Link and Unlink VnmrX experiments
DISCLAIMER: These scripts and procedures are working on a system running VnmrX 5.3B and Solaris 2.4. By understanding the basic procedures involved, it should be possible to make it work under other configurations. --- Your mileage may vary!! ----
This script is used to link experiments 8 and 9 on a large disk to exp8 and exp9 in a user's vnmrsys subdirectory. On our system, the large (9G) disk is mounted on /bigexp and two experiments, exp8 and exp9, were defined there. The protocol used here links these experiments to a user's directory when he logs in and unlinks them when he logs out, so that they are available for the next user. In order for this to apply only to console logins, the script is called from the bootup macro within an if statement that examines the login terminal to determine whether or not this should be a spectrometer or a workstation login. The experiments are linked only in the spectrometer mode. This is the makelink script for creating the links:
#! /bin/sh # makelink # make links to experiment 8 and experiment 9 on 9G drive. # olduid=`ls -lnd /bigexp/exp9 |awk '{print $3}'` oldinfo=`nisgrep uid=$olduid passwd.org_dir` # echo "Current owner: $olduid" # echo " passwd info: $oldinfo" oldhome=`echo $oldinfo|awk 'BEGIN {FS=":"} {print $6}'` olduser=`echo $oldinfo|awk 'BEGIN {FS=":"} {print $1}'` # echo "Old home: $oldhome" cd ${oldhome}/vnmrsys if [ -h exp8 ]; then echo "Removed exp8 link from $olduser." rm exp8 fi if [ -h exp9 ]; then echo "Removed exp9 link from $olduser." rm exp9 fi cd $vnmruser if [ -d exp8 ]; then echo "Experiment 8 exists, cannot link to big experiment 8" else ln -s /bigexp/exp8 exp8 /vnmr/bin/vchown $USER exp8 fi if [ -d exp9 ]; then echo "Experiment 9 exists, cannot link to big experiment 9" else ln -s /bigexp/exp9 exp9 /vnmr/bin/vchown $USER exp9 fi
Notice the calls in this script to /vnmr/bin/vchown - This is a special version of the chown(change owner) command. Normally, chown is run by root, and cannot be run by regular users. The vchown script simply runs chown using the SUID bit in the permission modes, and the special directive at the beginning that will permit the csh to run a SUID script. Solaris normally prohibits scripts to use the SUID function, and a csh script with the -b option is the only exception. This script must be stored with the SUID bit set: chmod 4711 vchown. This type of script also represents a potential security problem, since any one could use it to change ownership of any of the system files and effectively gain access to root-owned files. In order to minimize the damage that might be done, the /bigexp/ portion of the chown command arguments is included in the vchown script, rather than the makelink script, so that it will only change ownerships in the /bigexp directory. This is the vchown script:
#! /bin/csh -b /usr/bin/chown -R $1 /bigexp/$2
The script necessary to unlink the experiments is much simpler, and is run every time a user logs out by incorporating it in the exit macro. If the experiments were never linked, then they won't be unlinked and there is no particular problem. Note that the makelink script includes provision for unlinking experiments that were accidently left linked. This prevents simultaneous access to the experiments by more than one process. This is the script to unlink the experiments:
#! /bin/sh # # Unlink exp8 and exp9 from current user. # if [ $DISPLAY = ":0" ]; then # this is system console cd $vnmruser if [ -h exp8 ]; then rm exp8 echo "Unlinked Experiment 8." fi if [ -h exp9 ]; then rm exp9 echo "Unlinked Experiment 9." fi fi
The extra test in this script, examining the state of the DISPLAY environment variable, is necessary only if a user logs in on the console to collect data and then remotely to examine data. When he logs out from the remote session, the experiments should not be unlinked. That should happen only when he logs out from the console session. Experiments are only linked when the login is on the console, so they should likewise only be unlinked only when logging off of the console.
The other bit of code that may be useful is the section of the bootup macro that runs the makelink script. This is inserted at the end of the normal bootup macro:
if ($bg = 0) then jexp:$e if ($e=0) then unlock(1) endif shell('/usr/ucb/whoami'):$me shell('con_usr'):$con if ($me <> $con) then system='datastation' else system='spectrometer' acqstat acqi:$e shell('/vnmr/bin/makelink') endif menu('main') endif
The test here compares the current user login name to the name of any user logged in on the console. If they are the same, then the user is given spectrometer privileges since he is already logged in on the system console. Otherwise, if no one is logged in on the console, or if the names don't match, the user is given datastation privileges only. The short con_usr script, to determine the console user, is:
#! /bin/sh con=`w | awk '$2 ~ /console/ {print $1}'` if [ x$con = "x" ] then con="null_user" fi echo $con
This script returns null_user as the login user if no one is logged in on the console rather than attempting to return a null string. Most systems will probably not have a user named null_user ;-).