How do i make a autorun usb that executes a shell script that is on the USB drive? This would be only for my system so if there is something i have to enable, no problem (i imagine something like this would be disabled for security reasons)

I believe the shell used would be either ash

Thanks

Don't think that's possible. That's one of the reasons Linux is secure.
A question like this makes me wonder what your intent is.

Are you talking about an autorun functionality inside a desktop environment or, perhaps, at boot time?

my thoughts:
- you create an udev rule on the PC (see the net for it)
- this rule, when recognizing an USB with label=ABCD_XX, then it could start the
skript_of_usb.sh on it with root
I never has done it; but could imagine it runs.
I have only created a udev rule until now, detecting a usb modem xxx:yyy, then starting usb_modeswitch with the parameters adapted to the xxx:yyy (other usbs would not be recognized).

1 members found this post helpful.

I know of no way to do it as one does it with Windows. All sorts of issues prevent it in linux.

On top of that is the ash shell. Who has that?

Which ones would that be?


I have but then again I run Heirloom, Dash and other shells as well: "The ash shell is a clone of Berkeley's Bourne shell (sh). Ash supports all of the standard sh shell commands, but is considerably smaller than sh. The ash shell lacks some Bourne shell features (for example, command-line histories), but it uses a lot less memory. You should install ash if you need a lightweight shell with many of the same capabilities as the sh shell."


I'm sure Udev rules should work but I agree it is not a feature one would want or need: Linux autorun vulnerabilities? (2011).

I see my error. I assumed it was to be for any computer. My post was incorrect.

I get it now. At some event like mount or hotplug event you want some script to run some file or such that is on the usb. So you'd need to select some reportable action, then use some way to test for that action, then run script. If not a test for action some action that is modified.

let me explain a bit of the situation as i see a lot of people are having security woes....


im setting up a embedded ARM Linux router (similar to DD-WRT devices) running ash. This is to be used as a OpenVPN client which connects to (say) 123.123.123.123 I (my company) preconfiguures the router and send it off to the client installed. I have the OpenVPN connection BUT what if my 123.123.123.123 server changes to another ip? thats where all of this comes in: I simply send a shell script, tell him to put it on the usb, tell him to plug it into his router, and the ip autoreplaces it in the openvpn client configuration updating the router without have the client to do anything except download the shell from his email and put it on the usb

thats why security is fully controlled by me


now, on to doubts....


I actually tried to create a udev rule but it does not work. a simple one that just does a "touch" on a file where i (and anyone) can write and permissions are correct. i also have the problem that i do not know the usb device the other end has so vender/product id/label does not work for me. it has to autorun all usb devices that are mass storage.


well it is a factory so security on there isnt something top notch on priorities; we do not intent to make their system more secure, just provide a solution.

another options is using crontab to run script 1 which is on the device every minute or so

i would run script 1 similar to this every minute or so (pseudocode)

if /tmp/media/sda1 exists or /tmp/media/sda2 exists or /tmp/media/sda3 exists or /tmp/media/sda4 exists
then do
variable storage=what ever above first returns true (lets say /tmp/media/sda3)
//storage=/tmp/media/sda3
if storage+"/"+.runmescript exist
then do
./runmescript
end if
end if

which ive made more or less into this (still need help)


if [ '/tmp/media/sda1' exists ] || [ '/tmp/media/sda2' exists ] || [ = '/tmp/media/sda3' exists ] || [ '/tmp/media/sda4' exists]
then
$theonethatexists = theonethatreturnedtrueabove
if [ -f $theonethatexists+'/'+'.runmescript' ]
then
./$theonethatexists+'/'+'.runmescript'
fi
else
echo "Error: File Not Found";
fi


.runmescript would be this pseudocode:

$variable=182.34.145.125
load /etc/someconf
search for "dot=123.123.123.123" in /etc/someconf
replace "123.123.123.123" with $variable
save
reboot device

Also the udev rule that I had that did not work is this:

ACTION=="add",SUBSYSTEM=="usb_device",SYSFS{idVendor}=="090c",SYSFS{idProduct}="1000",RUN+="/home/admin/runme.sh"


it was placed in

/etc/udev/rules.d/10-my_autorun.rules

and yes, both files have permissions

And runme.sh was:

#!/bin/ash
echo "Hello world"
touch /me

1 members found this post helpful.

I think the crontab script is better and these device are only used for OpenVPN connections. They dont have a huge workload that would cause lag because crontab is running a script every minute.

You could resort to another approach which, I guess, should work fine: an inotify-based daemon C program.
You can use the inotify system to monitor the directory where USB mass storage devices are mounted (if they're not automounted upon insertion then a custom udev rule for that could be useful) and, upon being awakened by a mount event inside that directory, you could check for the existence of your script inside one of the subdirectories and execute it if needed.
Given that inotify provides file descriptors to be read by the read() system call, I guess the daemon process would just sleep most of the time.

seems the inotify liberary is not avaliable (or at least I do not find it). Remember this is a embedded small ARM based router.

inotify support should be enabled in the kernel and, from userspace, you'd need this library to use it.

Is this library compatible with the ARM instruction set? And this kernel is not built from me. The kernel is:

Linux 2.6.36 #1 Thu May 24 18:41:45 CEST 2012 ppc GNU/Linux

I perfer the crontab method as it is more univeral and I can move it a lot easier without relying on libraries and a C program/interpreter. The only thing is that I dont know how to write the script.