Skip to main content

On Linux, how do I set the PATH for non-interactive, non-login shells? e.g. for the case of rksh?

Non-interactive, non-login, shells inherit the PATH from the ssh process, so we must set the PATH with ssh. Some shells, like Korn Shell (ksh, rksh, pksh), only parse user environment files in login shells, so there's no way to change the inherited environment in non-interactive, non-login shells.
  • To set the path globally, build a custom ssh with the needed default path.
  • To set the path for a particular user, first configure ssh to use custom environments by enabling "PermitUserEnvironment" in /etc/ssh/sshd_config: PermitUserEnvironment yes
  • Restart sshd
  • Then set the path in that user's authorized_keys file or using ~/.ssh/environment.
  • Note that you need to set all of the important shell variables. The existence of ~/.ssh/environment seems to preclude the setting of default environmental variable values.
  • So, for example, given a location for binaries for rksh (restricted korn shell), /usr/restricted/bin, place the following in ~/.ssh/environment:
HOME=/home/username
LOGNAME=username
MAIL=/var/mail/username
PATH=/usr/restricted/bin
PWD=/home/username
SHELL=/bin/rksh
SHLVL=1
USER=username

  • Note: replace username with the login of the user. Then, optionally, lock down write access to ~/.ssh/environment:
    • Set the classical permissions:
      • chown root:root /home/username/.ssh/environment
      • chmod 644 /home/username/.ssh/environment
    • Or, place file in an restricted SE Linux context and then configure an SE Linux ACL restricting access.
    • Or, set a Posix ACL on the file to limit access.
    Labels:

    Comments

    Post a Comment

    Popular posts from this blog

    How to fix this ssh error from a Cisco switch: ssh_rsa_verify: RSA modulus too small: 512 < minimum 768 bits

    Problem ssh user@cisco_switch returns: ssh_rsa_verify: RSA modulus too small: 512 < minimum 768 bits key_verify failed for server_host_key Solution The modulus of the ssh RSA key pair on the switch is too small. If you have access, generate a new key pair on the switch with a larger modulus. Procedure Login with ssh protocol version 1 ( ssh space dash one ): ssh -1 user@cisco_switch (On the switch): enable (On the switch): Authenticate to "Privileged Exec Mode" mode on the switch. (On the switch): conf t (On the switch): crypto key generate rsa general-keys modulus 1024 (On the switch): Press enter to accept that the current key pair for the switch will be replaced. You now should be able to log into the switch with ssh protocol version 2.
    Post a Comment
    Read more

    PowerShell One-Liners

    Introduction PowerShell is Microsoft's shell for their product lines. It's now on version 3.0. If you miss the power of the command line while using Windows on either your laptop or servers, PowerShell provides that power. Important concepts: Almost all aspects of the Microsoft ecosystem are objects within an overarching structure. You query and manipulate this structure and its objects with PowerShell. This includes all aspects of SharePoint, Active Directory, and Exchange. Other companies, like VMware (see below) have also written PowerShell modules. This "object nature" means that PowerShell pipes pass objects and properties, not just text.  Variables store data-structures of objects.  One-liners Note: Unwrap the code lines before you use them. Get Help Get the usage of the command "Select-Object": Get-Help Select-Object Built-in examples for the command "Select-Object": Get-Help Select-Object -exam
    Post a Comment
    Read more

    How to play a video on a Raspberry Pi Desktop by double-clicking on a file...

    The article describes how to open video, audio, and other media files in the Raspberry Pi desktop (the LXDE file manager) using the GPU-based player program. Does double-clicking on a video file in Raspbian result in slow blocky playback in SMPlayer and VLC on your Raspberry Pi? The short answer is that those video players will not work because at this time (Nov. 2013), they do not make use of the GPU on the Raspberry Pi. You need to use the hardware accelerated player, omxplayer, that is used in XBMC Live and OpenELEC.  The problem is that omxplayer is a command line player that is designed to be embedded in the XBMC based distributions.  I present below a way to make it play videos, if you double-click them in the Raspbian Desktop. Others have presented this method, but I've added a little bit of abstraction to make management easier. To start, open LXTerminal and the follow the process below. Step One - Get rid of the CPU-based media players sudo aptitude re
    Post a Comment
    Read more