LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 05-27-2012, 07:03 AM   #1
rakrr786
Member
 
Registered: May 2012
Posts: 34

Rep: Reputation: Disabled
shell script to give root access to user for limited time?


Hi i am a newbee and i need to write a shell script that will give the root access to user for some time and then
take away the root permissions

i am able to get the time stamp when the user logs in and also set some random password for it

i want to know is there a way to check the user is logged in and then start the counter for say 3 hours when the user gets the root access and after 3 hours the user will be automatically removed from the superuser group
i am running rhel 5

thanks in advance

Last edited by rakrr786; 05-27-2012 at 07:11 AM. Reason: improved question
 
Old 05-27-2012, 07:41 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,331
Blog Entries: 55

Rep: Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530
Quote:
Originally Posted by rakrr786 View Post
i am a newbee and i need to write a shell script that will give the root access
That is a highly questionable combination of things.


Quote:
Originally Posted by rakrr786 View Post
is there a way to check the user is logged in and
Parse /var/log/secure contents for username?
Parse 'last' information for the same?
Make pam_script or another PAM module perform some test on login?


Quote:
Originally Posted by rakrr786 View Post
then start the counter for say 3 hours
'echo doSomething|/usr/bin/at "now + 3 hours"'?


Quote:
Originally Posted by rakrr786 View Post
the user will be automatically removed from the superuser group
..yeah, but you don't realize that once a user gains root privileges all bets are off as root can modify about anything. Investigating limiting privileges via the use of Sudo would be a better start.
 
1 members found this post helpful.
Old 05-27-2012, 10:28 AM   #3
rakrr786
Member
 
Registered: May 2012
Posts: 34

Original Poster
Rep: Reputation: Disabled
hi unspawn
actually i was not thinking of root privilages i am using sudo to give limited access

i have made a script that add user set password and change the groups i was thinking of using the finger or who command to check if the user is logged in but was not sure how to validate the condition and proceed further

well thanks for the info i will try and let u know the result

Last edited by rakrr786; 05-27-2012 at 10:33 AM.
 
Old 05-27-2012, 06:32 PM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,331
Blog Entries: 55

Rep: Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530
Quote:
Originally Posted by rakrr786 View Post
i have made a script
Post it?
 
Old 05-27-2012, 07:01 PM   #5
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.8, Centos 5.10
Posts: 17,240

Rep: Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324
If you want to know if a user has or is logged in, try http://linux.die.net/man/1/last
 
1 members found this post helpful.
Old 05-29-2012, 08:02 AM   #6
rakrr786
Member
 
Registered: May 2012
Posts: 34

Original Poster
Rep: Reputation: Disabled
i am giving u script i have done so far

i am stuck on the condition below n i dont know hw i can create it and parse to the counter

#!/bin/bash

#useradd -G sysgrp $1
useradd $1
passwd=`date +%s | sha256sum | base64 | head -c 8`
echo "$passwd" > pass.txt
echo "$passwd" |passwd --stdin $1
usermod -G sysgrp $1
last $1 > test1.txt
E=`head -1 test1.txt | wc -m`
S=`expr $E - 18`
log=`cat /etc/test1.txt | head -1 |cut -c$S-$E`
echo $log $S
affirm=" still logged in "
echo $affirm
x="0"
while [ $x -lt 6 ]; do

grep $affrim /etc/test1.txt

if [ -a $affirm ]; then
x="6"
echo $x
sleep $2m
usermod -G sysgrp $1


else
x=`expr $x + 1`

if [ $x -eq 6 ]; then

sleep $2m
usermod -G sysgrp $1
else
sleep 60s

fi
fi
done

Last edited by rakrr786; 05-29-2012 at 08:08 AM.
 
Old 05-29-2012, 08:25 AM   #7
pan64
LQ Guru
 
Registered: Mar 2012
Location: Hungary
Distribution: debian i686 (solaris)
Posts: 8,109

Rep: Reputation: 2268Reputation: 2268Reputation: 2268Reputation: 2268Reputation: 2268Reputation: 2268Reputation: 2268Reputation: 2268Reputation: 2268Reputation: 2268Reputation: 2268
what is sleep $2m? do you want to wait two minutes? try sleep 2m. you should write grep "$affirm" /etc/test1.txt. Also you can check the result immediately:
Code:
grep "$affirm" /etc/test1.txt >/dev/null 2>&1 && {
   #do what you want if found
}
but first, use [code][/code] to keep formatting.

(and also remember, if you give someone general root access for a few minutes he will steal it and use as he wants.
 
Old 05-29-2012, 09:09 AM   #8
rakrr786
Member
 
Registered: May 2012
Posts: 34

Original Poster
Rep: Reputation: Disabled
i have to pass the time manually so i thought i could pass a variable
 
Old 05-29-2012, 08:07 PM   #9
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.8, Centos 5.10
Posts: 17,240

Rep: Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324
Actually, you supply the passwd in plaintext in that cmd or (possibly better) use http://linux.die.net/man/8/chpasswd.

What I don't understand is why you are even doing the login check. If this script is creating the user & setting the passwd, there's no way the user can have logged in that fast, especially if you don't tell him the passwd until after this script has created him ...
 
Old 05-31-2012, 01:08 AM   #10
rakrr786
Member
 
Registered: May 2012
Posts: 34

Original Poster
Rep: Reputation: Disabled
well i am sending the user password though mail
and thnaks for all ur help guys
i have made the script

Last edited by rakrr786; 05-31-2012 at 01:12 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How give all access (same as root) to other user amitkansal Linux - Newbie 2 04-19-2010 09:10 AM
create very limited linux user, only give access to rdesktop treyhphp Linux - Newbie 14 02-18-2009 03:19 PM
Limited user cannot execute a script from within a script, but root can. versaulis SUSE / openSUSE 5 12-01-2008 01:08 PM
How to give root access to normal user for one day. unix_anand Linux - Security 3 10-14-2008 06:45 AM
Give Root Access To A Normal User waknauss Linux - Security 2 11-11-2004 10:00 AM


All times are GMT -5. The time now is 07:01 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration