LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 08-05-2006, 06:52 PM   #1
drkstr
Senior Member
 
Registered: Feb 2006
Location: Seattle, WA: USA
Distribution: Slackware 11.0
Posts: 1,191

Rep: Reputation: 45
X11 auto login and disable users shell - tricky business


I set up an auto login to X by editing my /etc/inittab as follows:
Code:
x1:4:wait:/etc/rc.d/rc.xinit
then I created an rc.xinit wich contains this:
Code:
#!/bin/sh
startx -- -bpp 24 | su - webuser
This works like I want it to, but then I decided to disable the users shell since I would like them to never be able to enter in a command (I'm a horible person, I know).

I don't know of any "official" way to do this, so I gave this a shot:
Code:
usermod -s /dev/null webuser
But since I am essentially wrapping init 4 through the shell, this stops X11 from loading.

Does any one know of a better way to do either of these things so I can have my cake and eat it to?

thanks!
...drkstr

PS: sorry for any typos, it's a pain typing on this tiny keyboard.

**edit**
fixed the pretend | char with a real one now that I'm at a real keyboard

Last edited by drkstr; 08-06-2006 at 12:16 AM.
 
Old 08-06-2006, 06:18 PM   #2
Daga
Member
 
Registered: Apr 2006
Location: A comfy chair...
Distribution: Slackware
Posts: 111

Rep: Reputation: 15
Quote:
Originally Posted by drkstr
I set up an auto login to X by editing my /etc/inittab as follows:
Code:
x1:4:wait:/etc/rc.d/rc.xinit
then I created an rc.xinit wich contains this:
Code:
#!/bin/sh
startx -- -bpp 24 | su - webuser
Um... how does that work? Piping startx through a command prompt? Wouldn't it be more appropriate to try this:

Code:
HOME='/home/webuser'
sudo -u webuser /bin/bash /usr/bin/startx
 
Old 08-08-2006, 12:12 AM   #3
drkstr
Senior Member
 
Registered: Feb 2006
Location: Seattle, WA: USA
Distribution: Slackware 11.0
Posts: 1,191

Original Poster
Rep: Reputation: 45
Quote:
Um... how does that work? Piping startx through a command prompt?
You don't like my clumsy work around? I think it essentially does the same thing as your command, but I could be wrong.

Regardless, I will probably not be able to do this in any form if I am to disable the users shell. I was trying to avoid having to install KDM to use their built in auto login feature, but I guess I will have to give in to the bulk. Oh well, so goes life.

Thanks for the response!
...drkstr
 
Old 08-08-2006, 12:43 AM   #4
Daga
Member
 
Registered: Apr 2006
Location: A comfy chair...
Distribution: Slackware
Posts: 111

Rep: Reputation: 15
Actually, I tested my command on a Ubuntu VM I had laying around before posting it. It works with a user shell of /bin/false

EDIT: I also tried your command. Opening a shell and typing "whoami" in X returned "root." I wasn't just scoffing

Last edited by Daga; 08-08-2006 at 12:46 AM.
 
Old 08-08-2006, 01:34 AM   #5
drkstr
Senior Member
 
Registered: Feb 2006
Location: Seattle, WA: USA
Distribution: Slackware 11.0
Posts: 1,191

Original Poster
Rep: Reputation: 45
Quote:
Actually, I tested my command on a Ubuntu VM I had laying around before posting it. It works with a user shell of /bin/false
Sweet, I'll give it a shot, thanks. I would have tested it myself but I broke the entire system a bit ago and have to rebuild it. When I get to the X part, I will use your method.

Quote:
I also tried your command. Opening a shell and typing "whoami" in X returned "root." I wasn't just scoffing
That's odd. I didn't try opening a shell, but my gui apps did not have root access. For instance, I could not browse /root in firefox but I could browse the users home. I know the xserver is always run as root, but this shouldn't cause an open shell to start off in root. Ugh, talk about security whole to the hundreth power. Kind of defeats the purpose of disabling the users shell when they get the root shell by default

thanks again!
...drkstr
 
Old 08-26-2006, 02:26 PM   #6
drkstr
Senior Member
 
Registered: Feb 2006
Location: Seattle, WA: USA
Distribution: Slackware 11.0
Posts: 1,191

Original Poster
Rep: Reputation: 45
Hi Daga,

Just wanted to let you know I finally got around to testing your method. You were right, it works much better then the one I came up with. However, I did have to add the PATH to the script on my system. Once I did that, everything worked just like you said it would.

Code:
#!/bin/sh
#/etc/rc.d/rc.xinit
HOME='/home/webuser'
PATH='/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/X11R6/bin'
sudo -u webuser /bin/bash /usr/X11R6/bin/startx
Thanks for the help!
...drkstr

**edit**
PS: funny sig.

Last edited by drkstr; 08-26-2006 at 02:28 PM.
 
Old 08-29-2006, 03:35 AM   #7
gnashley
Amigo developer
 
Registered: Dec 2003
Location: Germany
Distribution: Slackware
Posts: 4,928

Rep: Reputation: 613Reputation: 613Reputation: 613Reputation: 613Reputation: 613Reputation: 613
The difference is that startx is being executed in a separate process.

Your original code may do what you want if you add 'exec':
exec startx ...

Also, you might play with disabling the alternate terminal for runlevel 4 in inittab.
 
Old 08-29-2006, 10:36 AM   #8
drkstr
Senior Member
 
Registered: Feb 2006
Location: Seattle, WA: USA
Distribution: Slackware 11.0
Posts: 1,191

Original Poster
Rep: Reputation: 45
Quote:
The difference is that startx is being executed in a separate process.

Your original code may do what you want if you add 'exec':
exec startx ...
Oh, that makes sence. Thanks!
Quote:
Also, you might play with disabling the alternate terminal for runlevel 4 in inittab.
Are you referring to tty6? If so, I think I (hopefully) disabled this by uncomenting these in my xorg.conf:
Code:
Option     "DontVTSwitch"
Option     "DontZap"
Should this do the trick?
...drkstr
 
Old 08-29-2006, 11:59 AM   #9
Daga
Member
 
Registered: Apr 2006
Location: A comfy chair...
Distribution: Slackware
Posts: 111

Rep: Reputation: 15
Yep, that should do the trick. Also there is a comment in the inittab from PV (dunno if it is still accurate, probably is) about a 1% constant CPU usage if there are no VTs.

It would be a good idea to force a shutdown when X closes (edit startx), because there have been a couple exploits in the last year that can crash X.

It is possible to get the original code working with a fake shell, but piping it through sudo isn't going to make the program run with the permissions you tell sudo to run with...

HTH,

EDIT: Thanks for the comment on the sig!
 
Old 08-29-2006, 01:16 PM   #10
theYinYeti
Senior Member
 
Registered: Jul 2004
Location: France
Distribution: Arch Linux
Posts: 1,897

Rep: Reputation: 66
You may be interested in my "autologin" page on my site (see below, as links to self-made site are forbiden...). It describes a simple method for autologging a given user. Then as you say, you can use /bin/false for the shell.

Yves.
 
Old 08-29-2006, 01:54 PM   #11
drkstr
Senior Member
 
Registered: Feb 2006
Location: Seattle, WA: USA
Distribution: Slackware 11.0
Posts: 1,191

Original Poster
Rep: Reputation: 45
Quote:
Originally Posted by Daga
Yep, that should do the trick. Also there is a comment in the inittab from PV (dunno if it is still accurate, probably is) about a 1% constant CPU usage if there are no VTs.
I should be okay since the VT is still there, you just can't switch to it. At least I think that's what's going on. I'm sure there's some way to verify this when I get a chance.

Quote:
Originally Posted by Daga
It would be a good idea to force a shutdown when X closes (edit startx), because there have been a couple exploits in the last year that can crash X.
Hmm, exploits are no good. I'm hoping it will not be exploitable since the window manager is pretty limited in what the user can do. They can't even shut it down unless they know the correct key combination (which is bount to 'sudo init 0/6'. Wouldn't hurt to have a failsafe though. I briefly looked through the startx script and didn't see any "on shutdown" section, but I will try to read up on it a bit.

Quote:
Originally Posted by theYinYeti
You may be interested in my "autologin" page on my site (see below, as links to self-made site are forbiden...). It describes a simple method for autologging a given user. Then as you say, you can use /bin/false for the shell.
Interesting. This also seems like a good way to do it. I'll give it a try if the method I'm currently using stops working the way I want it to.

Thanks for everyone's replies!
...drkstr

Last edited by drkstr; 08-29-2006 at 01:56 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
how to disable auto login in SUSE 10? baosheng SUSE / openSUSE 8 09-05-2006 05:39 AM
Disable auto login at startup x ferry.hidayat Linux - Newbie 2 10-03-2003 09:32 AM
disable auto login into KDE tonic Linux - General 3 02-16-2003 12:06 PM
How to disable auto-login (MDK9) skip1 Linux - Software 3 02-07-2003 12:10 PM
auto login ~ how to disable? thinguy10 Linux - General 3 02-04-2002 05:34 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 11:48 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration