Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!ncar!tank!mimsy!haven!umd5!feldman From: feldman@umd5.umd.edu (Mark Feldman) Newsgroups: comp.sys.next Subject: Re: csh & the NeXTs Message-ID: <4527@umd5.umd.edu> Date: 14 Feb 89 22:48:06 GMT References: <17953@vax5.CIT.CORNELL.EDU> Reply-To: feldman@umd5.umd.edu (Mark Feldman) Distribution: na Organization: University of Maryland, College Park Lines: 78 In article <17953@vax5.CIT.CORNELL.EDU> jhc@Vax5.CIT.Cornell.EDU (James H. Cloos, Jr.) writes: > >On another tangent, I would like to execute some commands on login iff I've >loged in remotely, but don't know how to check this in .login. I have the >following basic form: >if (remote-login) then > [execute some commands here] > if (no-one-else-on) > [execute some more commands here] > endif >endif > >where remote-login is true if I've rlogged in or telneted in, and >no-one-else-on is true if anyone else who is logged in has also logged in >via rlogin or telnet. (Ie, the [execute some more commands here] line(s) >should not run if someone is logged in at the machine itself.) Is there any >way to determine these from w/in a csh script? > >Thanks for any help. > >-JimC One of our NeXTs is available for faculty to evaluate. In order to make it easy to log into, we placed a guest account on it w/o a password. Unfortunately, there are some maladjusted individuals that like to attack computers -- especially those with guest accounts w/o passwords -- over the net. In order to prevent people from using telnet/rlogin/rsh to sign on the guest account and still allow guest at the console to bring up a terminal/csh, I use the following as guest's shell: VVVVVVVVVVVVVVVVVVVVVVV /usr/local/lib/securecsh VVVVVVVVVVVVVVVVVVVVVVVVV #!/bin/csh -f # # get the user name of the parent of this process # set ppid=`ps -l $$ | awk '{ if ($3 == "'$$'") print $4}'` set parent=`ps -u $ppid | awk '{ if ($2 == "'$ppid'") print $1}'` # # see if the user brought up the shell (OK) or if it was created by # the system (telnetd/rlogind -- not OK) # if ($parent == $USER) then setenv SHELL /bin/csh setenv PATH /usr/local/lib exec -csh else echo Network access to the $USER account is not allowed. echo Access to this machine is for authorized users only. sleep 4 endif ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ It checks the user name of the parent process and if it the parent is the same as the user, then the user started the shell after already logging in (at the console) and everything is ok. If the user name and the parent process' name are different, then the parent process is probably a root process (telnetd, rlogind, ...) and I don't want them around. -csh is actually a symbolic link in /usr/local/lib that points to /bin/csh. In order for csh to run your .login, it (argv[0]) must be called as -csh. Yes, it's a kludge. No question about it. Jim, I'm sure that this could be modified to do whatever you want. If this is part of a .login or .cshrc and not a shell, then the exec stuff can be tossed. The part about checking if anyone else is on can be implemented by using wc or awk on the output of users or who. Net, If you've get a better solution, I'm interested. I would have simply modified the NeXT login, 'cept I don't have the source (sorry about that). Mark