Anshul wrote:
Maybe I am missing something here, but you cant suid a shell script.
Crontab needs root, doesnt it? and the calling program here
(etc/profile) is called with user permissions. I cant see any way to
get around suid if you dont want the user messing around and so a
shell script wont do.
Anshul
Since a user can kill his own processes, including the login process,
the shell script need not be suid, I think, assuming that we are going
the /etc/profile+shell script way.
- Manas Laha
On Mon, 14 Feb 2005 08:08:50 +0530, Rajiv Lodha <[EMAIL PROTECTED]> wrote:
instead of "C" program, you can write a unix shell script ... make a
smart use of CRON(TAB), we used to do this with our fellow students at
our institue.
but instead of 1 hr ... we did the same for 1 min ;-)
He He He.
rajiv
On Mon, 14 Feb 2005 05:16:29 +0530, Anshul <[EMAIL PROTECTED]> wrote:
On Sun, 13 Feb 2005 13:09:21 +0530, Manas Laha
<[EMAIL PROTECTED]> wrote:
Abhijit Banerjee wrote:
prosun try this
in bashrc add at the end
sleep 3600
logout
Won't work, unfortunately! All this will do is block the terminal for
one hour and then log the user out. Not quite what Prosun desires.
Also, any modifications made to the user's .bashrc or .bash_profile can
be undone by the user any time in the one hour available to him. So, the
modifications should be made to the system-wide /etc/profile file. This
file, along with the user's own .bash_profile and .bashrc are read in
during every login.
Here's an outline of what _probably_ has to be added in /etc/profile in
order to achieve what Prosun desires:
1. The process-id of the user's login shell has to be obtained.
2. A shell script has to be started in the background and given this
process-id. This background process will sleep for 1 hr (Abhijit's sleep
3600) and, on waking up, will kill the process whose process-id it knows.
Even then, clever users may be able to get around this.
Would others like to share their ideas too?
- Manas Laha
Maybe one should write a small C program to do 2 and make it suid 755
and call it from etc profile. That will be beyond the users
manipulation.
etc profile can easily find the id using 'id -u'
(A more professional design for a web kiosk operation could use a
modified code of xscreensaver and call it from etc profile in the
above way to lock the screen instead of logging a user out, so that
you could remotely authorize and record a second hour! )
Anshul
*****************************************
This Mail is Certified to be Virus Free.
CIC Network Security Group, IIT Kharagpur
*****************************************
--
To unsubscribe, send mail to [EMAIL PROTECTED] with the body
"unsubscribe ilug-cal" and an empty subject line.
FAQ: http://www.ilug-cal.org/node.php?id=3
