LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices


Reply
  Search this Thread
Old 06-19-2020, 03:43 PM   #1
gabrielpasv
LQ Newbie
 
Registered: Feb 2016
Posts: 19

Rep: Reputation: Disabled
run a python script after login and user cannot do anything else.


Hi Guys,

I want to create a linux user. This user should be able to ssh to linux server and then automatically it should execute a .py script. The user should be able to use only this python script nothing else. How can I restrict the user to only have access to this application after login ?
 
Old 06-19-2020, 04:02 PM   #2
wainamoinen
LQ Newbie
 
Registered: Sep 2009
Posts: 13

Rep: Reputation: Disabled
Hi,

You can create the user and then change the default shell to the script you want. The command to change the default shell is:

chsh <username>

The default shell for each user is stored in /etc/passwd. For common users the default shell is "/bin/bash", but some special system users have the shell "/bin/nologin" or "/bin/false", these "shells" forbids the user to login. You can define your .py script as a shell as I said with the command chsh.
 
Old 06-19-2020, 05:06 PM   #3
The Squash
LQ Newbie
 
Registered: Apr 2020
Distribution: Gentoo GNU/Linux x86 (32 bit)
Posts: 24

Rep: Reputation: Disabled
I was also going to suggest changing the user's login shell earlier but got carried away before I could post. Anyway, if you don't want the warning (or fatal error) that says that the shell you chose is not valid, use the following command instead:
Code:
usermod --shell [path to Python script]  [user name]
Be sure to set execute permission on the script before you log in as the dummy user; otherwise, you'll immediately get logged out as soon as you log in. This is an infuriating bug to track down and I say this from experience.

The only problem with the above method is you may not pass any parameters to the Python script via the command line anymore. You can still type input to the program, but you may not pass "arguments" to the program like you could in a shell. You may thus prefer using sudo to run the script as the dummy user, from the comfort of your normal user account; assuming that your normal user account is "gabriel", the dummy user is called "dummy", and the Python script is at "/usr/local/bin/pyscript", the following entry added to your "/etc/sudoers" file should do the trick (NOTE: Always edit the sudoers file using the command "sudo visudo"!):
Code:
gabriel   ALL=(dummy)  /usr/local/bin/pyscript
If you want any user to be able to run your script as the dummy user, you can use the following code instead:
Code:
ALL   ALL=(dummy)  /usr/local/bin/pyscript
In any case you can then run your script like this, from your normal user account:
Code:
sudo -u dummy /usr/local/bin/pyscript  [put arguments here]

Last edited by The Squash; 06-19-2020 at 05:09 PM.
 
Old 06-20-2020, 06:39 AM   #4
gabrielpasv
LQ Newbie
 
Registered: Feb 2016
Posts: 19

Original Poster
Rep: Reputation: Disabled
Thank you guys for all your help. I appreciate.

My problem is. I have a simple python script to delivery to 1k users remotely. ( I know this isn't the correct architecture ) but it's what we have now.
So I am thinking maybe 1 client = 1 linux user with no shell access, running this python script. I am thinking about using npyscreen to create a TUI. So the idea is the user will click on a icon on desktop. this will log the user to my server and automatically open the application.
 
Old 06-20-2020, 11:58 AM   #5
ondoho
LQ Addict
 
Registered: Dec 2013
Posts: 14,616
Blog Entries: 9

Rep: Reputation: 4094Reputation: 4094Reputation: 4094Reputation: 4094Reputation: 4094Reputation: 4094Reputation: 4094Reputation: 4094Reputation: 4094Reputation: 4094Reputation: 4094
Also see this thread and the latest post by Turbocapitalist.
 
Old 06-20-2020, 02:38 PM   #6
rnturn
Senior Member
 
Registered: Jan 2003
Location: Illinois (SW Chicago 'burbs)
Distribution: Currently: openSUSE, Raspbian, Slackware. Formerly: CentOS, MacOS, Red Hat. Other: Solaris, Tru64
Posts: 1,942

Rep: Reputation: 308Reputation: 308Reputation: 308Reputation: 308
Quote:
Originally Posted by gabrielpasv View Post
Hi Guys,

I want to create a linux user. This user should be able to ssh to linux server and then automatically it should execute a .py script. The user should be able to use only this python script nothing else. How can I restrict the user to only have access to this application after login ?
Clarify: You want to create a restricted account on a remote server that is able to do nothing but execute your Python script? (Your description could imply that a user account on System A uses SSH to access an account System B where it runs a Python script.)

I'm assuming that you're are looking for a solution the former case and I think all configuration can take place on the remote server. You could also get fine-grained by setting up the account on the remote host to do only allow ssh connections from certain "allowed-user@allowed-host". (Caveat: I've never done this but the ssh_config(5) manpage alludes to it being possible using the "Match" keyword. Unfortunately my O'Rielly SSH book is packed away. )

I'd set up a restricted account on the remote box whose purpose in life is to run your Python script. You can write a wrapper script to trap things like Ctrl-C (disallowing the user from reaching a real interactive shell), run your Python script, and exit when the Pytthon has finished. The trap handler function you write could wag a finger and issue a nastygram about trying to escape the application and summarily force them off the system if they issue Ctrl-C. You'd specify your wrapper script as the remote site user's shell---adding it to /etc/shells is likely going to be required.

Try:
Code:
#!/bin/bash

ctrl_c() {
    echo "You pressed ^C! Yer outta here!"
    exit 1
}

trap ctrl_c 2

sleep 10 &        # <--<< Your command would go here
BGPID=$!
echo ${BGPID}
wait ${BGPID}
echo "Command completed normally."
exit 0
See the bash manpage, specifically the description of "trap" (prepare to scroll; it's way down in the BUILTIN COMMANDS section.)

HTH...
 
Old 06-20-2020, 03:10 PM   #7
michaelk
Moderator
 
Registered: Aug 2002
Posts: 20,105

Rep: Reputation: 3381Reputation: 3381Reputation: 3381Reputation: 3381Reputation: 3381Reputation: 3381Reputation: 3381Reputation: 3381Reputation: 3381Reputation: 3381Reputation: 3381
No need for a wrapper. python has its own signal handler...

https://docs.python.org/3/library/signal.html

There are several ways to get a script to automatically run when logged in...
 
Old 06-23-2020, 01:01 AM   #8
rnturn
Senior Member
 
Registered: Jan 2003
Location: Illinois (SW Chicago 'burbs)
Distribution: Currently: openSUSE, Raspbian, Slackware. Formerly: CentOS, MacOS, Red Hat. Other: Solaris, Tru64
Posts: 1,942

Rep: Reputation: 308Reputation: 308Reputation: 308Reputation: 308
Quote:
Originally Posted by michaelk View Post
No need for a wrapper. python has its own signal handler...
I guess I shouldn't be surprised that Python has a module for that. I think I'd still go with the shell wrapper just because handling signals in shell scripts has been done forever and there are tons of examples out there.

Cheers...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
run python script from python command line iFunction Linux - Newbie 4 03-15-2017 01:42 PM
Why don't python scripts run unless I run them with explicit invocations of python? RandomTroll Linux - Newbie 23 10-06-2016 01:29 PM
SSH Tunnel for butty - (user without permissions for anything else) pamamolf Linux - Server 4 04-11-2015 02:26 PM
If I push a button on one input device, have one script run, else, run the other? Automatic Linux - Software 2 04-14-2013 02:17 AM
LXer: Python Python Python (aka Python 3) LXer Syndicated Linux News 0 08-05-2009 08:30 PM

LinuxQuestions.org > Forums > Non-*NIX Forums > Programming

All times are GMT -5. The time now is 05:16 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration