HPE Community
Operating System - HP-UX
1833777 Members
2735 Online
110063 Solutions
New Discussion

MCSG - Identifying package logins

 
SOLVED
Go to solution
Steve Faidley
Valued Contributor

‎01-28-2005 06:08 AM

‎01-28-2005 06:08 AM

MCSG - Identifying package logins

I'm trying to determine what package a person logged into so I can set his environment accordingly.
Example, I have PKG1 and PKG2 on SVR1, each package has it’s own IP address.
So if a user telnet/ssh to PKG1 I want .profile to set their environment one way. If they telnet/ssh to PKG2 I want .profile to set their environment a different way.

Thanks,
If it ain't broke, let me have a look at it.
0 Kudos
Reply
6 REPLIES 6
Patrick Wallek
Honored Contributor

‎01-28-2005 06:16 AM

‎01-28-2005 06:16 AM

Solution

Re: MCSG - Identifying package logins

Here's what I use. It only works for telnet. I haven't had time to modify it for SSH yet.

This script is called from /etc/profile by doing a '. /wartmnt'

The script is /wartmnt and it requires lsof and I script I modified from another called rptree. wartmnt is attached to this post. I'll attach rptree.sh to another post.

# cat /wartmnt
#!/usr/bin/sh

PID=$(ps -t $(tty |sed 's|/dev/||') | grep telnetd | awk '{print $1}')

if [ ! -n "$PID" ]; then
PID=$(/usr/local/bin/rptree.sh $$ | grep telnetd | awk '{print $1}')
fi

TOMACHINE=$([ -n "$PID" ] && /usr/local/bin/lsof -p $PID | grep TCP | awk '{print $9}' | awk -F : '{print $1}' | awk -F . '{print $1}' | uniq)

#echo $PID
#echo $TOMACHINE

if [ $TOMACHINE = "whpackage1.rwp.com" -o $TOMACHINE = "hquwh01.rwp.com" -o $TOMACHINE = "whpackage1" -o $TOMACHINE = "hquwh01" ]
then
export WART=/wart
export MESAVE=/mesave
export INVOICES=/invoices
elif [ $TOMACHINE = "whpackage2" -o $TOMACHINE = "hquwh50" -o $TOMACHINE = "whpackage2.rwp.com" -o $TOMACHINE = "hquwh50.rwp.com" ]
then
export WART=/wart1
export MESAVE=/mesave1
export INVOICES=/invoices1
elif [ $TOMACHINE = "whpackage3" -o $TOMACHINE = "hquwh05" -o $TOMACHINE = "whpackage3.rwp.com" -o $TOMACHINE = "hquwh05.rwp.com" ]
then
export WART=/wart3
export MESAVE=/mesave3
export INVOICES=/invoices3
fi
Reply
Patrick Wallek
Honored Contributor

‎01-28-2005 06:19 AM

‎01-28-2005 06:19 AM

Re: MCSG - Identifying package logins

Here's rptree.sh. The script was initially called ptree.sh and it worked its way down the process list of a process listing all its children.

I modified that script to work just the opposite way. This script works its way up the tree looking for all parent processes until it gets to PID 1.


The script is attached as it is a bit too long to post in the thread.
Reply
Steve Faidley
Valued Contributor

‎01-28-2005 08:44 AM

‎01-28-2005 08:44 AM

Re: MCSG - Identifying package logins

When I run it as a non-root user lsof reports; can't read cwd pst_filedetails: Permission denied.
If I set suid on lsof it does work.

Anyone have comments on the risks of having lsof suid?
If it ain't broke, let me have a look at it.
0 Kudos
Reply
Patrick Wallek
Honored Contributor

‎01-28-2005 08:47 AM

‎01-28-2005 08:47 AM

Re: MCSG - Identifying package logins

I have mine set as setuid. I also compiled it with the option to ONLY allows users to see their own processes and not anyone elses. I can't remember exactly what the option is, but I know its there.
Reply
Steve Faidley
Valued Contributor

‎01-28-2005 09:21 AM

‎01-28-2005 09:21 AM

Re: MCSG - Identifying package logins

That seems to work very well. I guess my problem is wrapped up unless anyone has a solution that does not require lsof w/suid.
I can't believe HP would even sell MCSG without a feature like this. Although I guess there are many tasks on HP that need lsof to be done right. Like making sure filesystems can be unmounted during Package shutdown! fuser just doesn't cut it. Maybe HP should bundle lsof with HPUX?

Thanks,
If it ain't broke, let me have a look at it.
0 Kudos
Reply
Denver Osborn
Honored Contributor

‎01-28-2005 10:18 AM

‎01-28-2005 10:18 AM

Re: MCSG - Identifying package logins

If you weren't allowing telnet access and just ssh this would be easy.... :)

when a user ssh's to the box, sshd will set an SSH_CONNECTION variable. Info looks like

SSH_CONNECTION="client_ip client_port server_ip server_port"

What you'd want to pay attention to is "server_ip" as it would match the package_ip your user ssh'd to.

Hope this info helps,
-denver
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.