|
UNIX Hints & Hacks |
 |
||||||||||||||||||||||||||||||||||||
|
Chapter 5: Account Management |
|
||||||||||||||||||||||||||||||||||||
|
The last field in the password file reflects the command interpreter that is used by the account when logging in to a system.
Flavors: AT&T, BSD
Shells: All
Syntax:
chsh -s shell
When you think of a shell, you think of the Bourne shell, or csh, tcsh, bash, and ksh. The Bourne shell (/bin/sh) typically is the default shell for most systems. Choosing a shell is a matter of personal preference.
Flavor: BSD
On BSD flavors, the user has the capability to switch to whatever shell he or she is most comfortable with. There is a list to choose from in the /etc/shells file that gets referenced and users are allowed to access their shell.
% chsh -s /bin/tcsh Changing shell for kxwexler Password: Shell changed.
There is no system administrator intervention; the user has the ability to make the changes on his or her own providing that the account actually resides on the local system. This works only with NIS/YP if the user is logged in to the system that was the NIS/YP master and the /etc/passwd file is mapped as the master password file. Changes won't take effect on all the slaves and clients until the next time the maps are pushed.
|
Warning - Don't ever point the shell for root to a shell that lives in any partition other then the root partition. If a shell is defined in /usr/bin and the /usr partition is corrupted or doesn't mount, you will be unable to log in to a single user state. You will be forced to boot miniroot off the CDs or floppies and correct your mistake. |
Flavors: AT&T, BSD
The reality is that any program that can be interpreted can go into the last field of the password file. This includes programs, applications, and even scripts. When the program is finished, there is no shell to drop in to, so you are logged out. Here is a simple example of how you could Telnet to a remote system and display the current time by logging in to it.
First set up an account on the remote system called date, and point the shell to the name of the script that executes the date command. Always have a password on the account if you can.
#vi /etc/passwd
date:AdSf/oew.233d:165:100:Display the Date:/home/date:/hosts/date/showdate
# mkdir -p /home/date # chown date /home/date # chmod 700 /home/date
Create the script to display the date:
vi /home/date/showdate
#! /bin/sh /bin/date
Line 1: Define the shell to be used for the script.
Line 2: Display the date to STDOUT.
Make the script executable so it runs when the account date gets logged in to:
% chmod 700 /home/date/showdate
It is now all set up. Exit the remote system and Telnet back to it:
# telnet rocket Trying 207.134.40.77... Connected to rocket. Escape character is '^]'. Linux 2.0.33 (rocket) (ttyp2)
rocket login: date Last login: Sun Nov 1 1 22:02:13 from ugu.com Linux 2.0.33. Sun Nov 1 22:02:13 GMT 1998 Connection closed by foreign host.
This can be any executable program, application, or script. The date command could be changed to the df command to display current status of the filesystems on the remote system. This is a great way to automate certain types of processes and display the results without ever logging in and running scripts and commands.
Always keep in mind that the command interpreter can interpret almost anything. Always test your modifications on a nonproduction system before running this in the real world. Be sure that, whatever you replace the shell with, there is no possible way to break out of the application to a shell. The system can seriously be compromised.
I think nearly everyone has seen a program being interpreted at the time of login. If you look at the password file entry there is an account called sync. When you type the word sync at the login prompt, it executes a sync of the disks. You never physically log in to a shell.
An excellent example of logging straight in to an application in the real world is at the InterNIC Registration Service Center. Telnet there and you can see how this process works.
telnet rs.internic.net Trying 198.41.0.6... Connected to rs.internic.net. Escape character is '^]'.
UNIX(r) System V Release 4.0 (rrs4)
************************************************************************* * -- InterNIC Registration Services Center -- * * For the *original* whois type: WHOIS [search string] <return> * For referral whois type: RWHOIS [search string] <return> * * For user assistance call (703) 742-4777 # Questions/Updates on the whois database to HOSTMASTER@internic.net * Please report system problems to ACTION@internic.net *************************************************************************** The InterNIC Registration Services database contains ONLY non-military and non-US Government Domains and contacts. Cmdinter Ver 1.3 Mon Nov 2 01:21:02 1998 EST [vt100] InterNIC >
Man pages:
chsh, date, telnet
Internet:
tenet rs.internic.net
|
UNIX Hints & Hacks |
|
||||||||||||||||||||||||||||||||||||
|
Chapter 5: Account Management |
|
||||||||||||||||||||||||||||||||||||
|
© Copyright Macmillan USA. All rights reserved.