I need to run a script (which requires root privileges) on login per-user only. I want this to run automatically so I’ll add an appropriate line to .profile.
A couple of questions:
1 The easiest way I can think of to run the script as root is to setuid, but I know there are security concerns. Is there a better way?
2 Is there a way to run a script per-user at logout?
If this is a GUI login, there are some hooks that can be called from the display manager. Unfortunately my experience is with xdm and I don’t know what the story is with kdm and gdm now.
What is it you are trying to do anyway? There may be a better way to do it. Adding a line to .profile on the fly may not be the best idea. Do you remove it on logout? What happens if somebody else logs in while you are removing it, do you have a race condition?
For gdm, all the script (normally called ‘Default’) in the subdirectories Init, Postlogin, PostSession and PreSession are executed as root. You can add your own commands here.
For xdm, /etc/X11/xdm/Xsetup and /etc/X11/xdm/Xstartup are also executed as root. The names of these srcipts are defined in /etc/X11/xdm/xdm-config.
OK, thanks for the tips.
The situation. I am setting up to do some audio tasks - recording, etc. I’ve installed a RT kernel. I have created a user specifically for these audio tasks, and have assigned RT privileges to this user in /etc/security/limits.conf
When the audio user logs in, I want to to temporarily disable cron (to stop stuff like mandb from kicking in) and to run a script which reassigns interrupt priorities. This is all with the goal of minimizing latencies of relevance to sound events. However, it would be nice to restart cron after finishing the audio work.
I’ll probably use a light desktop like xlde for these audio tasks.
Maybe running under sudo. There are settings in Yast to allow certain processes to run with out having to enter the root password I think. Never did it myself.
sudo should do what you want. It will also allow you to test it manually. You can invoke it in /etc/profile or similar.