HPE Community
Operating System - HP-UX
1826004 Members
3387 Online
109690 Solutions
New Discussion

Script access control

 
Khashru
Valued Contributor

‎02-08-2006 01:01 PM

‎02-08-2006 01:01 PM

Script access control

Hi,

I am creating a script that will be used by help desk person to change password. I want that they can only type p for password change. if they type something else it will echo it and will be in the loop so the user donnot need to login again.
0 Kudos
Reply
5 REPLIES 5
Ivan Ferreira
Honored Contributor

‎02-08-2006 02:17 PM

‎02-08-2006 02:17 PM

Re: Script access control

You can use something like this:

getoption() {
echo "Enter p to change a user's password or press q to finish"
read OPTION
}

getoption

while [ $OPTION != "q" ]; do
case $OPTION in
p)
echo "Enter user name"
read USER
passwd $USER
;;
*)
echo $OPTION
;;
esac
getoption
done
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
0 Kudos
Reply
Khashru
Valued Contributor

‎02-08-2006 02:24 PM

‎02-08-2006 02:24 PM

Re: Script access control

Yes thats ok but i donot want the user to get the shell. ie i donot want him to exit from the program. he can only use p for password change. If he press something else it will again ask him for passwd change for other person.
0 Kudos
Reply
Ivan Ferreira
Honored Contributor

‎02-08-2006 04:06 PM

‎02-08-2006 04:06 PM

Re: Script access control

Edit the user's profile, add the path to the this script in the profile, if the file is called for example /usr/local/sbin/changepwd.sh, add to the user's profile:

# Avoid cancel of the script
stty dsusp undef eof undef eol undef eol2 undef discard undef \
status undef intr undef kill undef lnext undef quit undef reprint undef \
start undef stop undef susp undef werase undef
# Start the script
/usr/local/sbin/changepwd.sh
# Do not allow access to the shell
exit

So, the user won't have access to the shell. When the users logon, the script will start, when he press "q", the exit command will be run and will logout from the system.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
0 Kudos
Reply
Khashru
Valued Contributor

‎02-08-2006 05:22 PM

‎02-08-2006 05:22 PM

Re: Script access control

I will try that tomorrow.
0 Kudos
Reply
Muthukumar_5
Honored Contributor

‎02-08-2006 05:36 PM

‎02-08-2006 05:36 PM

Re: Script access control

However, If we add the script with /etc/profile or $HOME/.profile the user is still allowed to use the signal's as ctrl+c or ctrl+d. Which can not be trapped. Better use the script execution as,

nohup passwdscript

which will trap those signal's too.

--
Muthu
Easy to suggest when don't know about the problem!
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.