HPE Community
Operating System - HP-UX
1823369 Members
2729 Online
109654 Solutions
New Discussion юеВ

Re: login shell

 
Kwhite_1
Advisor

тАО09-05-2008 08:35 AM

тАО09-05-2008 08:35 AM

login shell

Friend,

I am writing trying to write a shell script that will given a user menu options. The issue is that when I put exit the user comes back to the shell promt. I need that when he uses the exit option he should be completely logged off from the system.

Kindly advice on what how the account should be created or a sample script will be greatly appreciated.
0 Kudos
Reply
10 REPLIES 10
Tim Nelson
Honored Contributor

тАО09-05-2008 08:38 AM

тАО09-05-2008 08:38 AM

Re: login shell

Two options.

1) use the script as the shell in /etc/passwd

2) in the profile start the script with exec /scriptname

(if you use the profile option and the user has ftp access then they can simply replace the profile to circumvent the existing one.)

The shell in the password file is more secure.

(script must start with #!/usr/bin/ksh (or sh).

Do not forget to set the traps as well ( trap 1 2 3 ...)

0 Kudos
Reply
Pete Randall
Outstanding Contributor

тАО09-05-2008 08:46 AM

тАО09-05-2008 08:46 AM

Re: login shell

I'm just throwing out this question because I don't know the answer and if the answer is yes, it is pertinent to this question:

Does the script need to be listed in /etc/shells if you're going to put it in the password file?


Pete

Pete
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

тАО09-05-2008 08:52 AM

тАО09-05-2008 08:52 AM

Re: login shell

Hi:

> Pete: Does the script need to be listed in /etc/shells if you're going to put it in the password file?

No, it doesn't.

Substituting the menu-based script for the normal login shell prevents smart users who might have a 'more' pipeline in the menu from shelling-out with a bang (!) into a real shell, circumventing the menu. Hence, of the techniques Tim mentioned, this is my preference.


Regards!

...JRF...
0 Kudos
Reply
Kwhite_1
Advisor

тАО09-05-2008 09:04 AM

тАО09-05-2008 09:04 AM

Re: login shell

I am not getting this how should the account look like
0 Kudos
Reply
Tim Nelson
Honored Contributor

тАО09-05-2008 09:10 AM

тАО09-05-2008 09:10 AM

Re: login shell

/etc/shell entry >> Only if you want FTP to work.

/etc/passwd entry.

user1:*:1000:200::/home/user1:/user/local/bin/menu.ksh


0 Kudos
Reply
Tim Nelson
Honored Contributor

тАО09-05-2008 09:11 AM

тАО09-05-2008 09:11 AM

Re: login shell

oops.. typo
change
user1:*:1000:200::/home/user1:/user/local/bin/menu.ksh

to
user1:*:1000:200::/home/user1:/usr/local/bin/menu.ksh


you get the idea.

0 Kudos
Reply
Pete Randall
Outstanding Contributor

тАО09-05-2008 09:11 AM

тАО09-05-2008 09:11 AM

Re: login shell

> how should the account look like

In /etc/passwd? Something like this:

user_nam:encrypted_password:101:101::/home/user_name:full_path_name_of_script


Pete

Pete
0 Kudos
Reply
Kwhite_1
Advisor

тАО09-05-2008 09:16 AM

тАО09-05-2008 09:16 AM

Re: login shell

Got it thanks all
0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

тАО09-05-2008 10:19 AM

тАО09-05-2008 10:19 AM

Re: login shell

>Pete: Does the script need to be listed in /etc/shells if you're going to put it in the password file?

As JRF said, no. login doesn't look at shells(4), only ftp and a few others.
0 Kudos
Reply
Bill Hassell
Honored Contributor

тАО09-05-2008 03:12 PM

тАО09-05-2008 03:12 PM

Re: login shell

One very important feature that your menu script (as well as 8every* shell script) must have is line #1 with the interpreter listed. If you write the script in ksh, then line 1 must be:

#!/usr/bin/ksh

Or if you use the POSIX shell: #!/usr/bin/sh

And of course the script must be executable by all the users, typically 755 (never 777) permissions.

What will happen at login is that the menu script will be run and any attempt to exit the script returns to another login request. Make sure your script does not provide a menu item for vi or other program that allows the user to call a shell (using the ! character). Just to be sure, you can set the SHELL variable in your script:

export SHELL=/usr/bin/false


Bill Hassell, sysadmin
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.