HPE Community
Operating System - HP-UX
1833875 Members
3300 Online
110063 Solutions
New Discussion

Re: Scripting Challenge

 
SOLVED
Go to solution
Patrick Wallek
Honored Contributor

‎11-06-2003 01:51 AM

‎11-06-2003 01:51 AM

Scripting Challenge

Howdy Everyone,

I have a scripting problem that I can't quite get solved.

We have an MC/SG environment and I need a script that I can run when users log in that will somehow determine the MC/SG package they are telnet'ing and based on the package set some environment variables for their session.

I have written a script that generally works, but the problem I am having is that this must also work if a user uses 'su' to switch to a different user.

Any and all suggestions welcome!
0 Kudos
Reply
15 REPLIES 15
Mark Grant
Honored Contributor

‎11-06-2003 02:03 AM

‎11-06-2003 02:03 AM

Re: Scripting Challenge

Patrick,

It was all going so well until your last sentence. It must work with "su". I take you mean that we can't guarantee .profile is going to get run?
Never preceed any demonstration with anything more predictive than "watch this"
0 Kudos
Reply
TSaliba
Trusted Contributor

‎11-06-2003 02:07 AM

‎11-06-2003 02:07 AM

Re: Scripting Challenge

hi
i thing you try "su user", if yes try the following:

su - user
jj
0 Kudos
Reply
Pete Randall
Outstanding Contributor

‎11-06-2003 02:08 AM

‎11-06-2003 02:08 AM

Re: Scripting Challenge

Patrick,

How about replacing "su" with a script that invokes the real "su" - with the - option?


Pete



Pete
0 Kudos
Reply
Jean-Luc Oudart
Honored Contributor

‎11-06-2003 02:09 AM

‎11-06-2003 02:09 AM

Re: Scripting Challenge

Not sure about the issue.

Are you trying to figure out who is the user originally ?
whoami vs who am i ?

Rgds,
JL
fiat lux
0 Kudos
Reply
Elmar P. Kolkman
Honored Contributor

‎11-06-2003 02:10 AM

‎11-06-2003 02:10 AM

Solution

Re: Scripting Challenge

When using the telnetting, it is doable by using the tty which relates to a telnetd which could be related to a lsof which gives the IP adress the connection was to. This is a save method as using the who -R and using the from address to find the to address in netstat, because a user could open several sessions from the save host.
pid=$(ps -t$(tty |sed 's|/dev/||') | grep telnetd | awk '{print $1}')
[ -n "$pid" ] && lsof -p $pid | grep TCP | sed 's|^.*>\(.*\):.*$|\1|' | uniq

But with the su, I, not sure I understand what you want. If you want the same effect as with the telnetting, it would work here to.

Another way, which we use, is give users a homedirectory in the package. Then it is easy to do. But this only works if a user is package specific. Which is apparently not your case.

Hope this helps you solve the problem.
Every problem has at least one solution. Only some solutions are harder to find.
Reply
Chris Wilshaw
Honored Contributor

‎11-06-2003 02:11 AM

‎11-06-2003 02:11 AM

Re: Scripting Challenge

For su, you can use ps to find out who's using the pty;

# ps -t `basename \`tty\`` -ouser

USER
root
cw16791n
root

If more than 2 entries are returned, you know that it's the USER header, the original id and any su id.

Chris.
0 Kudos
Reply
Patrick Wallek
Honored Contributor

‎11-06-2003 02:12 AM

‎11-06-2003 02:12 AM

Re: Scripting Challenge

OK, sorry folks. When I said "must also work is a user uses su..." I did mean that they would use 'su - username' to switch users.

My big problem, even with 'su - user' is how do you tell what package name / IP they connected to originally?
0 Kudos
Reply
Steve Lewis
Honored Contributor

‎11-06-2003 02:12 AM

‎11-06-2003 02:12 AM

Re: Scripting Challenge

I would use `logname` or $LOGNAME.

e.g.

$id
uid=222(dba) gid=201(...)
$ su informix
Password:
$ echo $LOGNAME
dba
$ echo `logname`
dba
$ exit
$ su - informix
Password:
...
$ echo $LOGNAME
dba
$ echo `logname`
dba

0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

‎11-06-2003 02:13 AM

‎11-06-2003 02:13 AM

Re: Scripting Challenge

A rather easy answer is to set up an alias for su that is actually su='su - '.

If it ain't broke, I can fix that.
0 Kudos
Reply
Mark Grant
Honored Contributor

‎11-06-2003 02:35 AM

‎11-06-2003 02:35 AM

Re: Scripting Challenge

Thinking about it, I do not think it's possible like this. The ip you connected to is just not available anywhere. Even if you wrote your own telnetd and listened on the port yourself, you still wouldn't be able to tell what ip address they connected to. Maybe some tcp/ip sniffer could read the packet headers to get the destination address but I don't think that is going to be a script.

Never preceed any demonstration with anything more predictive than "watch this"
0 Kudos
Reply
Ralph Grothe
Honored Contributor

‎11-06-2003 02:49 AM

‎11-06-2003 02:49 AM

Re: Scripting Challenge

I'm not sure if this is of any help?

You can track the PID of the login shell that issued the "su - someone" by putting something like this in .profile

ORIG_SHELL=$(UNIX95= ps -o ppid= -p $$)

With this PID you could further track the associated pseudo terminal an try to match with output from "who -u".

If you have lsof on the box I guess you could even track down the sockets used by the telnetd that served the login which uses the pty.
Madness, thy name is system administration
0 Kudos
Reply
Ralph Grothe
Honored Contributor

‎11-06-2003 02:55 AM

‎11-06-2003 02:55 AM

Re: Scripting Challenge

I think even if you lack lsof there is some hope.
At least you could narrow possible telnet sockets by parsing netstat with something like

# netstat -anfinet|awk '$4~/\.23$/{print$5}'

will list foreign IPs of telnet sockets.
The least we know is the port they connected trhough.
netstat also give the local IPs which are the 4th column and should correspond to your MC/SG packages' IPs.
Madness, thy name is system administration
0 Kudos
Reply
Mark Greene_1
Honored Contributor

‎11-06-2003 03:20 AM

‎11-06-2003 03:20 AM

Re: Scripting Challenge

who -um will return the IP address of the client telnet connection, even if you su or su -

mark
the future will be a lot like now, only later
0 Kudos
Reply
Patrick Wallek
Honored Contributor

‎11-06-2003 03:42 AM

‎11-06-2003 03:42 AM

Re: Scripting Challenge

Elmar's trick got me going in the right directions. His code snippets produced the machine that the telnet was originating from , but it was fairly simple to get the address that the telnet was going to from the lsof output.

I wound up doing this to get the package name the user telnet'ed to (and this still worked when the user did a 'su - username' to switch user):

PID=$(ps -t $(tty |sed 's|/dev/||') | grep telnetd | awk '{print $1}')

TOPACKAGE=$([ -n "$PID" ] && /usr/local/bin/lsof -p $PID | grep TCP | awk '{print $9}' | awk -F : '{print $1}' | awk -F . '{print $1}' | uniq)

The last 3 awk statements is my crude way of getting the name of the package (without the domain name) the user telnet'ed to. I'm sure there is a better way to do it, but this works for me.

Man I LOVE these forums.
0 Kudos
Reply
Elmar P. Kolkman
Honored Contributor

‎11-06-2003 05:05 PM

‎11-06-2003 05:05 PM

Re: Scripting Challenge

I realized I got the wrong IP address from the lsof output the moment I left the building here... Sorry.
I was thinking about calling someone to put it right (and score some points) but thought you would be able to do this too.

Happy it solved your problem.
Every problem has at least one solution. Only some solutions are harder to find.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.