Correct way to startup user applications after restart?
Hello everybody. I'm stuck at specific problem and I can't find solution anywhere. Please help me.
I installed Debian on some old Pentium II and some users (without root access) have access to the server. Some installed BNC, other eggdrop and other custom daemons. There is no X11 on server. The problem is that when I restart the computer (or it restarts it self after power failure), then all daemons which users run will not rerun. Everyone has to login and rerun them manually. This happens very rare, about every 100 days, but it happens. They could install own initscripts in /etc, but that would require a root access to the system. I, ofcourse, don't want to give everybody root access. Question: How users may able to make their daemons rerun on startup without giving root access to the server? Thank you. |
There are a few ways you could do it, but the one that makes the most sense to me would be running them from per-user cron. You could write a script that runs every few minutes to check if the various daemons are up, and starts them if they aren't.
Actually starting them at boot time is going to require integrating with the boot scripts, which would take root-level access to do directly. Alternately you could have a function in your boot scripts that loaded scripts from each /home directory, but that would be exceptionally insecure as a user could put anything they wanted in there and have it run as root. |
Ok, i checked three implementations of cron:
* Vixie cron: it sure would help, but it seems that you need to run "crontab ~/.crontab" from user; * anacron: only the system administrator can configure anacron tasks; * fcron: this is too advanced. And /etc/init.d/cron does'nt load /home/*/.crontab files at startup. Seems like I need to do some scripting. I think I can, I have same basic skills, but I'm sure that it will be 100% exploitable and also I want to make sure that I'm not reinventing a wheel. |
|
Quote:
|
So I put this in /etc/rc.local:
Code:
find /home/ -maxdepth 2 -type f -name .startup | sed 's/\/home\/\(\w*\).*/echo -e \"=== \\0033[36mExecuting \\0033[32m\/home\/\1\/.startup\\0033[0m ===" \&\& su \1 -c \"sh \/home\/\1\/.startup\"/' | sh |
You can do that, but again, this means any user could run any command as root.
So they could put a line in there that copied a shell with root permissions into their /home directory, and get a root shell without needing to crack the password. Or they could simply put in a "rm -rf" line to delete everything on the server. If you are going to go this route, you really need to set it up so that any .startup scripts are run as a different user with minimal permissions, definitely not root. |
Look at this part:
Code:
su \1 -c \"sh \/home\/\1\/.startup\" Code:
su user -c "sh /home/user/.startup" |
All times are GMT -5. The time now is 10:45 AM. |