Hi There,

Can any one suggest me to make a user more secure for my requirment.

My Requirement :

When a user (ABC) conects to the system through telnet, a script will
be executed. Where its initiated on ".bashrc" file of the user "/home/ABC".

Now if the user ABC press "Ctrl + c" the script ends where he can access
the system for all purpose. But my requirement is, when the user ABC
terminates the script then the telnet session should be disconnected.

Already i have raised my query before a month, but i din't get a solution.

Hope now some one can help me.

Thanks and Regards,
Bharani

If whatever your script does doesn't background itself (ie, it executes and doesn't let the bashrc to continue to be interpreted until it is finished) then just exec logout as the next command after the script runs.

Oh ya... and I have to give you the obligatory "telnet is inherently insecure, you probably want to use ssh instead" warning.

Hi jtshaw,

Thankyou for your reply, But i din't understand your point.

My Script is below.

#!/bin/bash
echo "Do you want to work ?"
echo "If YES-1 or NO-2"
read cho
if [ $cho -eq 1 ]
then
"DO THE GIVEN PROCESS"
if [ $cho -eq 2 ]
then
"THE USER SHOULD BE TERMINATED"
else
"THE USER SHOULD BE TERMINATED"
fi
fi

Kindly guide me with this example.

Thanks
Bharani

Edit: I just tested this... works better without the execs.....

Ok... here is another little example I threw together...

Any of this help at all?

Thanks Buddy,

But when i execute your second script, got a following error message.

/usr/bin/login_script: line 18: logout: not login shell: use `exit'


But even when using this script, if the user press Ctrl+c then the script gets
terminated and user can access the system. right .

What can be done for this issue ? Kindly help me.

Any way i Thank you for your reply.

Im not sure I understand what you are trying to do?


do you actally want to be able to do anyting under telnet?

if so, who and what?

is there any good reason you cant use ssh instead?

if so, why not juse use ssh, and disable telnet?

My requirement is to make the system as a simple proxy server, using which it should
connects to our main proxy server and does the process of files downloading
and uploading.

In this scenario we create a new user in the SPS (Simple Proxy Server) and by using it
we access the MPS (Main Proxy Server) for which only one user login is provided.

So if we provide the user name and passwd of SPS to a particular user then he can access
all the contents of the system, for which i have gone to this tunnel of making the process
using scripting so that the user can only be able to do the particular process.

Can you tell me what is the difference between a normal "telnet" and "ssh"
know as secured access but not more than that.

Is there any more options on this ssh, please guide me.

As far as I know (and I'm no expert on this) there is no way to catch signals (ctrl-C is a signal) with a bash script. If you were having it execute a C application I could help you there.

To get ride of that error, change logout to exit... other then that I'm not sure where to go from here.

Anyway Thankyou....

Hope any one can help :-)

You definitely want to start this user, not under an unlimited shell (like bash), but under a restricted shell ... one that will execute a certain command and then log out, never allowing the user access to an unrestricted command-prompt.

I suggest that you start with man bash, which describes the restricted-shell features that are available in bash.

As jtshaw correctly mentions, "Control+C is a signal," and there is extensive discussion of signals in the aforementioned man-page. (See also man 7 signal for a list of signals, their acronyms, and what causes them to occur. For example, Control+C is, SIGINT. Execute the command "stty -a" for a complete list of which control-charcters do what... (The stty command can also redefine those settings or remove their special actions.)

It is also useful to know that any program can be specified as the user's "shell." When the user successfully completes login, the specified shell-program is executed and that program is "the user's session."

For instance, the /sbin/nologin program exists to print a message that "this account is currently not available" and then exit. If this program is specified as the shell of certain accounts, then it effectively prevents login to these accounts because it is "the shell" and because it does nothing.

It is also possible to set up "kiosk-type services" by modifying the /etc/inittab This is the file that actually tells Linux to start the program which prompts for your login. If you want a totally-dedicated service to run on one of your serial-lines, i.e. no concept of "logging in" as far as Linux is concerned, you can use this mechanism to start your program and to arrange for it to be constantly "re-spawned" each time it dies.

So there really are a variety of options available to you. You can set up your system to be just as restrictive as you want.

can't you just right a small program up and then put it as his shell in /etc/passwd.

This way when he logs in your script runs and it isn't a shell so he hopefully won't be able to get out. You can catch Ctrl + C, in bash I don't know how.

Why don't you just set the script as the shell in /etc/passwd?

Hi Twsnnva,

Could you give me a short description. I'm unable to get to point.

# cat /etc/passwd
...
user:x:100:101:User account:/home/user:/bin/YourScriptHere.sh
...