I try to log into photon as a non-root user from a boot script with the
‘ph’ command.
This what my ph script look like:
#!/bin/sh
test -a /dev/photon
if [ $? -eq 0 ]; then
exit 0
fi
if test ! -z “$LOGNAME”; then
Photon &
else
Photon -g -l’phlogin2 “-Sphshutdown -l” -n’ &
fi
waitfor /dev/photon
devi-hirun kbd fd -d/dev/kbd ps2 mousedev
io-graphics -ds3_savage
vid=0x5333,did=0x8d01,index=0,photon,xres=1024,yres=768,bitpp=32 -pphoton
waitfor /dev/phfont
pwm &
shelf &
The user already exist and I manage to log into photon “successfully”.
The problem is that the user’s home path is not set and has root
priviledges.
If I log on as this non-root user by using the command line login
procedure, everything works fine and this user definitely do not have
root priviledges.
What am I doing wrong?
It’s interesting that I have created a serious security gap in my system
where a non-root user can sucessfully log in and have root priviledges.
Francois
Francois Joubert wrote:
PING!
In a desktop system, the ph script is overloaded: the same script is
used to start Photon from sysinit, from a shell in text mode, and from
phlogin to set up the user’s environment. This adds some complexity
that doesn’t really have to be there.
In an embedded system, it’s simpler to have two separate scripts. One
will start the pieces that are necessary to let a user log in: the
Photon server, io-graphics, and devi-hirun. Since you know you want
phlogin, you want to run Photon with the -l option (i.e. no need to
check $LOGNAME). And you don’t want to start pwm or shelf from this
script – it is running as root, and until after a user has logged in,
you don’t even know which user pwm and shelf should be running as.
The second script is what phlogin launches after the user logs in. This
script is where you should start pwm and shelf from – this way, they
are started as the correct user. By default, phlogin runs /usr/bin/ph,
and it’s simpler not to change that. Therefore, the first script should
be called something else.
Thanks for the info, I am getting there, but not quite yet.
My initial activation script:
#!/bin/sh
/usr/sbin/logger -p user.debug $0 activated
test -a /dev/photon
if [ $? -eq 0 ]; then
/usr/sbin/logger -p user.debug $0: Photon already running
exit 0
fi
Photon -g -l’phlogin2 “-Sphshutdown -l” -n’ &
waitfor /dev/photon
devi-hirun kbd fd -d/dev/kbd ps2 mousedev
io-graphics -ds3_savage
vid=0x5333,did=0x8d01,index=0,photon,xres=1024,yres=768,bitpp=32 -pphoton
waitfor /dev/phfont
And then /usr/bin/ph activated by phlogin2:
#!/bin/sh
/usr/sbin/logger -p user.debug $0 activated
USRPHAPPS=$HOME/.ph/phapps
test -a $USRPHAPPS
if [ $? -eq 0 ]; then
$USRPHAPPS
fi
This is phapps:
#!/bin/sh
/usr/sbin/logger -p user.debug $0 activated
pwm &
shelf &
If root logs in, phlogin2 will pop back up. If root logs in again,
everything works great as is expected.
If a non-root user logs in, phlogin2 keeps popping up again,
irrespective of the number of times the user logs in. Inspecting syslog,
indicates that phapps for that user was executed indicating to me that
the user did log in but phlogin2 just don’t want to go away!
Any suggestions?
Francois
Francois Joubert wrote:
…
And then /usr/bin/ph activated by phlogin2:
#!/bin/sh
/usr/sbin/logger -p user.debug $0 activated
USRPHAPPS=$HOME/.ph/phapps
test -a $USRPHAPPS
if [ $? -eq 0 ]; then
$USRPHAPPS
fi
This is phapps:
#!/bin/sh
/usr/sbin/logger -p user.debug $0 activated
pwm &
shelf &
If root logs in, phlogin2 will pop back up. If root logs in again,
everything works great as is expected.
If a non-root user logs in, phlogin2 keeps popping up again,
irrespective of the number of times the user logs in. Inspecting syslog,
indicates that phapps for that user was executed indicating to me that
the user did log in but phlogin2 just don’t want to go away!
Any suggestions?
My suspicion is that the shell running your /usr/bin/ph exits before pwm
or shelf have fully started up, and Photon decides that the login has
failed. The way it works is that Photon spawns phlogin then waits for
the process to terminate; and then your session is considered active
until there are no application regions (i.e. no regions other than
graphics and input drivers; pwm is considered an application for this
purpose). Since phlogin uses exec() tu run your ph script, it’s running
as the same process; but if that process exits before pwm or shelf has
created any regions, Photon has no way to know that they’re about to.
One way to ensure that the script doesn’t exit too soon is to add a loop
to it that waits for pwm to start up. I copied this from the ph script
in my system:
while test $i -lt 30; do
phin -qPpwm
if [ $? -gt 0 ]; then break; fi
sleep 1
let i=i+1
done
Another, simpler way is to change the “shelf &” line into “exec shelf”.
Problem solved! Thank you.