I amnot really get it about :
"The next-easiest place I can think of is during Xstartup,
which runs as root after the user has logged in. The user
can't interfere with it and it can log to a root-only destination"
Can explain more detail about it? I am new about it
Thanks
Fitra
ottomeister <[EMAIL PROTECTED]> wrote:
On 6/21/06, Bob Doolittle <[EMAIL PROTECTED]> wrote:
> #!/bin/sh
>
> utwho -c | nawk -v TOKEN=$SUN_SUNRAY_TOKEN '
> $2 == TOKEN { printf ( "User: %s Token: %s\n", $3, $2 ) }
> '
If this is executing during session startup then why does it
need to run 'utwho'? It's running as the user, so 'id' is all
you need. You could even 'echo $LOGNAME'. But,
unfortunately, it's (by design) very easy for a user to
interfere with the execution of an Xsession.d script so
they're not great for doing things that absolutely have to
work correctly.
Also, because an Xsession.d script runs as a normal user,
the place it's logging to has to be writeable by that user.
This means that the user can write to the logging mechanism
at any time, which means that he can write garbage into it.
Maybe even delete or truncate it, if it's just a file.
If the users are malicious or even just mischievous then
you need to be careful about how you create and log this
information. You might decide that an Xsession.d script
just isn't the appropriate solution.
The next-easiest place I can think of is during Xstartup,
which runs as root after the user has logged in. The user
can't interfere with it and it can log to a root-only destination.
OttoM.
__
ottomeister
Disclaimer: These are my opinions. I do not speak for my employer.
_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users
Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls. Great rates starting at 1ยข/min.
_______________________________________________ SunRay-Users mailing list [email protected] http://www.filibeto.org/mailman/listinfo/sunray-users
