shell script to give root access to user for limited time?
 

Hi i am a newbee and i need to write a shell script that will give the root access to user for some time and then
take away the root permissions

i am able to get the time stamp when the user logs in and also set some random password for it

i want to know is there a way to check the user is logged in and then start the counter for say 3 hours when the user gets the root access and after 3 hours the user will be automatically removed from the superuser group
i am running rhel 5

thanks in advance

That is a highly questionable combination of things.


Parse /var/log/secure contents for username?
Parse 'last' information for the same?
Make pam_script or another PAM module perform some test on login?


'echo doSomething|/usr/bin/at "now + 3 hours"'?


..yeah, but you don't realize that once a user gains root privileges all bets are off as root can modify about anything. Investigating limiting privileges via the use of Sudo would be a better start.

hi unspawn
actually i was not thinking of root privilages i am using sudo to give limited access

i have made a script that add user set password and change the groups i was thinking of using the finger or who command to check if the user is logged in but was not sure how to validate the condition and proceed further

well thanks for the info i will try and let u know the result

Post it?

If you want to know if a user has or is logged in, try http://linux.die.net/man/1/last

i am giving u script i have done so far

i am stuck on the condition below n i dont know hw i can create it and parse to the counter

#!/bin/bash

#useradd -G sysgrp $1
useradd $1
passwd=`date +%s | sha256sum | base64 | head -c 8`
echo "$passwd" > pass.txt
echo "$passwd" |passwd --stdin $1
usermod -G sysgrp $1
last $1 > test1.txt
E=`head -1 test1.txt | wc -m`
S=`expr $E - 18`
log=`cat /etc/test1.txt | head -1 |cut -c$S-$E`
echo $log $S
affirm=" still logged in "
echo $affirm
x="0"
while [ $x -lt 6 ]; do

grep $affrim /etc/test1.txt

if [ -a $affirm ]; then
x="6"
echo $x
sleep $2m
usermod -G sysgrp $1


else
x=`expr $x + 1`

if [ $x -eq 6 ]; then

sleep $2m
usermod -G sysgrp $1
else
sleep 60s

fi
fi
done

what is sleep $2m? do you want to wait two minutes? try sleep 2m. you should write grep "$affirm" /etc/test1.txt. Also you can check the result immediately:
but first, use [code][/code] to keep formatting.

(and also remember, if you give someone general root access for a few minutes he will steal it and use as he wants.

i have to pass the time manually so i thought i could pass a variable

Actually, you supply the passwd in plaintext in that cmd or (possibly better) use http://linux.die.net/man/8/chpasswd.

What I don't understand is why you are even doing the login check. If this script is creating the user & setting the passwd, there's no way the user can have logged in that fast, especially if you don't tell him the passwd until after this script has created him ...

well i am sending the user password though mail
and thnaks for all ur help guys
i have made the script
:)