Execute a script as root when non root user logs in
up vote
0
down vote
favorite
I've seen this question asked before here and here but they're pretty old and I haven't been able to get any solution to work.
Basically I need to run a script or command automatically as root each time a non root user SSH's into the server. Server is running Ubuntu 16.04 and using OpenSSH if that makes a difference.
EDIT:
To be more specific, I want to kill a process that was created by user A when user B logs in. My roommates and I mine crypto on my headless gaming server and I'd like to be able to run pkill miner.sh
automatically when someone logs in, regardless of who started it. Since it would be insanely insecure to let users kill each others' processes, it seems that this is more difficult than expected.
linux ubuntu ssh sudo root
add a comment |
up vote
0
down vote
favorite
I've seen this question asked before here and here but they're pretty old and I haven't been able to get any solution to work.
Basically I need to run a script or command automatically as root each time a non root user SSH's into the server. Server is running Ubuntu 16.04 and using OpenSSH if that makes a difference.
EDIT:
To be more specific, I want to kill a process that was created by user A when user B logs in. My roommates and I mine crypto on my headless gaming server and I'd like to be able to run pkill miner.sh
automatically when someone logs in, regardless of who started it. Since it would be insanely insecure to let users kill each others' processes, it seems that this is more difficult than expected.
linux ubuntu ssh sudo root
pam_exec
mentioned in the second question is also what I'd try. Needs a bit of reading up on PAM.
– dirkt
Aug 18 at 15:54
@dirkt Yea I saw that but I got permission errors when I tried it. I'll look more into it I really don't know PAM so that could be the issue
– jamzsabb
Aug 18 at 17:06
You may get a better answer if you explain what you actually want done at login (there may be a better way than executing a script as root).
– Omnipresence
Aug 20 at 14:48
add a comment |
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I've seen this question asked before here and here but they're pretty old and I haven't been able to get any solution to work.
Basically I need to run a script or command automatically as root each time a non root user SSH's into the server. Server is running Ubuntu 16.04 and using OpenSSH if that makes a difference.
EDIT:
To be more specific, I want to kill a process that was created by user A when user B logs in. My roommates and I mine crypto on my headless gaming server and I'd like to be able to run pkill miner.sh
automatically when someone logs in, regardless of who started it. Since it would be insanely insecure to let users kill each others' processes, it seems that this is more difficult than expected.
linux ubuntu ssh sudo root
I've seen this question asked before here and here but they're pretty old and I haven't been able to get any solution to work.
Basically I need to run a script or command automatically as root each time a non root user SSH's into the server. Server is running Ubuntu 16.04 and using OpenSSH if that makes a difference.
EDIT:
To be more specific, I want to kill a process that was created by user A when user B logs in. My roommates and I mine crypto on my headless gaming server and I'd like to be able to run pkill miner.sh
automatically when someone logs in, regardless of who started it. Since it would be insanely insecure to let users kill each others' processes, it seems that this is more difficult than expected.
linux ubuntu ssh sudo root
linux ubuntu ssh sudo root
edited Aug 28 at 1:21
asked Aug 18 at 15:13
jamzsabb
1114
1114
pam_exec
mentioned in the second question is also what I'd try. Needs a bit of reading up on PAM.
– dirkt
Aug 18 at 15:54
@dirkt Yea I saw that but I got permission errors when I tried it. I'll look more into it I really don't know PAM so that could be the issue
– jamzsabb
Aug 18 at 17:06
You may get a better answer if you explain what you actually want done at login (there may be a better way than executing a script as root).
– Omnipresence
Aug 20 at 14:48
add a comment |
pam_exec
mentioned in the second question is also what I'd try. Needs a bit of reading up on PAM.
– dirkt
Aug 18 at 15:54
@dirkt Yea I saw that but I got permission errors when I tried it. I'll look more into it I really don't know PAM so that could be the issue
– jamzsabb
Aug 18 at 17:06
You may get a better answer if you explain what you actually want done at login (there may be a better way than executing a script as root).
– Omnipresence
Aug 20 at 14:48
pam_exec
mentioned in the second question is also what I'd try. Needs a bit of reading up on PAM.– dirkt
Aug 18 at 15:54
pam_exec
mentioned in the second question is also what I'd try. Needs a bit of reading up on PAM.– dirkt
Aug 18 at 15:54
@dirkt Yea I saw that but I got permission errors when I tried it. I'll look more into it I really don't know PAM so that could be the issue
– jamzsabb
Aug 18 at 17:06
@dirkt Yea I saw that but I got permission errors when I tried it. I'll look more into it I really don't know PAM so that could be the issue
– jamzsabb
Aug 18 at 17:06
You may get a better answer if you explain what you actually want done at login (there may be a better way than executing a script as root).
– Omnipresence
Aug 20 at 14:48
You may get a better answer if you explain what you actually want done at login (there may be a better way than executing a script as root).
– Omnipresence
Aug 20 at 14:48
add a comment |
2 Answers
2
active
oldest
votes
up vote
1
down vote
pam_exec has you pointed in the right direction, but setuid is bad advice; most (all?) modern Linuxes ignore it on shell scripts and only respect it on binary executable files.
Would it be a problem if the script was executed (as root) at times other than login?
If it's ok for it to run more often than strictly required, you could create a wrapper script that's executed at every ssh login with user permissions which uses sudo (with no password) to execute your script as root.
This, however, means that the users could also run it manually (as root) as often as they wanted to.
To set this up, add this line to /etc/pam.d/sshd
account optional pam_exec.so /etc/pam.d/LoginWrapper.sh
Then create the file /etc/pam.d/LoginWrapper.sh with contents:
#!/bin/bash
if [[ $EUID -ne 0 ]]; then # Execute only when a user other than root logs in
/usr/bin/sudo /path/to/your/root_script.sh
fi
Note that if your sudo is in a different path, you should update it above.
Now in /etc/sudoers add the line:
ALL ALL=(root) NOPASSWD: /path/to/your/root_script.sh
Thanks for the help @Omnipresence but I still getpkill: killing pid 2629 failed: Operation not permitted
when I try to run it. My root_script.sh is basically justpkill miner.sh
– jamzsabb
Aug 28 at 1:23
I updated my question with more info, I'm not really set on doing this any particular way, its just a simple thing that I wanted to do for convenience that has caused me to dig a lot deeper into Linux user permissions. At this point I want to do it just to prove it can be done!
– jamzsabb
Aug 28 at 11:58
add a comment |
up vote
0
down vote
accepted
Solved this by adding all users to a group called mygroup
sudo groupadd mygroup
sudo usermod -aG mygroup user1
sudo usermod -aG mygroup user2
Then modifying /etc/sudoers
to allow this group to execute sudo pkill
without a password by adding the following to sudoers
%mygroup ALL=(ALL) NOPASSWD: /usr/bin/pkill
Then I just added the command sudo pkill
to the bottom of /etc/profile
and it worked a charm.
add a comment |
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
1
down vote
pam_exec has you pointed in the right direction, but setuid is bad advice; most (all?) modern Linuxes ignore it on shell scripts and only respect it on binary executable files.
Would it be a problem if the script was executed (as root) at times other than login?
If it's ok for it to run more often than strictly required, you could create a wrapper script that's executed at every ssh login with user permissions which uses sudo (with no password) to execute your script as root.
This, however, means that the users could also run it manually (as root) as often as they wanted to.
To set this up, add this line to /etc/pam.d/sshd
account optional pam_exec.so /etc/pam.d/LoginWrapper.sh
Then create the file /etc/pam.d/LoginWrapper.sh with contents:
#!/bin/bash
if [[ $EUID -ne 0 ]]; then # Execute only when a user other than root logs in
/usr/bin/sudo /path/to/your/root_script.sh
fi
Note that if your sudo is in a different path, you should update it above.
Now in /etc/sudoers add the line:
ALL ALL=(root) NOPASSWD: /path/to/your/root_script.sh
Thanks for the help @Omnipresence but I still getpkill: killing pid 2629 failed: Operation not permitted
when I try to run it. My root_script.sh is basically justpkill miner.sh
– jamzsabb
Aug 28 at 1:23
I updated my question with more info, I'm not really set on doing this any particular way, its just a simple thing that I wanted to do for convenience that has caused me to dig a lot deeper into Linux user permissions. At this point I want to do it just to prove it can be done!
– jamzsabb
Aug 28 at 11:58
add a comment |
up vote
1
down vote
pam_exec has you pointed in the right direction, but setuid is bad advice; most (all?) modern Linuxes ignore it on shell scripts and only respect it on binary executable files.
Would it be a problem if the script was executed (as root) at times other than login?
If it's ok for it to run more often than strictly required, you could create a wrapper script that's executed at every ssh login with user permissions which uses sudo (with no password) to execute your script as root.
This, however, means that the users could also run it manually (as root) as often as they wanted to.
To set this up, add this line to /etc/pam.d/sshd
account optional pam_exec.so /etc/pam.d/LoginWrapper.sh
Then create the file /etc/pam.d/LoginWrapper.sh with contents:
#!/bin/bash
if [[ $EUID -ne 0 ]]; then # Execute only when a user other than root logs in
/usr/bin/sudo /path/to/your/root_script.sh
fi
Note that if your sudo is in a different path, you should update it above.
Now in /etc/sudoers add the line:
ALL ALL=(root) NOPASSWD: /path/to/your/root_script.sh
Thanks for the help @Omnipresence but I still getpkill: killing pid 2629 failed: Operation not permitted
when I try to run it. My root_script.sh is basically justpkill miner.sh
– jamzsabb
Aug 28 at 1:23
I updated my question with more info, I'm not really set on doing this any particular way, its just a simple thing that I wanted to do for convenience that has caused me to dig a lot deeper into Linux user permissions. At this point I want to do it just to prove it can be done!
– jamzsabb
Aug 28 at 11:58
add a comment |
up vote
1
down vote
up vote
1
down vote
pam_exec has you pointed in the right direction, but setuid is bad advice; most (all?) modern Linuxes ignore it on shell scripts and only respect it on binary executable files.
Would it be a problem if the script was executed (as root) at times other than login?
If it's ok for it to run more often than strictly required, you could create a wrapper script that's executed at every ssh login with user permissions which uses sudo (with no password) to execute your script as root.
This, however, means that the users could also run it manually (as root) as often as they wanted to.
To set this up, add this line to /etc/pam.d/sshd
account optional pam_exec.so /etc/pam.d/LoginWrapper.sh
Then create the file /etc/pam.d/LoginWrapper.sh with contents:
#!/bin/bash
if [[ $EUID -ne 0 ]]; then # Execute only when a user other than root logs in
/usr/bin/sudo /path/to/your/root_script.sh
fi
Note that if your sudo is in a different path, you should update it above.
Now in /etc/sudoers add the line:
ALL ALL=(root) NOPASSWD: /path/to/your/root_script.sh
pam_exec has you pointed in the right direction, but setuid is bad advice; most (all?) modern Linuxes ignore it on shell scripts and only respect it on binary executable files.
Would it be a problem if the script was executed (as root) at times other than login?
If it's ok for it to run more often than strictly required, you could create a wrapper script that's executed at every ssh login with user permissions which uses sudo (with no password) to execute your script as root.
This, however, means that the users could also run it manually (as root) as often as they wanted to.
To set this up, add this line to /etc/pam.d/sshd
account optional pam_exec.so /etc/pam.d/LoginWrapper.sh
Then create the file /etc/pam.d/LoginWrapper.sh with contents:
#!/bin/bash
if [[ $EUID -ne 0 ]]; then # Execute only when a user other than root logs in
/usr/bin/sudo /path/to/your/root_script.sh
fi
Note that if your sudo is in a different path, you should update it above.
Now in /etc/sudoers add the line:
ALL ALL=(root) NOPASSWD: /path/to/your/root_script.sh
answered Aug 20 at 14:48
Omnipresence
50926
50926
Thanks for the help @Omnipresence but I still getpkill: killing pid 2629 failed: Operation not permitted
when I try to run it. My root_script.sh is basically justpkill miner.sh
– jamzsabb
Aug 28 at 1:23
I updated my question with more info, I'm not really set on doing this any particular way, its just a simple thing that I wanted to do for convenience that has caused me to dig a lot deeper into Linux user permissions. At this point I want to do it just to prove it can be done!
– jamzsabb
Aug 28 at 11:58
add a comment |
Thanks for the help @Omnipresence but I still getpkill: killing pid 2629 failed: Operation not permitted
when I try to run it. My root_script.sh is basically justpkill miner.sh
– jamzsabb
Aug 28 at 1:23
I updated my question with more info, I'm not really set on doing this any particular way, its just a simple thing that I wanted to do for convenience that has caused me to dig a lot deeper into Linux user permissions. At this point I want to do it just to prove it can be done!
– jamzsabb
Aug 28 at 11:58
Thanks for the help @Omnipresence but I still get
pkill: killing pid 2629 failed: Operation not permitted
when I try to run it. My root_script.sh is basically just pkill miner.sh
– jamzsabb
Aug 28 at 1:23
Thanks for the help @Omnipresence but I still get
pkill: killing pid 2629 failed: Operation not permitted
when I try to run it. My root_script.sh is basically just pkill miner.sh
– jamzsabb
Aug 28 at 1:23
I updated my question with more info, I'm not really set on doing this any particular way, its just a simple thing that I wanted to do for convenience that has caused me to dig a lot deeper into Linux user permissions. At this point I want to do it just to prove it can be done!
– jamzsabb
Aug 28 at 11:58
I updated my question with more info, I'm not really set on doing this any particular way, its just a simple thing that I wanted to do for convenience that has caused me to dig a lot deeper into Linux user permissions. At this point I want to do it just to prove it can be done!
– jamzsabb
Aug 28 at 11:58
add a comment |
up vote
0
down vote
accepted
Solved this by adding all users to a group called mygroup
sudo groupadd mygroup
sudo usermod -aG mygroup user1
sudo usermod -aG mygroup user2
Then modifying /etc/sudoers
to allow this group to execute sudo pkill
without a password by adding the following to sudoers
%mygroup ALL=(ALL) NOPASSWD: /usr/bin/pkill
Then I just added the command sudo pkill
to the bottom of /etc/profile
and it worked a charm.
add a comment |
up vote
0
down vote
accepted
Solved this by adding all users to a group called mygroup
sudo groupadd mygroup
sudo usermod -aG mygroup user1
sudo usermod -aG mygroup user2
Then modifying /etc/sudoers
to allow this group to execute sudo pkill
without a password by adding the following to sudoers
%mygroup ALL=(ALL) NOPASSWD: /usr/bin/pkill
Then I just added the command sudo pkill
to the bottom of /etc/profile
and it worked a charm.
add a comment |
up vote
0
down vote
accepted
up vote
0
down vote
accepted
Solved this by adding all users to a group called mygroup
sudo groupadd mygroup
sudo usermod -aG mygroup user1
sudo usermod -aG mygroup user2
Then modifying /etc/sudoers
to allow this group to execute sudo pkill
without a password by adding the following to sudoers
%mygroup ALL=(ALL) NOPASSWD: /usr/bin/pkill
Then I just added the command sudo pkill
to the bottom of /etc/profile
and it worked a charm.
Solved this by adding all users to a group called mygroup
sudo groupadd mygroup
sudo usermod -aG mygroup user1
sudo usermod -aG mygroup user2
Then modifying /etc/sudoers
to allow this group to execute sudo pkill
without a password by adding the following to sudoers
%mygroup ALL=(ALL) NOPASSWD: /usr/bin/pkill
Then I just added the command sudo pkill
to the bottom of /etc/profile
and it worked a charm.
edited Sep 20 at 13:27
answered Sep 19 at 16:46
jamzsabb
1114
1114
add a comment |
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1350250%2fexecute-a-script-as-root-when-non-root-user-logs-in%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
pam_exec
mentioned in the second question is also what I'd try. Needs a bit of reading up on PAM.– dirkt
Aug 18 at 15:54
@dirkt Yea I saw that but I got permission errors when I tried it. I'll look more into it I really don't know PAM so that could be the issue
– jamzsabb
Aug 18 at 17:06
You may get a better answer if you explain what you actually want done at login (there may be a better way than executing a script as root).
– Omnipresence
Aug 20 at 14:48