Date: Mon, 22 Jan 2007 19:32:58 -0600 From: Damian Wiest <dwiest@vailsys.com> To: "gs_stoller@juno.com" <gs_stoller@juno.com> Cc: pieter@degoeje.nl, George.Vanev@gmail.com, freebsd-questions@freebsd.org Subject: Re: Subject: Re: Execute script every time a specified user logs in (FreeB SD 6.1) Message-ID: <20070123013258.GF22569@dfwdamian.vail> In-Reply-To: <20070117.184525.20085.1692098@webmail29.nyc.untd.com> References: <20070117.184525.20085.1692098@webmail29.nyc.untd.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> > On Jan 17, 2007, at 18:46 , George Vanev wrote: > > >> On 1/17/07, Pieter de Goeje <pieter@degoeje.nl> wrote: > >>> > >>> On Wednesday 17 January 2007 11:49, George Vanev wrote: > >>>> Every time user X (for example) logs in the system I want to execute some script. > >>>> The user must not have the permission to change this behavior. > >>>> Also the script must be run as root. > >>>> Something like crontab, but depending on logins, not time > >>>> > >>>> Any ideas?! > >>> If this user logs in via SSH you can use the ForceCommand keyword in > >>> sshd_config(5) to execute your script. The root part can be > >>> achieved with sudo(8) . > >>> > >>> Regards, > >>> Pieter de Goeje > >>> > >> > >> Thanks, nice idea. But it seems I can't use it. > >> Let me be more specific: > >> If user X logs in then I want to run "/usr/bin/script -aq /path/user_X" > >> The file user_X must be protected from modifying/deleting > >> > >> Could this be done?! > >> > >> -- > >> George Vanev > A simple technique is to have /etc/profile check for user X and for him > source another file (containing the commands which X can't modify). Have root > own this file and allow all others to only read and execute it. sudo is unnecessary. > This is inelegant in that it has a general and widely used file look for special cases, > but that is something that almost all programs do. This inelegancy is present in other > places in UNIX . FWIW if you're really feeling up to it you can simply craft your own shell for the user. You can write a short C program that forks a process, and call execve() with your script in the child, and then execve() with their desired shell in the parent. I'm probably mistaken about this, but I didn't think /etc/profile was necessarily executed should someone login via ssh. -Damian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070123013258.GF22569>