Skip to main content

Thread: custom login shell script

-

i have ubuntu 10.04 server joined windows active directory domain via likewise open 6. works , users can log in using ad credentials without problem.

since our ad environment large , want ad users able log in machine, changed likewise's configuration default login shell points simple wrapper script. script decides whether user should granted real shell based on whether ad username on whitelist @ /etc/domain-users. script looks this:

code:
#!/bin/bash  username=`whoami`  if grep ^$username$ /etc/domain-users > /dev/null   echo "user authorized"   /bin/bash   else echo -e "you not authorized log server\n\n" fi
this approach works fine ssh sessions, doesn't allow domain users scp , can't figure out why. running scp verbose flag domain user outputs:
code:
$ scp -v file domain-userserver:/home/domain-user executing: program /usr/bin/ssh host server, user domain-user, command scp -v -t /home/domain-user openssh_5.3p1 debian-3ubuntu4, openssl 0.9.8k 25 mar 2009 debug1: reading configuration data /etc/ssh/ssh_config debug1: applying options * debug1: connecting server [128.220.16.23] port 22. debug1: connection established. debug1: identity file /home/user/.ssh/identity type -1 debug1: identity file /home/user/.ssh/id_rsa type -1 debug1: identity file /home/user/.ssh/id_dsa type -1 debug1: remote protocol version 2.0, remote software version openssh_5.3p1 debian-3ubuntu4 debug1: match: openssh_5.3p1 debian-3ubuntu4 pat openssh* debug1: enabling compatibility mode protocol 2.0 debug1: local version string ssh-2.0-openssh_5.3p1 debian-3ubuntu4 debug1: ssh2_msg_kexinit sent debug1: ssh2_msg_kexinit received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: ssh2_msg_kex_dh_gex_request(1024<1024<8192) sent debug1: expecting ssh2_msg_kex_dh_gex_group debug1: ssh2_msg_kex_dh_gex_init sent debug1: expecting ssh2_msg_kex_dh_gex_reply debug1: host 'server' known , matches rsa host key. debug1: found key in /home/user/.ssh/known_hosts:1 debug1: ssh_rsa_verify: signature correct debug1: ssh2_msg_newkeys sent debug1: expecting ssh2_msg_newkeys debug1: ssh2_msg_newkeys received debug1: ssh2_msg_service_request sent debug1: ssh2_msg_service_accept received debug1: authentications can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive debug1: next authentication method: gssapi-keyex debug1: no valid key exchange context debug1: next authentication method: gssapi-with-mic debug1: unspecified gss failure.  minor code may provide more information credentials cache file '/tmp/krb5cc_1000' not found  debug1: unspecified gss failure.  minor code may provide more information credentials cache file '/tmp/krb5cc_1000' not found  debug1: unspecified gss failure.  minor code may provide more information   debug1: next authentication method: publickey debug1: trying private key: /home/user/.ssh/identity debug1: trying private key: /home/user/.ssh/id_rsa debug1: trying private key: /home/user/.ssh/id_dsa debug1: next authentication method: keyboard-interactive password:  debug1: authentication succeeded (keyboard-interactive). debug1: channel 0: new [client-session] debug1: requesting no-more-sessions@openssh.com debug1: entering interactive session. debug1: sending environment. debug1: sending env lang = en_us.utf8 debug1: sending command: scp -v -t /home/domain-user user authorized user@user-ubuntu-netbook:~$ debug1: client_input_channel_req: channel 0 rtype exit-status reply 0 debug1: channel 0: free: client-session, nchannels 1 debug1: fd 0 clearing o_nonblock debug1: fd 1 clearing o_nonblock transferred: sent 1552, received 2088 bytes, in 0.2 seconds bytes per second: sent 9287.5, received 12495.0 debug1: exit status 0
i think trick solving problem figure out way wrapper script accept command argument , execute it; currently, looks scp tries send script command, ignores it. advice on how solve appreciated.

edit: figured out. needed tell script should execute $2 if exists, changed wrapper script to:

code:
#!/bin/bash  username=`whoami`  if ! grep ^$username$ /etc/domain-users > /dev/null;    echo -e "you not authorized log server\n\n" elif test -z "$2";    echo -e "user authorized"    /bin/bash else #in case users trying send command via ssh or use scp    $2 fi

i've read through , think great concept! have similar situation work

i've run through basics, created file list of users

created login script

don't know change likewise information. can point me in better direction?

great concept, fyi


Forum The Ubuntu Forum Community Ubuntu Specialised Support Development & Programming Programming Talk custom login shell script


Ubuntu

Comments

Post a Comment

Popular posts from this blog

CS5 Adobe Media Encoder: Encode failed because the source duration is nil.

-
i've been running production premium on new windows 7 64bit, 6gb i7 system several weeks , haven't had issues exporting media encoder.   i installed trial version of dreamweaver without of add-on's thought might mess licensed installation.   every attempt export -> media -> queue get's following error in ameencodingerrorlog.txt   - source file: c:\users\rob\appdata\local\temp\someproject.prproj - output file: c:\users\rob\videos\someproject.mov - preset used: custom - video: - audio: - bitrate: - encoding time: 00:00:00 7/8/2010 10:14:34 : encoding failed ------------------------------------------------- encode failed because source duration nil.   doing export directly pp works without error, don't want wait each export complete.   any ideas other reinstall pp?   tia i noticed range selector triangles right next each other.   changed source range: work area   not sure why default set 0 range. doesn't remember last setting when selected entire sequ
Read more

cf_sql_integer vs cf_sql_bigint vs cf_sql_int??

-
i have id (primary key) set bigint in sql server. have query following: where whateverid = <cfqueryparam cfsqltype="cf_sql_integer" value="#url.id#"> i got invalid data type it. tried: where whateverid = <cfqueryparam cfsqltype="cf_sql_bigint" value="#url.id#"> i still got invalid data type it. tried: where whateverid = <cfqueryparam cfsqltype="cf_sql_int" value="#url.id#"> and worked. the weird thing cf_sql_int not listed being accepted: http://www.adobe.com/livedocs/coldfusion/5.0/cfml_reference/tags79.htm can explain me. > whateverid = <cfqueryparam cfsqltype="cf_sql_bigint" value="#url.id#"> what value of #url.id#? had no problems either using cf8. > weird thing cf_sql_int not listed being accepted: iirc, when pass in invalid sql type cf uses default: cf_sql_char, accepts anything. ms sql implicit convert() right type , why works. More discussions in Data
Read more

localhost/joomla15/administrator doesnt work - Joomla! Forum - community, help and support

-
hi, i'm starting , address http://localhost/joomla15/administrator doesn't work (it stays blank, no error or anything). wonder if have change in address or somewhere else. joomla installed through web-host dreamhost.com , didn't have much. i appreciate help. silvia http://localhost tells browser not go out internet use localized web server installed on pc. lack of better description, localized web server doing coding , test site development on local pc using software turns pc "local" web server; hence, term - localhost. you mentioned dreamhost.com installing joomla. assume mean installed joomla on hosting account? so need access joomla installation by: http://www.yourdomain.com/joomla15/administrator Board index Joomla! Older Version Support Joomla! 1.5 Installation 1.5
Read more