[lug] Re: Attaching Notice to Command

Tkil tkil at scrye.com
Wed Sep 6 20:43:06 MDT 2000


>>>>> "SoloCDM" == SoloCDM <deedsmis at aculink.net> writes:

SoloCDM> There are curtain commands at particular and any given times
SoloCDM> that will corrupt a users configurations if they execute any
SoloCDM> of those commands, because the system is cleaning up files;
SoloCDM> e.g.: startx.

quibble: startx is typically a script:

| $ file `which startx`
| /usr/X11R6/bin/startx: Bourne shell script text
| $ head -1 `which startx`

if you are only doing this for the users' convenience (that is, if
they work around it, it's their own problems) then you can just make
scripts that wrap around the original program, check for whatever
preconditions you are checking for, then either quit or exec the
original program.

you can do this either by making another directory and adding that to
the users' PATHs, or by renaming the originals and replacing them with
your own.  the first is probably safer, as some programs are sensitive
to the name they're called as.  E.g., if 'gzip' is linked as 'gzcat',
it will behave like 'gzcat'.  (in fact, last i looked, the standard
gzip install was just three hard links to the same executable; cute,
but it means that renaming it can confuse things a bit.)

there are some programs out there that do varying degrees of
"wrapping" already; i'm not sure how configurable they are.  a recent
example: i was building the bsd-games distribution, and it has a "dm"
program, which you can use to limit users' ability to run games based
on e.g., time of day, load average, etc.

if you are viewing your users as "hostile" parties (that is, you have
actual security concerns, not just convenience in mind) then the only
reliable answer i can come up with is to use a restricted shell of
some sort (bash has such a mode, IIRC; if not, pdksh does), and then
set up your own commands as the only ones that can be run by that
shell.  rather overkill, and if you were my sysadmin and did that to
me, i'd be pissed, but i don't know all of your situation.

regarding actual mechanisms for this stuff, simple shell or perl
scripts should be all that's necessary.  even doing it in C isn't
hard; look at the "wrapper" setuid-CGI helper for some ideas.  you
probably want to use lock files to handle "only one running per
user/device at any given time", then use a function to test the lock
file for existance, then maybe "kill -0" the pid to see if it's still
alive.

does this answer your question(s)?

t.




More information about the LUG mailing list