From owner-freebsd-questions@FreeBSD.ORG Sat Mar 14 01:18:40 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 607F0106564A for ; Sat, 14 Mar 2009 01:18:40 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from mx01.qsc.de (mx01.qsc.de [213.148.129.14]) by mx1.freebsd.org (Postfix) with ESMTP id 202CA8FC15 for ; Sat, 14 Mar 2009 01:18:40 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from r55.edvax.de (port-92-196-109-64.dynamic.qsc.de [92.196.109.64]) by mx01.qsc.de (Postfix) with ESMTP id 700943C9CA; Sat, 14 Mar 2009 02:18:32 +0100 (CET) Received: from r55.edvax.de (localhost [127.0.0.1]) by r55.edvax.de (8.14.2/8.14.2) with SMTP id n2E1IRmu002178; Sat, 14 Mar 2009 02:18:27 +0100 (CET) (envelope-from freebsd@edvax.de) Date: Sat, 14 Mar 2009 02:18:27 +0100 From: Polytropon To: Steve Bertrand Message-Id: <20090314021827.1ada6548.freebsd@edvax.de> In-Reply-To: <49BB0467.6090606@ibctech.ca> References: <49BB0161.3070800@ibctech.ca> <49BB0467.6090606@ibctech.ca> Organization: EDVAX X-Mailer: Sylpheed 2.4.7 (GTK+ 2.12.1; i386-portbld-freebsd7.0) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: "freebsd-questions@freebsd.org Questions -" Subject: Re: Execute and lock a user into a program upon login X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Polytropon List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 14 Mar 2009 01:18:40 -0000 On Fri, 13 Mar 2009 21:12:07 -0400, Steve Bertrand wrote: > Steve Bertrand wrote: > > Hi everyone, > > > > Although the application of my question focuses on network operation, I > > believe that the objective fits this list. > > > > Mostly irrelevant, I have been working on securing my network perimeter. > > I have a FreeBSD box that acts as a host-based BGP peer to all edge > > connected routers. > > > > I use this host-based Quagga FBSD router to distribute routes that are > > to be blackholed by the edge devices. > > > > What I want is to set up an environment so that when a specific user > > logs in to the box via SSH, a command is run, and they immediately get > > dropped into the environment that the command produces. > > > > When they exit this 'command', the login session is dropped. > > > > Essentially, I want to 'lock' a user into a program upon SSH login, and > > drop them from the SSH session when the program terminates. > > > > In essence: > > > > - user 'router' connects via SSH > > - user is dropped into the application 'vtysh' > > - user performs operations > > - user exits from program > > - shell drops (ie. user does not have to exit the csh shell to drop the > > SSH connection) > > I probably should have explicitly stated that I'd like help as to how I > would go about doing what I want to do, instead of simply stating my > goals ;) If the user's shell is csh (FreeBSD's standard dialog shell), you could achieve the goal: ~/.login vtysh logout Only problem: I don't know how the shell will act when the user terminates the vtysh application (^C)... Idea: When the application vtysh is terminated, the next command in the .login file will be executed, which is the logout command that will cause the login shell to exit. This will close the SSH connection as well. (I haven't checked this, sorry.) -- Polytropon >From Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...