Slackware This Forum is for the discussion of Slackware Linux.
|
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
08-05-2006, 06:52 PM
|
#1
|
Senior Member
Registered: Feb 2006
Location: Seattle, WA: USA
Distribution: Slackware 11.0
Posts: 1,191
Rep:
|
X11 auto login and disable users shell - tricky business
I set up an auto login to X by editing my /etc/inittab as follows:
Code:
x1:4:wait:/etc/rc.d/rc.xinit
then I created an rc.xinit wich contains this:
Code:
#!/bin/sh
startx -- -bpp 24 | su - webuser
This works like I want it to, but then I decided to disable the users shell since I would like them to never be able to enter in a command (I'm a horible person, I know).
I don't know of any "official" way to do this, so I gave this a shot:
Code:
usermod -s /dev/null webuser
But since I am essentially wrapping init 4 through the shell, this stops X11 from loading.
Does any one know of a better way to do either of these things so I can have my cake and eat it to?
thanks!
...drkstr
PS: sorry for any typos, it's a pain typing on this tiny keyboard.
**edit**
fixed the pretend | char with a real one now that I'm at a real keyboard
Last edited by drkstr; 08-06-2006 at 12:16 AM.
|
|
|
08-06-2006, 06:18 PM
|
#2
|
Member
Registered: Apr 2006
Location: A comfy chair...
Distribution: Slackware
Posts: 111
Rep:
|
Quote:
Originally Posted by drkstr
I set up an auto login to X by editing my /etc/inittab as follows:
Code:
x1:4:wait:/etc/rc.d/rc.xinit
then I created an rc.xinit wich contains this:
Code:
#!/bin/sh
startx -- -bpp 24 | su - webuser
|
Um... how does that work? Piping startx through a command prompt? Wouldn't it be more appropriate to try this:
Code:
HOME='/home/webuser'
sudo -u webuser /bin/bash /usr/bin/startx
|
|
|
08-08-2006, 12:12 AM
|
#3
|
Senior Member
Registered: Feb 2006
Location: Seattle, WA: USA
Distribution: Slackware 11.0
Posts: 1,191
Original Poster
Rep:
|
Quote:
Um... how does that work? Piping startx through a command prompt?
|
You don't like my clumsy work around? I think it essentially does the same thing as your command, but I could be wrong.
Regardless, I will probably not be able to do this in any form if I am to disable the users shell. I was trying to avoid having to install KDM to use their built in auto login feature, but I guess I will have to give in to the bulk. Oh well, so goes life.
Thanks for the response!
...drkstr
|
|
|
08-08-2006, 12:43 AM
|
#4
|
Member
Registered: Apr 2006
Location: A comfy chair...
Distribution: Slackware
Posts: 111
Rep:
|
Actually, I tested my command on a Ubuntu VM I had laying around before posting it. It works with a user shell of /bin/false
EDIT: I also tried your command. Opening a shell and typing "whoami" in X returned "root." I wasn't just scoffing
Last edited by Daga; 08-08-2006 at 12:46 AM.
|
|
|
08-08-2006, 01:34 AM
|
#5
|
Senior Member
Registered: Feb 2006
Location: Seattle, WA: USA
Distribution: Slackware 11.0
Posts: 1,191
Original Poster
Rep:
|
Quote:
Actually, I tested my command on a Ubuntu VM I had laying around before posting it. It works with a user shell of /bin/false
|
Sweet, I'll give it a shot, thanks. I would have tested it myself but I broke the entire system a bit ago and have to rebuild it. When I get to the X part, I will use your method.
Quote:
I also tried your command. Opening a shell and typing "whoami" in X returned "root." I wasn't just scoffing
|
That's odd. I didn't try opening a shell, but my gui apps did not have root access. For instance, I could not browse /root in firefox but I could browse the users home. I know the xserver is always run as root, but this shouldn't cause an open shell to start off in root. Ugh, talk about security whole to the hundreth power. Kind of defeats the purpose of disabling the users shell when they get the root shell by default
thanks again!
...drkstr
|
|
|
08-26-2006, 02:26 PM
|
#6
|
Senior Member
Registered: Feb 2006
Location: Seattle, WA: USA
Distribution: Slackware 11.0
Posts: 1,191
Original Poster
Rep:
|
Hi Daga,
Just wanted to let you know I finally got around to testing your method. You were right, it works much better then the one I came up with. However, I did have to add the PATH to the script on my system. Once I did that, everything worked just like you said it would.
Code:
#!/bin/sh
#/etc/rc.d/rc.xinit
HOME='/home/webuser'
PATH='/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/X11R6/bin'
sudo -u webuser /bin/bash /usr/X11R6/bin/startx
Thanks for the help!
...drkstr
**edit**
PS: funny sig.
Last edited by drkstr; 08-26-2006 at 02:28 PM.
|
|
|
08-29-2006, 03:35 AM
|
#7
|
Amigo developer
Registered: Dec 2003
Location: Germany
Distribution: Slackware
Posts: 4,928
|
The difference is that startx is being executed in a separate process.
Your original code may do what you want if you add 'exec':
exec startx ...
Also, you might play with disabling the alternate terminal for runlevel 4 in inittab.
|
|
|
08-29-2006, 10:36 AM
|
#8
|
Senior Member
Registered: Feb 2006
Location: Seattle, WA: USA
Distribution: Slackware 11.0
Posts: 1,191
Original Poster
Rep:
|
Quote:
The difference is that startx is being executed in a separate process.
Your original code may do what you want if you add 'exec':
exec startx ...
|
Oh, that makes sence. Thanks!
Quote:
Also, you might play with disabling the alternate terminal for runlevel 4 in inittab.
|
Are you referring to tty6? If so, I think I (hopefully) disabled this by uncomenting these in my xorg.conf:
Code:
Option "DontVTSwitch"
Option "DontZap"
Should this do the trick?
...drkstr
|
|
|
08-29-2006, 11:59 AM
|
#9
|
Member
Registered: Apr 2006
Location: A comfy chair...
Distribution: Slackware
Posts: 111
Rep:
|
Yep, that should do the trick. Also there is a comment in the inittab from PV (dunno if it is still accurate, probably is) about a 1% constant CPU usage if there are no VTs.
It would be a good idea to force a shutdown when X closes (edit startx), because there have been a couple exploits in the last year that can crash X.
It is possible to get the original code working with a fake shell, but piping it through sudo isn't going to make the program run with the permissions you tell sudo to run with...
HTH,
EDIT: Thanks for the comment on the sig!
|
|
|
08-29-2006, 01:16 PM
|
#10
|
Senior Member
Registered: Jul 2004
Location: France
Distribution: Arch Linux
Posts: 1,897
Rep:
|
You may be interested in my "autologin" page on my site (see below, as links to self-made site are forbiden...). It describes a simple method for autologging a given user. Then as you say, you can use /bin/false for the shell.
Yves.
|
|
|
08-29-2006, 01:54 PM
|
#11
|
Senior Member
Registered: Feb 2006
Location: Seattle, WA: USA
Distribution: Slackware 11.0
Posts: 1,191
Original Poster
Rep:
|
Quote:
Originally Posted by Daga
Yep, that should do the trick. Also there is a comment in the inittab from PV (dunno if it is still accurate, probably is) about a 1% constant CPU usage if there are no VTs.
|
I should be okay since the VT is still there, you just can't switch to it. At least I think that's what's going on. I'm sure there's some way to verify this when I get a chance.
Quote:
Originally Posted by Daga
It would be a good idea to force a shutdown when X closes (edit startx), because there have been a couple exploits in the last year that can crash X.
|
Hmm, exploits are no good. I'm hoping it will not be exploitable since the window manager is pretty limited in what the user can do. They can't even shut it down unless they know the correct key combination (which is bount to 'sudo init 0/6'. Wouldn't hurt to have a failsafe though. I briefly looked through the startx script and didn't see any "on shutdown" section, but I will try to read up on it a bit.
Quote:
Originally Posted by theYinYeti
You may be interested in my "autologin" page on my site (see below, as links to self-made site are forbiden...). It describes a simple method for autologging a given user. Then as you say, you can use /bin/false for the shell.
|
Interesting. This also seems like a good way to do it. I'll give it a try if the method I'm currently using stops working the way I want it to.
Thanks for everyone's replies!
...drkstr
Last edited by drkstr; 08-29-2006 at 01:56 PM.
|
|
|
All times are GMT -5. The time now is 11:48 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|