Xref: utzoo comp.unix.admin:318 comp.unix.shell:569 Path: utzoo!attcan!uunet!samsung!zaphod.mps.ohio-state.edu!usc!csun!mx.csun.edu!mst From: mst@mx.csun.edu (Michael Temkin) Newsgroups: comp.unix.admin,comp.unix.shell Subject: Re: Logging a User Off Message-ID: <1990Oct13.195402.4430@csun.edu> Date: 13 Oct 90 19:54:02 GMT References: <1990Sep11.173008.274@mccc.uucp> <15051@cbmvax.commodore.com> Sender: news@csun.edu (News Administrator) Reply-To: mst@secs.csun.edu (Michael Temkin) Organization: School of Engineering and Computer Science, CSU Northridge Lines: 45 In article <15051@cbmvax.commodore.com> ag@cbmvax.commodore.com (Keith Gabryelski) writes: >In article <1990Sep11.173008.274@mccc.uucp> pjh@mccc.uucp (Pete Holsberg) writes: >>For reasons that are beyond the scope of this question, all new logins >>on one of my systems (3B2.400 SVR3.1) get no initial password. I've >>written a little script that I put into /etc/profile. It examines the >>password field of /etc/passwd for the user logging in and runs the >>passwd program if the password field is empty. >> >>However, I would like to be able to terminate the login process if that >>user fails to select a password. I though I would examine the return >>code of the passwd command and then exit if it's not 0. BUT, simply >>executing "exit" doesn't abort the login; it aborts /etc/profile! What >>can I execute to terminate the login of a user who fails to select a >>valid password? > >Remember that a user may hit the interupt key before your script >starts, thus aborting /etc/profile and your password scheme. Even >placing a `trap' at the start of /etc/profile will not help this >(since on a user could hit the interupt character before the trap was >executed). > > >Pax, Keith ``Just catching up on 3 weeks of unread news'' Gabryelski Actually, I was thinking that if this is ONLY on first login of a new account, create a script/program that is inserted as the users shell. The "code" would execute /bin/passwd, then /usr/bin/chsh to change the shell to something more appropriate. Afterwards, it would exec to the new shell. Besides enforcing the "SET A PASSWORD" situation, it lets users either select their own choice of shell, or it will let you (if chsh is restricted) set it when someone uses their account. In this way, accounts that have been handed out, but not accessed are easy to find and investigate why an account was given out and is not being used... Just some thoughts... Mike. -- Mike Temkin mst@csun.edu Cal. State U. Northridge, School of Engineering and Computer Science Voice phone: (818) 885-3919