Re: Consent Banner

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



There was a similar email a little while ago. Here are the most useful ideas (bottom is most recent in the response).


Well, you *could* do the "acceptance by logging in" thing... or you
can
force them to type [yes|no].  Here's how I accomplish that.

Firstly, thanks for the help.

I've done this on a test platform, and I end up with a dialog box when
I
log into the GUI, but hitting the cancel button still lets me in.

I DO NOT get a prompt when I ssh, nor do I get one from the text
console
or tty consoles (ctl+F1 through ctl+F6).

Any ideas on implement this in those circumstances?


Have you tried implementing this by replacing the user's shell (in
/etc/passwd or equivalent) with your own wrapper script?

Hmmm...replace bash (or leave bash alone and replace the login shell in /etc/passwd) with a script that calls bash if they say OK? No, I hadn't thought of that. I'll try it on my test platform, and report back. It
will
be interesting to see how Windows programs like putty and winscp handle
it.


We did a somewhat-similar task at a place where I used to work. We set everyone's login shell to a locally-written perl script. That perl script did things such as ensure that the user had permission to log in to the system (checking against user database), check the user's quota, print out a blurb, then exec( )'d tcsh. It needed some interupt handling, though, to fit what you want to do. I don't have the code anymore, but this might
give you an idea of what direction to go.  (Would you need to record
user's answers to your question in a database for future reference? This
might give you that ability.)

This worked with all of the SSH clients we had around (OpenSSH, Tectia,
TeraTerm, maybe PuTTY).




On Jul 24, 2008, at 1:52 PM, Paul Whitney wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello all,

I have created a consent banner and wrote a script that I want called after the banner has been displayed. The user is then forced to enter "y" or "n"
to the consent statement.

How do I invoke the script after the banner has been displayed?

For example, /etc/ssh/sshd.conf has /etc/banner defined. So when I ssh into the local box, I see the banner. I want to take it a step further and prompt
a yes or no answer.

I tried putting it in /etc/profile, that did not work because GDM could not
start. I tried /etc/bashrc, but that did not work well either.

Thanks in advance,

Paul W



-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.3 (Build 4028)
Charset: US-ASCII

wsBVAwUBSIjrqbdVg+viRqgEAQjF8wf+IhLDqxSBArFqhhWijfrWYpvFTaVQUumW
aSINuJfzpCFswnw0UekOB6E2ZgQXC0G7ElaVZz2jFvI+250HLQHsLQ5czrHtk3I3
BT8cBosyD9KLON07fIREyPu7aqXweTxvIHTAx+EHBG2+8aKe2cdEtmAFtvNVgZiI
ucPP+RJk3R//MaLzwJR9+H/HB02chdiXyAplWrJhENDrq0uZz/J6sfe1IAeDIjrL
btNU5UQZ/y9++pOypX6dWvO0UHxy1T/+7q9j9DvOa1rcCUenxuahuEBXoDfRWOqI
oAnP4zrPijWq8tuEAIyhc0IU0l1J62hCTBvojfkz32HlzbOQjkY0Fw==
=0JEg
-----END PGP SIGNATURE-----

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux