Special tasks at login [was Re: Automatic login script execution]

Wed Apr 11 15:07:39 AEST 1990

THE FOLLOWING CONTAINS A REASONABLY TIDY, BUT TOTALLY UNSUPPORTED HACK TO
THE SYSTEM LOGIN COMMAND.  SINCE NO SYSTEM'S CONFIGURATION CAN BE FULLY
ANTICIPATED, NOTE THAT EVEN DOING THE BELOW CORRECTLY MAY DISABLE ALL
LOGINS TO YOUR SYSTEM, OR WORSE.  IT MIGHT BE GOOD TO HAVE INSTALLATION TAPES
ON HAND WHILE EXPERIMENTING...

schriste at uceng.UC.EDU (Steven V. Christensen) writes:
>  Can anyone point me to a login.c replacement ...
when looking for a way to have a notice, etc., read by all users.

Steve and several of those replying immediately began discussing
/etc/motd, ~/.cshrc, /etc/cshrc, ~/.profile, etc.

None of these remotely answer the problem.  A user can turn off /etc/motd
viewing for him/herself with ~/.hushlogin, and the various startup scripts only
apply to their specific interpreters, most of which have a different syntax.
(Do *you* know the command syntax for the "ish" shell?  No, I don't either...)

What is needed is a way to specify a *program* for login to run as each user
logs in.  Currently on /usr/ucb/quota appears to be used this way.  So...
backup your login program and do the following (after backup it up):

(Have you backed up your login first?)

Whip out your GNUEmacs or other binary-capable editor;  note that this
generally does *not* include VI.

Load in the login program *executable* for editing.

Notice the /usr/ucb/quota string with the binary.  This string is the
argument to a call to run another program.

Warnings:  Do NOT alter the length of the binary.
           Do NOT try to replace /usr/ucb/quota with a longer pathname.
           Do NOT put in a path to a script, it would be *very* insecure.

Replace the existing path with the new path of the same length or less, padding
any leftover space with zeros.  Be very careful to exactly match the length
of the original path with the sum of the new pathlength and trailing zeros.

A program path like /usr/etc/logex might be appropriate (this assumes that
the path /usr/ucb/quota was actually used on your system;  BE WARNED).

The resulting file, once saved, will contain a hook which can be filled with
virtually any utility.  Examples:

	A program putting up a banner from a network-wide file, in addition to
	the local /etc/motd (Steve's problem).

	A program performing additional accounting or administrative tasks.

	A program to notify an administrator in real time of the login, or other
	security-related job.

Additional check:  compare the sizes of the original and new login executables
with "wc" or equivalent.  They must be equal.

Be particularly careful of creating new security holes. as login is usually
set-UID root.  Thus no user should be able to effect the added program's
activity.

------

It would have been nice if login read a file on startup for additional
administrative programs to run, instead of hard-wiring /usr/ucb/quotas.

Good luck.  Don't screw up and lock yourself out of your system.  Remember
you can test the new one by executing it by ./login or the equivalent (csh
traps the simple token "login". and performs an exec.)  Don't install it
carelessly.

------------------------------------/\----------------------------------------
Seo:  Harp[@Mcc.Com]               /  \/\ ^*^           Christopher North-Keys
Tha mi gu trang a'cluich.         /    \ \         Assoc. Systems Analyst, MCC
--------------------------------(disclaimer)----------------------------------