HPE Community
Operating System - HP-UX
1819925 Members
3276 Online
109607 Solutions
New Discussion юеВ

Re: restrict user from shell/command prompt in unix

 
apple
Super Advisor

тАО10-15-2010 03:09 AM

тАО10-15-2010 03:09 AM

restrict user from shell/command prompt in unix

Dear All,
would like to seek your advice. currently these group of users login to the server, they will get one operator menu, but when they control c, it will give them to $ prompt. how to disable this $ prompt at all?
Hope to hear from you.
0 Kudos
Reply
5 REPLIES 5
TTr
Honored Contributor

тАО10-15-2010 03:41 AM

тАО10-15-2010 03:41 AM

Re: restrict user from shell/command prompt in unix

You need to fix the operator menu so that it ignores the Ctrl-C.

Apparently these users have the "operator menu" either as their shell or in their .profile.

What is this operator menu?
0 Kudos
Reply
apple
Super Advisor

тАО10-15-2010 03:58 AM

тАО10-15-2010 03:58 AM

Re: restrict user from shell/command prompt in unix

Dear Sir,
Thank you for your reply.
how to control (Ctrl +C) this from OS?
The menu called from its profile. The operator menu does the system health check and run application batches.
Hope to hear from you

0 Kudos
Reply
Bill Hassell
Honored Contributor

тАО10-15-2010 04:08 AM

тАО10-15-2010 04:08 AM

Re: restrict user from shell/command prompt in unix

To disable CTRL-C, your menu program (script?) must enable a different action for signal 2, also known as SIGINT. You do this by assigning a new action for CTRL-C, which could be do nothing like this:

trap "" 2

> disable this $ prompt at all?

The $ pronpt comes from the shell. Apparently, you have changed the operator's login profile to run the operator menu, not ideal at all. The reason is that when the menu program terminates, the parent (shell) returns. Change the startup of the menu program to exec like this:

exec /someDIR/myMenuProgram

The exec command replaces the shell and when the menu program stops, whether normally or because of a signal like SIGINT or SIGHUP, the menu process stops and the user is disconnected.

An even simpler way is to make the program or script the user's login shell. You can change this (as root) at any time using chsh:

chsh oper /someDIR/myMenuProgram

NOTE: If this is a script, it must be properly written and that means line 1 looks like this:

#!/usr/bin/sh
or
#!/usr/bin/ksh

or whatever shell was used to write the menu program.


Bill Hassell, sysadmin
0 Kudos
Reply
Bill Hassell
Honored Contributor

тАО10-15-2010 04:17 AM

тАО10-15-2010 04:17 AM

Re: restrict user from shell/command prompt in unix

I was writing this when you posted the .profile information.

> cd /CTCS/batch/script
> operator_menu.sh MYR

There are several problems with this. cd'ing into a directory is never recommended, especially just to run a script without typing the fullpath. It should read:

/CTCS/batch/script/operator_menu.sh MYR

And since this works for you:

operator_menu.sh MYR

rather than:

./operator_menu.sh MYR

your PATH has a serious security issue:

PATH=/usr/bin:/etc:/usr/sbin:/usr/ucb:$HOME/bin:/usr/bin/X11:/sbin:.

At the very end is the dreaded :. (could be :.: or even ::) which means: search the current working directory for the executable.

SO make sure your script operator_menu.sh starts with:

#!/usr/bin/sh

and I would use chsh to make the shell your menu program. The next line in your script should be:

trap "" 2


Bill Hassell, sysadmin
0 Kudos
Reply
Viktor Balogh
Honored Contributor

тАО10-16-2010 04:45 AM

тАО10-16-2010 04:45 AM

Re: restrict user from shell/command prompt in unix

Hi,

I would define the operator menu script as the user's default shell. But before the chsh command, you should add the script to the list of valid shell files:

# echo "/CTCS/batch/script/operator_menu.sh" >> /etc/shells

# chsh oper /CTCS/batch/script/operator_menu.sh

Regards,
Viktor
****
Unix operates with beer.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.