non-Command Line users

MARISSA GLORIA-RINGOR_1 — Fri, 12 Jan 2001 09:09:11 GMT

If your .profile have the line below
stty erase "^H" kill "^U" intr "^C" eof "^D"
you may remove intr "^C" eof "^D" for them not to interrupt the system by ^C or ^D.
Also, I add the trap command options between the menu or command to go go directly to the application.

? Set up Application startup script
trap "" 2 3 4 5 6 7 8 10 12 13 15 16 17 19 20 21
. appl_scr.sh
trap -
exit 3

Re: Non-Command Line users

Rodney Hills — Fri, 12 Jan 2001 17:42:24 GMT

Be sure to check the documentation for the application you are running. Some of them play with trapping the interrupts too and may override what .profile may does.