Implementing Standard Login Scripts
John Spurgeon and Ed Schaefer
Consider a server model where numerous Unix servers are distributed across
numerous production sites hosting database engines and other software applications.
Also, assume that only the local systems administrators have command-line access.
We think standardizing the administrator's login scripts is a good way to maintain
high application availability.
We could implement standard login scripts via skeleton directories. In the
Solaris environment, the useradd command provides the -k option, which
specifies a skeleton directory. Files from a skeleton directory, such as .profile,
are copied into users' home directories when new accounts are created.
There are two reasons we shy away from using skeleton directories to standardize
login scripts. First, it can be difficult to make changes to scripts once users
have been added. Not only do files in the skeleton directories have to be modified,
but all of the existing users' scripts have to be updated, too. Second, we did
not want to give users access to the logic responsible for setting up the majority
of their environment, and we thought that preventing users from modifying $HOME/.profile
was too restrictive.
Instead, we placed the necessary environment setup commands in two special
files: /etc/profile and /etc/.kshrc. When a user logs in, the program called
"login" spawns a shell -- typically the Korn shell on our servers. The Korn
shell looks for login scripts /etc/profile and $HOME/.profile and executes them
if they exist. The Korn shell also looks for the file referenced by the environment
variable ENV (set to /etc/.kshrc on our servers) and executes it if it exists;
this happens whenever the Korn shell is invoked -- not just at login time.
|
