This is a linux related problem. I have searched around but did not get a good explanation.
It seems to me that both file configure the setup when I log in, but is there any difference? I notice that there seems to be "some rule" in deciding what should go into two different files. For example, if I need to add a specific search path to $PATH, I should do it in ~/.bashrc. But if I decide to change some system setting, like
/sys/class/backlight
or
/sys/devices/cpu/cpu#/online
then I have to do this in /etc/rc.local, otherwise it will not work.
Is it because these configurations can not differ between users?
Thanks.
The difference is in when they are run and who they're running as when run i.e. rc.local is run on a change of run level and it runs as root. bashrc is bash specific and run on a non login shell as a particular user.
You can find a good explanation of rc.local here
The script /etc/rc.local is for use by the system administrator. It is
traditionally executed after all the normal system services are
started, at the end of the process of switching to a multiuser
runlevel. You might use it to start a custom service, for example a
server that's installed in /usr/local. Most installations don't need
/etc/rc.local, it's provided for the minority of cases where it's
needed.
and you can find what you need about bashrc
man bash
When an interactive shell that is not a login shell is started, bash
reads and executes commands from ~/.bashrc, if that
file exists. This may be inhibited by using the --norc option.
The --rcfile file option will force bash to read and
execute commands from file instead of ~/.bashrc.
There's more info on bashrc in this question...
https://superuser.com/questions/49289/what-is-the-bashrc-file
This question was asked by me a month ago, though later I realized that stack overflow is not the best site for this Linux question. Thanks for people who answered this question earlier, but I would like to add some more explanation here.
Basically there are (at least) three stages where a user may change system environment in Linux:
when the system boots; This stage is most appropriate if we fancy permanent system setting, and should be made via /etc/.... For example, in my original question, the backlight, as well as on-line/off-line management of some CPUs can be set in this way, and /etc/rc.local is the right shell script I should edit. By "permanent", it means that this update will affect all users using the system.
when a user logs in; This stage is most appropriate if a user only wants to change his personal Linux environment. Therefore, files under ~/ (or HOME) should be the right place to look for. For example, ~/.profile (historically referred to as ./bash_profile or ~/bash_login) is a shell script run at login time. ~/pam_environment is not a shell script, but useful for setting environmental variables (see Ubunte-official-wiki-environmental_variables for more information).
when a user starts a bash shell; This stage is more restricted, as it only has effects inside a bash shell (as well as its child processes), hence does not affect GUI environment. So if a user is doing most of his job from a shell, then this is an appropriate stage to go for. The shell script related to this stage is ~/.bashrc. For example, environmental variables PATH can be changed here.
Hopefully this summary is more intuitive than technical.
.bashrc runs for each bash session started (i.e. every time you open a shell). It sounds as though you're talking of .bashrc as if it were .bash_profile which is run once per login.
Depending on what kind of setup you're running the rc.local is a legacy construct but, traditionally it was run on the last run level during start up. You can see this link for other related posts talking about rc.local.
If you're on a system running systemd this is usually included by default in the systemd package systemd-backlight.service.
Related
Since I dont have root access, I cannot add the script to .profile.
I tried to use crontab to make it run every 10 secs. Even that is not allowed, since I am not root.
In executing the program in cron there is no need of root permission. Because
each and every user should have the separate cron entry. So you can do that using cron.
Your ~/.profile should be under your control, as should your own crontab. That is, unless your sysadmin has gone out of her way to prevent users from manipulating these. In which case, you will just need to talk to them.
If your ~/.profile is not loading you may want to try ~/.kshrc if you are using Korn Shell as your user's shell. Or if it's bash you can use ~/.bashrc or ~/.bash_profile (this is most common on linux).
I am trying to log the applications that a user opens/closes in the Linux (any distro) OS. Is there a way to execute a script (Java,Python,etc) everytime an application (like firefox,etc) is opened and closed?
As a general feature -- no.
The execution of a script to log the execution, would in itself be a program execution which would require logging, and hence you would have a recursive problem.
However, if you want to log specific programs, you can implement a shell script which replaces the executable for those specific programs (firefox, python etc), and then within that shell script you could log the execution before calling the actual program.
However
The user would still be able to call the original program without the logging if they know the path.
The new scripts would be a security issue (making the system less secure) and hence would not be recommended.
So in short, a bad idea.
This is not a programming question, but still.
You can actually do this. See https://superuser.com/questions/222912/how-can-i-log-all-process-launches-in-linux
There are many answers. For example, you could use auditd.
I am trying to write a shell script to mount loop device, and I am assigning this script with a sticky bit to execute as uid(root).(this is for other users on server) The problem is I can't seem to run 'mount' command without using sudo in front of it. When I am in root account, I can run 'mount' command without any issue, so I thought by setting script with rws-r_x-r_x would do it.
Am I misunderstanding the concept of using sticky bit? or is there any other way?
The server is running under Ubuntu 10.04
You mean the setuid bit, not the sticky one. The kernel doesn't honor the setuid bit on scripts. See this post for a thorough description, here's a summary: the gist is that suid on a script is insecure.* The kernel starts reading the script to execute it, but it sees the #!/path/to/interpreter and figures out that it needs to be interpreted. It then cancels "executing" the script directly and calls the specified interpreter, passing the script name as the first argument (and all subsequent arguments in order after that). The reason setting UID is insecure in this instance is that an attacker could potentially change the script to be executed between the kernel setting the new UID and the interpreter reading the file.
*: The other post mentioned that perl handles its scripts in such a way that they can be suid.
As for the actual mounting problem at hand, add a line to /etc/fstab/ and include the user option.
I have a question closely related to this thread:
Best practice to run Linux service as a different user
but I need the solution to work in "every" Linux distribution.
I would like to run a program as a non root user from a script. This way, when init.d starts up the services at boot time as root, the script launches the process as the non-root user I specify. Of course the solution shouldn't prompt for a password.
I think this is the normal/correct procedure when deploying applications.
How could I do that?
Thanks a lot
A good way would be to drop privileges from your actual program. Then just pass that user as a parameter. Inside you can handle it in a very standard way (setuid())
Otherwise su -c 'your command' different_user will work just fine on any linux. (as long as different_user exists)
There are two ways:
sudo command - you need to add the original user to /etc/sudoers with such entry that the program can be run without (NOPASSWD)
seteuid() system call (if you can modify the program)
If you are root, you can also use su (see #cnicutar's answer for details)
On linux(eg. centos), if I need to run some start-up script, what are the various start-up places to call the script and what is each one's convention?
Vixie cron(8) lets you use the #reboot specifier to run programs at startup. This can be in your /etc/crontab or any user's personal crontab(5) file. I wouldn't recommend programmatic use of these files, leave them for the admins. (Though giving commands for admins to copy-and-paste into their crontab(5) is probably friendly.)
You can place startup scripts in the standard SysV init /etc/init.d/ directory and create the matching symbolic links into /etc/rc*.d directories. I imagine init(8) has details on the scheme in place.
There is often an /etc/rc.local file or similar file available for system administrators to configure. I wouldn't recommend programmatic use of this file, leave it for the admins.
Depending upon how far along Centos is in converting to using upstart, you can place job specifications into /etc/init. These look much easier to write than initscripts, but they are sadly very underdocumented at the moment.
.bashrc and /etc/profile, etc., is a complete red herring. Any shell startup scripts are for system administrator configuration or user configuration. Programmers should stay away.