Howto run privileged commands on login/logout

Polytropon freebsd at edvax.de
Sun Feb 7 15:21:38 UTC 2010 

On Sun, 07 Feb 2010 01:55:02 +0100, Erik Norgaard <norgaard at locolomo.org> wrote:
> Hi:
> 
> I'm playing around with diskless operation. I'd like to be able to run 
> privileged commands when a user logins or logs out:

You can handle this in two ways:

a) On a per-user basis, you can use the user's ~/.login and
   ~/.logout files; those are corresponding to the C Shell,
   and assuming that csh is the dialog shell for the user.

b) On an all-users basis, you can use /etc/csh.login and
   /etc/csh.logout to have all users perform the commands
   you want to run.



> - on login, nfs mount the user's home directory (ok, not critical, I can 
> mount /home)

As it has already been mentioned, it is easy to use amd
and / or automounter tool for that.



> - on logout a system reboot to clean up any temporary files left from 
> the session.

A system reboot? To clean up temporary files? Caused by
an "ordinary" user? Excuse me, Sir, what strange country
are you from? :-)

Honestly, that's not neccessary. If you want to make sure
that all temporary files belonging to a specific user are
deleted upon user logout, you can simply let him do it by
his ~/.logout script, e. g. using "rm -rf /tmp"; this might
sound very violent, but it will only delete the user's
files from the /tmp subtree.

There are very few occassions you HAVE to reboot a BSD machine.
Cleaning temporary files is *not* one of them, especially
if you don't have clear_tmp_enable set to "YES" in /etc/rc.conf.

If temporary files are left in other directories you know
of, you can clean them as well.



> Is this possible, without messing arround with sudo or adding users to 
> wheel or operator groups?

Of course. You can edit the permissions for the programs
you explicitely want to allow "ordinary" users to run,
e. g. the /sbin/shutdown binary.



A sidenote: If we're talking about X, the GiveConsole and
TakeConsole in /usr/local/lib/X11/xdm/ can be used. Those
are shell scripts that allow chown'ing and chmod'ing files
to specific users, as well as other things.

I know that a problem may occur when multiple users log in.



-- 
Polytropon
Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...

More information about the freebsd-questions mailing list