A simple technique is to have /etc/profile check for user X and for him
source another file (containing the commands which X can't modify). Have
root
own this file and allow all others to only read and execute it. sudo is
unnecessary.
This is inelegant in that it has a general and widely used file look for
special cases,
but that is something that almost all programs do. This inelegancy is present
in other
places in UNIX .
The text of the preceding emails is attached.
On 17 Jan 2007 21:42:49, Todor Dragnev <[EMAIL PROTECTED]> wrote
To: [EMAIL PROTECTED]
Cc: Pieter de Goeje <[EMAIL PROTECTED]>, freebsd-questions@freebsd.org
> You can attach script to auth.info;authpriv.info in syslog.conf and
> listen for login events...
> man syslog.conf(5) - look for vertical bar(pipe) functionality
> On Jan 17, 2007, at 18:46 , George Vanev wrote:
>> On 1/17/07, Pieter de Goeje <[EMAIL PROTECTED]> wrote:
>>>
>>> On Wednesday 17 January 2007 11:49, George Vanev wrote:
>>>> Every time user X (for example) logs in the system I want to execute some
>>>> script.
>>>> The user must not have the permission to change this behavior.
>>>> Also the script must be run as root.
>>>> Something like crontab, but depending on logins, not time
>>>>
>>>> Any ideas?!
>>> If this user logs in via SSH you can use the ForceCommand keyword in
>>> sshd_config(5) to execute your script. The root part can be
>>> achieved with sudo(8) .
>>>
>>> Regards,
>>> Pieter de Goeje
>>>
>>
>> Thanks, nice idea. But it seems I can't use it.
>> Let me be more specific:
>> If user X logs in then I want to run "/usr/bin/script -aq /path/user_X"
>> The file user_X must be protected from modifying/deleting
>>
>> Could this be done?!
>>
>> --
>> George Vanev
A simple technique is to have /etc/profile check for user X and for
him
source another file (containing the commands which X can't modify). Have
root
own this file and allow all others to only read and execute it. sudo is
unnecessary.
This is inelegant in that it has a general and widely used file look for
special cases,
but that is something that almost all programs do. This inelegancy is present
in other
places in UNIX .
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"