Maybe I am missing something here, but you cant suid a shell script. Crontab needs root, doesnt it?No, only when root allows users to use crontab. But root have to give the permission for that user, which is not a good idea I think. I don't know, is solved using PAM?
still waiting prosun
and the calling program here
(etc/profile) is called with user permissions. I cant see any way to get around suid if you dont want the user messing around and so a shell script wont do.
Anshul
On Mon, 14 Feb 2005 08:08:50 +0530, Rajiv Lodha <[EMAIL PROTECTED]> wrote:instead of "C" program, you can write a unix shell script ... make a smart use of CRON(TAB), we used to do this with our fellow students at our institue.
but instead of 1 hr ... we did the same for 1 min ;-)
He He He.
rajiv
On Mon, 14 Feb 2005 05:16:29 +0530, Anshul <[EMAIL PROTECTED]> wrote:
> On Sun, 13 Feb 2005 13:09:21 +0530, Manas Laha
> <[EMAIL PROTECTED]> wrote:
> >
> > Abhijit Banerjee wrote:
> >
> > >prosun try this
> > >in bashrc add at the end
> > >
> > >sleep 3600
> > >logout
> > >
> > >
> > Won't work, unfortunately! All this will do is block the terminal for
> > one hour and then log the user out. Not quite what Prosun desires.
> >
> > Also, any modifications made to the user's .bashrc or .bash_profile can
> > be undone by the user any time in the one hour available to him. So, the
> > modifications should be made to the system-wide /etc/profile file. This
> > file, along with the user's own .bash_profile and .bashrc are read in
> > during every login.
> >
> > Here's an outline of what _probably_ has to be added in /etc/profile in
> > order to achieve what Prosun desires:
> >
> > 1. The process-id of the user's login shell has to be obtained.
> > 2. A shell script has to be started in the background and given this
> > process-id. This background process will sleep for 1 hr (Abhijit's sleep
> > 3600) and, on waking up, will kill the process whose process-id it knows.
> >
> > Even then, clever users may be able to get around this.
> >
> > Would others like to share their ideas too?
> >
> > - Manas Laha
> >
>
> Maybe one should write a small C program to do 2 and make it suid 755
> and call it from etc profile. That will be beyond the users
> manipulation.
>
> etc profile can easily find the id using 'id -u'
>
> (A more professional design for a web kiosk operation could use a
> modified code of xscreensaver and call it from etc profile in the
> above way to lock the screen instead of logging a user out, so that
> you could remotely authorize and record a second hour! )
>
> Anshul
>
> --
> I'm too lazy to compose a creative sig, so i stole someone else's.
>
> --
> To unsubscribe, send mail to [EMAIL PROTECTED] with the body
> "unsubscribe ilug-cal" and an empty subject line.
> FAQ: http://www.ilug-cal.org/node.php?id=3
>
-- Imagination is more important than knowledge. Knowledge is limited. Imagination encircles the world.
Albert Einstein
-- To unsubscribe, send mail to [EMAIL PROTECTED] with the body "unsubscribe ilug-cal" and an empty subject line. FAQ: http://www.ilug-cal.org/node.php?id=3
-- Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/
-- To unsubscribe, send mail to [EMAIL PROTECTED] with the body "unsubscribe ilug-cal" and an empty subject line. FAQ: http://www.ilug-cal.org/node.php?id=3
