cancel
Showing results for 
Search instead for 
Did you mean: 

login shell

Kwhite_1
Advisor

login shell

Friend,

I am writing trying to write a shell script that will given a user menu options. The issue is that when I put exit the user comes back to the shell promt. I need that when he uses the exit option he should be completely logged off from the system.

Kindly advice on what how the account should be created or a sample script will be greatly appreciated.
10 REPLIES
Tim Nelson
Honored Contributor

Re: login shell

Two options.

1) use the script as the shell in /etc/passwd

2) in the profile start the script with exec /scriptname

(if you use the profile option and the user has ftp access then they can simply replace the profile to circumvent the existing one.)

The shell in the password file is more secure.

(script must start with #!/usr/bin/ksh (or sh).

Do not forget to set the traps as well ( trap 1 2 3 ...)

Pete Randall
Outstanding Contributor

Re: login shell

I'm just throwing out this question because I don't know the answer and if the answer is yes, it is pertinent to this question:

Does the script need to be listed in /etc/shells if you're going to put it in the password file?


Pete

Pete
James R. Ferguson
Acclaimed Contributor

Re: login shell

Hi:

> Pete: Does the script need to be listed in /etc/shells if you're going to put it in the password file?

No, it doesn't.

Substituting the menu-based script for the normal login shell prevents smart users who might have a 'more' pipeline in the menu from shelling-out with a bang (!) into a real shell, circumventing the menu. Hence, of the techniques Tim mentioned, this is my preference.


Regards!

...JRF...
Kwhite_1
Advisor

Re: login shell

I am not getting this how should the account look like
Tim Nelson
Honored Contributor

Re: login shell

/etc/shell entry >> Only if you want FTP to work.

/etc/passwd entry.

user1:*:1000:200::/home/user1:/user/local/bin/menu.ksh


Tim Nelson
Honored Contributor

Re: login shell

oops.. typo
change
user1:*:1000:200::/home/user1:/user/local/bin/menu.ksh

to
user1:*:1000:200::/home/user1:/usr/local/bin/menu.ksh


you get the idea.

Pete Randall
Outstanding Contributor

Re: login shell

> how should the account look like

In /etc/passwd? Something like this:

user_nam:encrypted_password:101:101::/home/user_name:full_path_name_of_script


Pete

Pete
Kwhite_1
Advisor

Re: login shell

Got it thanks all
Dennis Handly
Acclaimed Contributor

Re: login shell

>Pete: Does the script need to be listed in /etc/shells if you're going to put it in the password file?

As JRF said, no. login doesn't look at shells(4), only ftp and a few others.
Bill Hassell
Honored Contributor

Re: login shell

One very important feature that your menu script (as well as 8every* shell script) must have is line #1 with the interpreter listed. If you write the script in ksh, then line 1 must be:

#!/usr/bin/ksh

Or if you use the POSIX shell: #!/usr/bin/sh

And of course the script must be executable by all the users, typically 755 (never 777) permissions.

What will happen at login is that the menu script will be run and any attempt to exit the script returns to another login request. Make sure your script does not provide a menu item for vi or other program that allows the user to call a shell (using the ! character). Just to be sure, you can set the SHELL variable in your script:

export SHELL=/usr/bin/false


Bill Hassell, sysadmin