execute with privileges a particular script at login time
 

I would like that when a certain unprivileged user logs in either the console or ssh, instead of /bin/bash, a special command was executed with privileges:

The purpose is for this user to see a segregated network stack.

I tried to put this is the correspondent entry in /etc/passwd, but that did not work.

I could try and put it in bashrc, but at that point the shell has already been launched and this would launch a new shell, plus I would need to solve the problem of how to give this unprivileged user the right to run this command, which I do not know how to do either.

Is there a way to do that?

Thanks a lot

There are two ways depending on how locked down it must be.

If it ok that the people logging in have access to the script, you can put it in ~/.ssh/rc on the server in their account(s) and make sure to enable PermitUserRC in sshd_config.

If the people logging in should not have write access to the script, the easy way is to call it from /etc/ssh/sshrc

See the manual page in the section "SSHRC" for details.

As far as I know, you'll have the following environment variables available to the script. For group, you'd have to calculate that from $LOGNAME or $USER

LOGNAME
HOME
SSH_TTY
MAIL
SSH_CLIENT
PATH
SHELL
TERM
SSH_CONNECTION
USER

So you could make a case statement matching accounts that need customized scripts.

Or you could use ForceCommand either on the server's configuration or in the SSH key used to log into the server in ~/.ssh/authorized_keys. Again, see

but in the section "AUTHORIZED_KEYS FILE FORMAT"

Thanks for your suggestions. I will try.

Does this work automatically also when logging directly from the console?

The console is actually more important than ssh for me now.

Thanks

The above only works with logins via SSH.

"sudo - You're Doing it wrong"