2

Let's say I have a Linux OS without desktop environment. After the PC finish boot up, it will directly show the shell terminal to the user.

I plan to write a shell script program and make it automatically start everytime after the PC finish boot up, so that, instead of seeing a normal shell prompt, the user will see my shell script program after the PC finish boot up.

In the shell script program, i will give the user a list of options to configure something in my PC. And I want the shell script program to run continuously in this PC.

I would like to lock the user in the shell script program so that they cannot escape to the normal shell prompt and access the file system. Only administrator with root password can escape to the normal shell prompt and make changes to the PC.

Can anyone give me some advices how can I do this?

Thanks.

  • While you discuss wanting to write a script you question is one of configuration. The choice of login shells, establishing chroot jails and so one. As such I'd go with Server Fault, though Super User runs a close second. – dmckee --- ex-moderator kitten Sep 04 '10 at 02:28

4 Answers4

3

Make your autologin user's login shell be rbash, and make the script the only thing they can run. Even if they escape the script, they won't be able to do anything except log out or start the script again.

Chris
  • 297
  • 1
  • 3
1

Add a call to your script in /etc/rc.local, which is run after the system services in /etc/init.d/ have all started and right before the login prompt is displayed. The script will be running as root but without a logged in user so you can control exactly what happens at that point. As long as your script doesn't exit the user will be unable to login and access a shell.

John Kugelman
  • 103
  • 12
1

getty is the program that handles a terminal. If you tell it to run something other than the shell like

getty -l my-sandbox-program-that-is-not-as-powerful-as-the-shell

you have much greater control over what the user can do.

msw
  • 399
  • 1
  • 5
0

you can also add a trap to catch CTRL-C in your bash script. that way you can lock people from exiting it (also worth catching CTRL-Z)

http://hacktux.com/bash/control/c

abutbul
  • 71
  • 6