shell script to give root access to user for limited time?
Hi i am a newbee and i need to write a shell script that will give the root access to user for some time and then
take away the root permissions i am able to get the time stamp when the user logs in and also set some random password for it i want to know is there a way to check the user is logged in and then start the counter for say 3 hours when the user gets the root access and after 3 hours the user will be automatically removed from the superuser group i am running rhel 5 thanks in advance |
Quote:
Quote:
Parse 'last' information for the same? Make pam_script or another PAM module perform some test on login? Quote:
Quote:
|
hi unspawn
actually i was not thinking of root privilages i am using sudo to give limited access i have made a script that add user set password and change the groups i was thinking of using the finger or who command to check if the user is logged in but was not sure how to validate the condition and proceed further well thanks for the info i will try and let u know the result |
Quote:
|
If you want to know if a user has or is logged in, try http://linux.die.net/man/1/last
|
i am giving u script i have done so far
i am stuck on the condition below n i dont know hw i can create it and parse to the counter #!/bin/bash #useradd -G sysgrp $1 useradd $1 passwd=`date +%s | sha256sum | base64 | head -c 8` echo "$passwd" > pass.txt echo "$passwd" |passwd --stdin $1 usermod -G sysgrp $1 last $1 > test1.txt E=`head -1 test1.txt | wc -m` S=`expr $E - 18` log=`cat /etc/test1.txt | head -1 |cut -c$S-$E` echo $log $S affirm=" still logged in " echo $affirm x="0" while [ $x -lt 6 ]; do grep $affrim /etc/test1.txt if [ -a $affirm ]; then x="6" echo $x sleep $2m usermod -G sysgrp $1 else x=`expr $x + 1` if [ $x -eq 6 ]; then sleep $2m usermod -G sysgrp $1 else sleep 60s fi fi done |
what is sleep $2m? do you want to wait two minutes? try sleep 2m. you should write grep "$affirm" /etc/test1.txt. Also you can check the result immediately:
Code:
grep "$affirm" /etc/test1.txt >/dev/null 2>&1 && { (and also remember, if you give someone general root access for a few minutes he will steal it and use as he wants. |
i have to pass the time manually so i thought i could pass a variable
|
Actually, you supply the passwd in plaintext in that cmd or (possibly better) use http://linux.die.net/man/8/chpasswd.
What I don't understand is why you are even doing the login check. If this script is creating the user & setting the passwd, there's no way the user can have logged in that fast, especially if you don't tell him the passwd until after this script has created him ... |
well i am sending the user password though mail
and thnaks for all ur help guys i have made the script :) |
All times are GMT -5. The time now is 10:42 PM. |