Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have a program that grabs info from the database and displays it. I created a new user account. The only function of this user account is to execute that program automatically when someone login with this account through ssh. If the program ends or if the user quits the program, the user should be logged out of ssh too. Basically, I dont want ppl to have shell access but just to run this program. How would i accomplish this?
You could set the ~/.bash_profile for the userid to something like:
Code:
function Cleanup_And_Exit_On_Interrupt () {
logout
}
trap Cleanup_And_Exit_On_Interrupt INT
trap Cleanup_And_Exit_On_Interrupt HUP
trap Cleanup_And_Exit_On_Interrupt QUIT
trap Cleanup_And_Exit_On_Interrupt USR1
trap Cleanup_And_Exit_On_Interrupt TERM
# Get the aliases and functions
if [ -f ~/.bashrc ]; then
. ~/.bashrc
fi
someprogram
exit
You could also set their shell to a script that just runs the program and logs out.
Last edited by macemoneta; 05-26-2006 at 01:07 PM.
You could also setup ssh to require pubkey authentication and then use "forced commands" specified in the user's authorized_keys2 file. But macemoneta's suggestion is probably simpler and easier to understand. You could also just setup "/path/to/someprogram" as the shell for the restricted user. Double verify there are no shell escapes in someprogram!!!
Something like this in /etc/passwd:
Code:
username:x:1000:1000:User name and phone number:/dev/null:/path/to/someprogram
I'm not sure if you can specify /dev/null as a user's HOME directory. Never tried that. Sounds like a good idea to try, if it works!
You could also setup ssh to require pubkey authentication and then use "forced commands" specified in the user's authorized_keys2 file. But macemoneta's suggestion is probably simpler and easier to understand. You could also just setup "/path/to/someprogram" as the shell for the restricted user. Double verify there are no shell escapes in someprogram!!!
Something like this in /etc/passwd:
Code:
username:x:1000:1000:User name and phone number:/dev/null:/path/to/someprogram
I'm not sure if you can specify /dev/null as a user's HOME directory. Never tried that. Sounds like a good idea to try, if it works!
thanks haertig, modifying /etc/passwd worked, is there anyway to prevent the user from killing the program with Ctrl-C??
thanks haertig, modifying /etc/passwd worked, is there anyway to prevent the user from killing the program with Ctrl-C??
If you're wanting to do this for security reasons, don't bother. Once that program exits, for any reason - normal exit, ctrl-c, etc., - they are logged off. That's why we put it into /etc/passwd as their shell. Normally, a user has a regular shell defined in /etc/password, bash is typical for Linux, and when they exit a program they are dropped back into their shell.
But if the program IS their shell, there's nowhere to drop back to, so they are logged off. Nice and secure.
p.s. - Even though this is exactly what I told you to do, it is generally considered a no-no to manually edit your /etc/passwd file. This is because if you screw up your editing and corrupt the file, you may lock yourself out of your system. It's always good to have Knoppix or another LiveCD handly to boot with should you need to save yourself from an editing mistake in a critical file such as this.
That being said, I edit important system files manually all the time. /etc/inittab, /etc/fstab, /etc/X11/xorg.conf, ... etc. I've got backups, and LiveCD's are kept handy for recovery.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.