users accounts that don't save data

der.hans PLUGd at LuftHans.com
Wed Mar 21 01:55:56 MST 2007 

Am 20. Mar, 2007 schwätzte Craig White so:

> On Tue, 2007-03-20 at 09:05 -0700, Nathan Aubrey wrote:
>> On Tuesday 20 March 2007, you wrote:
>>> ---- Nathan Aubrey <nathan at paysonlinux.org> wrote:
>>>> On Monday 19 March 2007, Craig White wrote:
>>>>> looking for a way to have user accounts (local or ldap) whose data is
>>>>> erased (not saved) upon logout.
>>>>>
>>>>> Are there any methods that can accomplish this?
>>>>
>>>> Make sure you have it setup to create their account with pam on login,
>>>> then when logging out edit the .bash_logout file to delete their homedir.
>>>> When they login again, it will be re-created. Make sure everything they
>>>> need to login is ready in the /etc/skel file, including the correct
>>>> .bash_logout file
>>>
>>> you know I thought something like this would work, but after looking at the
>>> bash man page for a while, I'm not sure.
>>>
>>> 1) you would have to make certain when you create the directory that you
>>> create a .bash_logout that is owned by root, and that the perms don't allow
>>> any other user to edit .bash_logout.
>>>
>>> 2) also, can you delete a parent directory while reading a file in it? that
>>> would be the case if you are executing .bash_logout while trying to delete
>>> its parent directory.
>>>
>>> Jerry
>>>
>>
>> If the .bash_logout script calls an external script, say
>>
>> /usr/bin/remove_user $user
>>
>> Setup the pammkdir to create the users directory with permissions so a user
>> can delete his own home folder, then make the /usr/bin/remove_user script do
>> a simple check to verify the user requesting the deletion is the same as the
>> one who owns the folder.
>>
>> it should be pretty simple to setup.
> ----
> thanks to all - interestingly everyone seemed to point to .bash_logout
> and deleting the users' $HOME

If the user can adjust .bash_logout ( and maybe $HOME ), then you can't
count on it.

$ bash -l
$ exit
logout
fred
$ bash -l
$ export HOME=/tmp
$home/lufthans$ exit
logout
$ cat .bash_logout 
echo fred
sleep 2

        /etc/bash_logout
               The systemwide login shell cleanup file, executed when  a
login
               shell exits

Maybe that would work.

> I was hoping to do something more like a Windows 'Mandatory' profile
> which is a pre-configured profile but locked though I presume that I
> could just keep a copy of that profile somewhere and using .bash_logout,
> copy this directory into place of the now logged out home directory.

Do you need users to be able to write to the home dir?

ciao,

der.hans
-- 
#  https://www.LuftHans.com/        http://www.CiscoLearning.org/
#  Don't step in front of speeding cars, don't eat explosives
#  and don't use m$ LookOut :). - der.hans

More information about the PLUG-discuss mailing list