📄 ch02_16.htm
字号:
<HTML><!--Distributed by F --><HEAD><TITLE>[Chapter 2] 2.16 Approved Shells: Using Unapproved Login Shell </TITLE><METANAME="DC.title"CONTENT="UNIX Power Tools"><METANAME="DC.creator"CONTENT="Jerry Peek, Tim O'Reilly & Mike Loukides"><METANAME="DC.publisher"CONTENT="O'Reilly & Associates, Inc."><METANAME="DC.date"CONTENT="1998-08-04T21:32:22Z"><METANAME="DC.type"CONTENT="Text.Monograph"><METANAME="DC.format"CONTENT="text/html"SCHEME="MIME"><METANAME="DC.source"CONTENT="1-56592-260-3"SCHEME="ISBN"><METANAME="DC.language"CONTENT="en-US"><METANAME="generator"CONTENT="Jade 1.1/O'Reilly DocBook 3.0 to HTML 4.0"><LINKREV="made"HREF="mailto:online-books@oreilly.com"TITLE="Online Books Comments"><LINKREL="up"HREF="ch02_01.htm"TITLE="2. Logging In"><LINKREL="prev"HREF="ch02_15.htm"TITLE="2.15 Unclutter Logins: Show Login Messages Just Once "><LINKREL="next"HREF="ch03_01.htm"TITLE="3. Logging Out"></HEAD><BODYBGCOLOR="#FFFFFF"TEXT="#000000"><DIVCLASS="htmlnav"><H1><IMGSRC="gifs/smbanner.gif"ALT="UNIX Power Tools"USEMAP="#srchmap"BORDER="0"></H1><MAPNAME="srchmap"><AREASHAPE="RECT"COORDS="0,0,466,58"HREF="index.htm"ALT="UNIX Power Tools"><AREASHAPE="RECT"COORDS="467,0,514,18"HREF="jobjects/fsearch.htm"ALT="Search this book"></MAP><TABLEWIDTH="515"BORDER="0"CELLSPACING="0"CELLPADDING="0"><TR><TDALIGN="LEFT"VALIGN="TOP"WIDTH="172"><ACLASS="SECT1"HREF="ch02_15.htm"TITLE="2.15 Unclutter Logins: Show Login Messages Just Once "><IMGSRC="gifs/txtpreva.gif"SRC="gifs/txtpreva.gif"ALT="Previous: 2.15 Unclutter Logins: Show Login Messages Just Once "BORDER="0"></A></TD><TDALIGN="CENTER"VALIGN="TOP"WIDTH="171"><B><FONTFACE="ARIEL,HELVETICA,HELV,SANSERIF"SIZE="-1">Chapter 2<BR>Logging In</FONT></B></TD><TDALIGN="RIGHT"VALIGN="TOP"WIDTH="172"><ACLASS="CHAPTER"HREF="ch03_01.htm"TITLE="3. Logging Out"><IMGSRC="gifs/txtnexta.gif"SRC="gifs/txtnexta.gif"ALT="Next: 3. Logging Out"BORDER="0"></A></TD></TR></TABLE> <HRALIGN="LEFT"WIDTH="515"TITLE="footer"></DIV><DIVCLASS="SECT1"><H2CLASS="sect1"><ACLASS="title"NAME="UPT-ART-5400">2.16 Approved Shells: Using Unapproved Login Shell </A></H2><PCLASS="para"><ACLASS="indexterm"NAME="UPT-ART-5400-IX-SHELLS-APPROVED"></A><ACLASS="indexterm"NAME="UPT-ART-5400-IX-LOGIN-SHELLS-UNAPPROVED"></A><ACLASS="indexterm"NAME="AUTOID-3802"></A><ACLASS="indexterm"NAME="AUTOID-3804"></A><ACLASS="indexterm"NAME="AUTOID-3806"></A>Since 4.2BSD, Berkeley UNIX systems have restricted<EMCLASS="emphasis">chsh</EM> (or a command like it) to change your login shellonly to a shell that's listed in the file <EMCLASS="emphasis">/etc/shells</EM>.That's partly a safety feature, like requiring you to type your old passwordbefore you can change to a new one: it keeps other people from giving you astrange login shell as a joke.It's also for security - a way for the system administrator to give a list of shells that are robust enough to run peoples' accounts.</P><PCLASS="para">The usual "approved" shells are the Bourne and C shells.If you want to use another shell as your login shell and your system has<EMCLASS="emphasis">/etc/shells</EM>, ask the system administrator to add your shell.The shell will need to be stored in a secure system directory to make itharder for system crackers to corrupt the shell.</P><PCLASS="para">If the system administrator won't approve your login shell, here's awork-around.It lets you log in with an approved shell, then automatically replace theshell with whatever you want.(For background, see article<ACLASS="xref"HREF="ch51_09.htm"TITLE='Making a "Login" Shell'>51.9</A>.)</P><OLCLASS="orderedlist"><LICLASS="listitem"><PCLASS="para">If your login shell isn't C shell, use<EMCLASS="emphasis">chsh</EM> or a command like itto change it to the C shell.</P></LI><LICLASS="listitem"><PCLASS="para">If your new shell will be <EMCLASS="emphasis">bash</EM>, you can skip this step.Otherwise:</P><PCLASS="para">In your home directory, make a<SPANCLASS="link">hard or symbolic link (<ACLASS="linkend"HREF="ch18_04.htm"TITLE="More About Links ">18.4</A>)</SPAN>directory,to your shell.Use a name starting with a minus sign (<CODECLASS="literal">-</CODE>);this makes the shell<SPANCLASS="link">act like a login shell (<ACLASS="linkend"HREF="ch51_09.htm"TITLE='Making a "Login" Shell'>51.9</A>)</SPAN>.For example, to make a symbolic link in your home directory named<EMCLASS="emphasis">-ksh</EM> to the shell <EMCLASS="emphasis">/usr/local/bin/ksh</EM>, type this command:</P><PCLASS="para"><TABLECLASS="screen.co"BORDER="1"><TR><THVALIGN="TOP"><PRECLASS="calloutlist"><ACLASS="co"HREF="ch23_14.htm"TITLE="23.14 Handling a Filename Starting with a Dash (-) ">./</A> </PRE></TH><TDVALIGN="TOP"><PRECLASS="screen">% <CODECLASS="userinput"><B>ln -s /usr/local/bin/ksh ./-ksh</B></CODE></PRE></TD></TR></TABLE></P></LI><LICLASS="listitem"><PCLASS="para">Add lines to the top of the<SPANCLASS="link"><EMCLASS="emphasis">.cshrc</EM> (<ACLASS="linkend"HREF="ch02_02.htm"TITLE="Shell Setup Files-Which, Where, and Why ">2.2</A>)</SPAN>file that replace the <EMCLASS="emphasis">csh</EM> process with your login shell.(The<SPANCLASS="link"><EMCLASS="emphasis">exec</EM> (<ACLASS="linkend"HREF="ch45_07.htm"TITLE="The exec Command ">45.7</A>)</SPAN>command replaces a process.)</P><ULCLASS="itemizedlist"><LICLASS="listitem"><PCLASS="para">If you use a Bourne-type shellthat reads the <EMCLASS="emphasis">.profile</EM> file at login time,use lines like these:</P><PCLASS="para"><TABLECLASS="screen.co"BORDER="1"><TR><THVALIGN="TOP"><PRECLASS="calloutlist"> <ACLASS="co"HREF="ch05_10.htm"TITLE="5.10 Finding What Terminal Names You Can Use ">TERM</A> <ACLASS="co"HREF="ch22_22.htm"TITLE="22.22 The su Command Isn't Just for the Superuser ">su</A> <ACLASS="co"HREF="ch47_03.htm"TITLE="47.3 Conditional Statements with if ">if</A> <ACLASS="co"HREF="ch47_04.htm"TITLE="47.4 C Shell Variable Operators and Expressions ">$?</A> </PRE></TH><TDVALIGN="TOP"><PRECLASS="screen"># OVERRIDE DEFAULT LOGIN C SHELL TO USE ksh.setenv SHELL /usr/local/bin/ksh# IF $TERM SET (BY login OR rlogin), START LOGIN SHELL.# UNFORTUNATELY, THIS MAKES su USE A LOGIN SHELL TOO.if ($?TERM) then cd exec -ksh # USE "LOGIN SHELL" SYMLINK IN $HOMEelse exec $SHELLendifecho "******** WARNING: exec ksh FAILED ********"</PRE></TD></TR></TABLE></P><PCLASS="para">If your new login shell will be <EMCLASS="emphasis">bash</EM>, you can replace the line<CODECLASS="literal">exec -ksh</CODE> above with:</P><PCLASS="para"><BLOCKQUOTECLASS="screen"><PRECLASS="screen">exec $SHELL -login</PRE></BLOCKQUOTE></P><PCLASS="para">because <EMCLASS="emphasis">bash</EM> has a <EMCLASS="emphasis">-login</EM> option that tells it to actlike a login shell.Simple, eh? </P></LI><LICLASS="listitem"><PCLASS="para">If your new login shell is a <EMCLASS="emphasis">csh</EM>-type shell that also reads<EMCLASS="emphasis">.cshrc</EM>, you need to add a test to <EMCLASS="emphasis">.cshrc</EM> that prevents aninfinite loop.<ACLASS="indexterm"NAME="AUTOID-3861"></A>This test uses the <EMCLASS="emphasis">SH_EXECD</EM> <SPANCLASS="link">environment variable (<ACLASS="linkend"HREF="ch06_01.htm#UPT-ART-1170"TITLE="What Environment Variables Are Good For ">6.1</A>)</SPAN>as a flag:</P><PCLASS="para"><BLOCKQUOTECLASS="screen"><PRECLASS="screen"># OVERRIDE DEFAULT LOGIN C SHELL TO USE tcsh.if (! $?SH_EXECD) then setenv SH_EXECD yes setenv SHELL /usr/local/bin/tcsh # IF $TERM SET (BY login OR rlogin), START LOGIN SHELL. # USE switch, NOT if, DUE TO csh BUG WITH IMBEDDED else. # UNFORTUNATELY, THIS MAKES su USE A LOGIN SHELL TOO. switch ($?TERM) case 1: cd exec -tcsh # USE "LOGIN SHELL" SYMLINK IN $HOME breaksw default: exec $SHELL # USE NON-LOGIN SHELL breaksw endsw echo "******** WARNING: exec tcsh FAILED ********"endif</PRE></BLOCKQUOTE></P><PCLASS="para"></P></LI><LICLASS="listitem"><PCLASS="para">The C shell may not find your new shell (<CODECLASS="literal">-ksh</CODE> or <CODE⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -