Subject: Re: Execute script every time a specified user logs in (FreeB SD 6.1)

[Damian Wiest]

> > On Jan 17, 2007, at 18:46 , George Vanev wrote:
> 
> >> On 1/17/07, Pieter de Goeje <pieter at degoeje.nl> wrote:
> >>>
> >>> On Wednesday 17 January 2007 11:49, George Vanev wrote:
> >>>> Every time user X (for example) logs in the system I want to execute some script.
> >>>> The user must not have the permission to change this behavior.
> >>>> Also the script must be run as root.
> >>>> Something like crontab, but depending on logins, not time
> >>>>
> >>>> Any ideas?!
> >>> If this user logs in via SSH you can use the ForceCommand keyword in
> >>> sshd_config(5) to execute your script. The root part can be
> >>> achieved with  sudo(8) .
> >>>
> >>> Regards,
> >>> Pieter de Goeje
> >>>
> >>
> >> Thanks, nice idea. But it seems I can't use it.
> >> Let me be more specific:
> >> If user X logs in then I want to run "/usr/bin/script -aq /path/user_X"
> >> The file user_X must be protected from modifying/deleting
> >>
> >> Could this be done?!
> >>
> >> --
> >> George Vanev
> 	A simple technique is to have  /etc/profile  check for user  X  and for him
> source another file (containing the commands which  X  can't modify).  Have  root
> own this file and allow all others to only read and execute it.   sudo  is unnecessary.
> This is inelegant in that it has a general and widely used file look for special cases,
> but that is something that almost all programs do.  This inelegancy is present in other
> places in  UNIX .

FWIW if you're really feeling up to it you can simply craft your own 
shell for the user.  You can write a short C program that forks a 
process, and call execve() with your script in the child, and then 
execve() with their desired shell in the parent.

I'm probably mistaken about this, but I didn't think /etc/profile was 
necessarily executed should someone login via ssh.

-Damian