HPE Community
Operating System - HP-UX
1846454 Members
2316 Online
110256 Solutions
New Discussion

Re: Non-Command Line users

 
Brian Atkins
Advisor

‎12-07-2000 11:16 AM

‎12-07-2000 11:16 AM

Non-Command Line users

We have a number of users that login and immediately go into the application and never see the command line. Is there a way to prevent them from using ctrl-c or shell escape to break out of the application? Also, can the same method be used if the user is supposed to go into sqlplus (i.e.:if they exit sqlplus, they are logged off?
0 Kudos
Reply
9 REPLIES 9
James R. Ferguson
Acclaimed Contributor

‎12-07-2000 11:26 AM

‎12-07-2000 11:26 AM

Re: Non-Command Line users

Brian:

At the very beginning of the user's profile place a trap like this:

# trap "" 1 2 3

At the end of the user's profile do this:

# exec sqlplus

Regards!

...JRF...
0 Kudos
Reply
Brian Atkins
Advisor

‎12-07-2000 11:43 AM

‎12-07-2000 11:43 AM

Re: Non-Command Line users

James,
Thanks for the quick response. But, would you mind expanding on what:
trap "" 1 2 3
does?
0 Kudos
Reply
Tracey
Trusted Contributor

‎12-07-2000 11:56 AM

‎12-07-2000 11:56 AM

Re: Non-Command Line users

I use:

stty -isig

in the beginning of their profile. This disable the terminals checking of special control characters against the INTR and QUIT parameters. This will not allow them to CTRL-C anywhere, even when running a report, which I don't want them to do either!
0 Kudos
Reply
Madhu Sudhan_1
Respected Contributor

‎12-07-2000 12:08 PM

‎12-07-2000 12:08 PM

Re: Non-Command Line users

Another way is to edit /etc/passwd file and in the 7th field put the application binary with path of instead regular sh or ksh.

Hope this helps.
...Madhu
Think Positive
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

‎12-07-2000 12:57 PM

‎12-07-2000 12:57 PM

Re: Non-Command Line users

Brian:

The 'trap' is an interrupt routine. A 'trap' command is used to catch a signal such as the CTRL_C key sequence. If argument to the trap is a null string ('' or ""), as here, each signal specified is simply ignored. Thus the CTRL_C or "INT" signal becomes a no-op, and the user cannot break-out. To see a list of signals, do:

# kill -l

The 'exec' command replaces the current shell with a new shell or program. In this case, exiting sqlplus (or an application that you have 'exec'ed) exits the then current environment and logs the user off.

...JRF...
0 Kudos
Reply
Suhas_2
Regular Advisor

‎12-18-2000 07:26 AM

‎12-18-2000 07:26 AM

Re: Non-Command Line users

Brian,
I would like to add something to what JRF says...
1> In the . profile you append one more line....
trap " " 1 2 3
exec sqlplus
exit $?

2> OR you can put this in /etc/profile. (this is because the .profile may be tampered by the user , as it is owned by him)...as below...

if [ $LOGNAME="xyz>" -o $LOGNAME = "yud" ]
then
export SHELL=/bin/false
exec /usr/oracle/bin/sqlplus
exit $?
fi

Thus,
** you can cover-up multiple users from same file, which is writeable only by the root.
** Secondly as the SHELL has been exported as /bin/false, even if the user tries to use "!" at sqlplus> prompt , he won't be able to fall into shell.
** all signal will be trapped.
** And he will be thrown out of the system, the moment he exits the sqlplus.

Try this...it works fine on our systems.
Suhas...
Never say "Die"
0 Kudos
Reply
Paul Frederiksen
Frequent Advisor

‎12-18-2000 07:41 AM

‎12-18-2000 07:41 AM

Re: Non-Command Line users

Or you can just chown the .profile under a different user and all anyone to read it. Thats how I do it.
0 Kudos
Reply
MARISSA GLORIA-RINGOR_1
New Member

‎01-12-2001 01:09 AM

‎01-12-2001 01:09 AM

Re: Non-Command Line users

If your .profile have the line below
stty erase "^H" kill "^U" intr "^C" eof "^D"
you may remove intr "^C" eof "^D" for them not to interrupt the system by ^C or ^D.
Also, I add the trap command options between the menu or command to go go directly to the application.

? Set up Application startup script
trap "" 2 3 4 5 6 7 8 10 12 13 15 16 17 19 20 21
. appl_scr.sh
trap -
exit 3


0 Kudos
Reply
Rodney Hills
Honored Contributor

‎01-12-2001 09:42 AM

‎01-12-2001 09:42 AM

Re: Non-Command Line users

Be sure to check the documentation for the application you are running. Some of them play with trapping the interrupts too and may override what .profile may does.
There be dragons...
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.