From owner-freebsd-questions@FreeBSD.ORG Tue Jan 23 01:33:00 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 0939716A402 for ; Tue, 23 Jan 2007 01:33:00 +0000 (UTC) (envelope-from dwiest@vailsys.com) Received: from dprobd02.vailsys.com (dprobd02.vailsys.com [63.149.73.146]) by mx1.freebsd.org (Postfix) with ESMTP id D91D713C4B7 for ; Tue, 23 Jan 2007 01:32:59 +0000 (UTC) (envelope-from dwiest@vailsys.com) Received: from dfsfbd06.vail (dfsfbd06.vail [192.168.129.190]) by dprobd02.vailsys.com (Postfix) with ESMTP id 8751D8A5C77; Mon, 22 Jan 2007 19:32:59 -0600 (CST) Received: from dfwdamian.vail (dfwdamian.vail [192.168.129.233]) by dfsfbd06.vail (Postfix) with ESMTP id 39047323E8A; Mon, 22 Jan 2007 19:32:59 -0600 (CST) Received: from dfwdamian.vail (dwiest@localhost.vail [127.0.0.1]) by dfwdamian.vail (8.13.4/8.13.4) with ESMTP id l0N1WxUj023808; Mon, 22 Jan 2007 19:32:59 -0600 (CST) Received: (from dwiest@localhost) by dfwdamian.vail (8.13.4/8.13.4/Submit) id l0N1Ww2r013058; Mon, 22 Jan 2007 19:32:58 -0600 (CST) X-Authentication-Warning: dfwdamian.vail: dwiest set sender to dwiest@vailsys.com using -f Date: Mon, 22 Jan 2007 19:32:58 -0600 From: Damian Wiest To: "gs_stoller@juno.com" Message-ID: <20070123013258.GF22569@dfwdamian.vail> References: <20070117.184525.20085.1692098@webmail29.nyc.untd.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20070117.184525.20085.1692098@webmail29.nyc.untd.com> User-Agent: Mutt/1.4.2i Cc: pieter@degoeje.nl, George.Vanev@gmail.com, freebsd-questions@freebsd.org Subject: Re: Subject: Re: Execute script every time a specified user logs in (FreeB SD 6.1) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Jan 2007 01:33:00 -0000 > > On Jan 17, 2007, at 18:46 , George Vanev wrote: > > >> On 1/17/07, Pieter de Goeje wrote: > >>> > >>> On Wednesday 17 January 2007 11:49, George Vanev wrote: > >>>> Every time user X (for example) logs in the system I want to execute some script. > >>>> The user must not have the permission to change this behavior. > >>>> Also the script must be run as root. > >>>> Something like crontab, but depending on logins, not time > >>>> > >>>> Any ideas?! > >>> If this user logs in via SSH you can use the ForceCommand keyword in > >>> sshd_config(5) to execute your script. The root part can be > >>> achieved with sudo(8) . > >>> > >>> Regards, > >>> Pieter de Goeje > >>> > >> > >> Thanks, nice idea. But it seems I can't use it. > >> Let me be more specific: > >> If user X logs in then I want to run "/usr/bin/script -aq /path/user_X" > >> The file user_X must be protected from modifying/deleting > >> > >> Could this be done?! > >> > >> -- > >> George Vanev > A simple technique is to have /etc/profile check for user X and for him > source another file (containing the commands which X can't modify). Have root > own this file and allow all others to only read and execute it. sudo is unnecessary. > This is inelegant in that it has a general and widely used file look for special cases, > but that is something that almost all programs do. This inelegancy is present in other > places in UNIX . FWIW if you're really feeling up to it you can simply craft your own shell for the user. You can write a short C program that forks a process, and call execve() with your script in the child, and then execve() with their desired shell in the parent. I'm probably mistaken about this, but I didn't think /etc/profile was necessarily executed should someone login via ssh. -Damian