I've a debian system, when a user try to login, a pam module exec a bash script as root.
I need this script to know who is trying to login.
But the user isn't already connected so basic command as users/w/who ... doesn't work here.
So is there a possibility to retrieve the username of a user trying to get logged ?
Thank you.
Cyrbil
You can also use /etc/profile or /etc/bashrc to grab the user logging in, I typically have a small script that gets executed via /etc/bashrc that gives me details about the user (who it is, connecting from what IP address etc).
Related
I got an idea to use users password and a local key to decrypt a dm-crypt partition with user home directory (and to mount it as a home).
But here is a problem: how can I get such script to be executed? It should be executed after successful authorization but before actual login, and it should have access to freshly inputted password.
Does someone know where to put such script?
This is a pretty common problem with a simple solution -- you use pam module.
Here is one example:
https://wiki.archlinux.org/index.php/Dm-crypt/Mounting_at_login
i want to save the user's IP when he connects to it's home folder, this is because i'm a user in a server where my team has a folder where our public_html is located, but we use the same account, so i just want to register who connected.
So i want to make a script that triggers when a connection is made and save the user's IP into a hidden file.
But i don't know if i could leave running a script in background to do it, and How?
If you're a root on that machine, you can simply check the auth log / messages / journal / ... (depends on the distribution). By default sshd logs all you need already.
If you're not a root, then you'll have to keep in mind this will never be secure. You can do this in the user's bash profile, but:
Since it's running as the same user, whoever logs in can just change the file (you can't hide it)
Anyone can workaround the script by executing some other command instead of the shell (for example ssh user#host /some/command will not be logged)
It's not secret.
If that's ok with you, then you just need to add this to bashrc
echo "new connection at $(date) from ${SSH_CLIENT}" >> ~/your_connection_log
Different solution, which should've been the default actually. Most distributions provide login history which you can request for your account without root privileges.
Running last your_username should give you the details of last few logins which cannot be manipulated by the user. (the log can possibly be spammed with entries however)
Every time I try to get access to the webinterface via http://domain.com/admin/liste a Login Console prompts up, it requires a Username and a Password. What is that Username (and PW)?
I don't know why you will see a username field. It should only ask you for a list password. The list password can be changed in Linux terminal using change_pw command, and site-wide password can be set using mmsitepass command.
List of mailman terminal commands:
http://www.gnu.org/software/mailman/site.html
Maybe you can tell us what system you are using.
I need to create a new user in ubuntu making the user's shell execute a specific command everytime the user logs in, thanks in advance.
You make a new user on Linux with the useradd
You can see all the options by typing man useradd
If you want them to have a program run every time put the command in their .bashrc file.
If you want this for all new accounts on this machine you can adjust (or create):
/etc/default/useradd
Default values for account creation.
Also, if /usr/local/sbin/adduser.local exists, it is executed after the user account creation, to do any local setup. The arguments passed to adduser.local are:
username uid gid home-directory
If you need the command to be executed for every user add it to /etc/bash.bashrc.local
I have written a simple application to authenticate user using PAM the common way: pam_start(), pam_authenticate() + my own conversation function + pam_end().
If application is run under the user who's credentials are being checked, authentication is succeeded. Otherwise, if application is run from user A to check credentials of user B, the authentication is failed. (
My question: why? As a service name passed to pam_start() I have tried also login as well as passwd. Nothing has changed. Which direction to go to debug the problem? Or possibly I should use another pam service to perform the task?
p.s. user 'A' in the second case is a user with no password and /bin/false shell.
How are you checking the "credentials"? Is it some file being read? Can user A read that file?
Service name passed to pam_start does not affect what the process can do. Note that programs that need to do similar things, like su or passwd are actually setuid programs.
Also, watch out not to create security holes in your application/module by allowing user A to impersonate user B.
User A might not have the permission to read the password file /etc/shadow. This is one reason why credential checking programs usually require root privileges.
So: Does it work for user A and user B if you execute the program with root privileges / as the root user?