- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: Limiting user logon and always running script ...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-16-2001 03:02 PM
тАО02-16-2001 03:02 PM
This is a two fold question which, hopefully, is not too tough.
First, I want to set a user up so that ...
a) His root directory is the home/username directory. I tried adding the "home/username/./:" to the /etc/passwd file, but it does not work. I want the user limited to his directory and subdirectories ONLY.
b) If possible, I would also like to limit this user to being able to do nothing but login, run a script, see the input from the script and enter "yes" or "no" to a prompt. Nothing else.
Second ...
I would like the script he starts to run as root, although the non-root user account needs to start the script and he needs (obviously) LESS than root permissions.
Thanks again for all the help!
Mike
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-16-2001 03:25 PM
тАО02-16-2001 03:25 PM
Re: Limiting user logon and always running script as root
Hope This Helps!
Rob
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-16-2001 03:52 PM
тАО02-16-2001 03:52 PM
Solutionguest1::26669:66:Guest1:/home/guest1:/bin/guestscript
Then you'll have to add the script pathname to the /etc/shells file so that login will recognize it as a valid login shell...
/etc/shells:
/sbin/sh
/bin/sh
/bin/csh
/bin/ksh
/bin/guestscript
When the user logs in, the login process forc/execs the script. When the script exits, the login session is terminated.
To make the script execute with root permission, make it owned by root and turn on the setuid bit...
chown root /bin/guestscript
chmod +s /bin/guestscript
-sam
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-20-2001 09:09 AM
тАО02-20-2001 09:09 AM
Re: Limiting user logon and always running script as root
Thanks for the great advice! You are both right on target, however (unfortunately) you both got me half way there...and your answers SEEM to be mutually exclusive.
I tried the rsh option, which worked fantastic for limiting the user, however for some reason it refuses to allow me to run the script.
The script is running a command that can only be run by root, and needs to create logfiles in other directories. I have the suid set so the command will run if the user is logged in with a regular shell and, I tried having the logfiles created in the restricted user's home directory, but the issue seems to be with the command which can only be run as root. It does not want to run if invoked from the restricted shell.
I also tried changing the passwd file so the script runs as the shell when the user logs on, but all I get when logging the user on is a "no shell" error. I tried to add the path to the /etc/shells file (which did not exist, so I created it) but that did not work either. As this is HP-UX 10.20, I wonder if there is not a "shells" file which it looks to so that would work.
So, we are about half way there. Any other suggestions to either get the above issues resolved, or a different route to the end result?
Thanks again!
Mike
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-20-2001 09:22 AM
тАО02-20-2001 09:22 AM
Re: Limiting user logon and always running script as root
What you can do with this is have the users shell set the restricted shell. Then have sudo set up so that the user can run the script. At the shell prompt the user would enter 'sudo scriptname'.
Another option would be to set up the .profile so that it will do an "exec sudo scriptname" and that way when the user gets done with the script the login will be terminated.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-20-2001 11:48 AM
тАО02-20-2001 11:48 AM
Re: Limiting user logon and always running script as root
I looked into SUDO, which looks like a fantastic solution, however I still need to play with it to see if I can get it functioning.
I DID manage to get the script to run as the logon shell, which works exactly for what I need, however...I was not able to get it to function by editing the passwd file.
When I changed the logon script in the /etc/passwd file to /home/username/scriptname, and then tried to logon, I got a 'no shell' error.
If I went into SAM, removed the account, recreated the account (exactly the same) and placed the /home/username/scriptname THROUGH SAM as the logon shell, it worked great.
Any explanations??!
Thanks though for all the help! I got it to work!
Mike
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-20-2001 03:20 PM
тАО02-20-2001 03:20 PM
Re: Limiting user logon and always running script as root
Has your system been converted to trusted? I don't really understand why it worked via SAM but not via direct editing of /etc/passwd and /etc/shells. On my non-trusted, 10.20 system, I was able to do it just like I detailed in my first reply.
Maybe on trusted systems there is additional magic that must be done and SAM does it automatically. Now that the magic appears to have been done, you may be able to add/modify additional users be editing /etc/passwd.
-sam
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-21-2001 11:24 AM
тАО02-21-2001 11:24 AM
Re: Limiting user logon and always running script as root
I really can't answer the question of whether the system has been converted to trusted, as I really just inherited them.
How would I check?