-
Title
Is it possible to customise the command run on Linux/Unix systems? -
Description
Is it possible to customise the command run on Linux/Unix systems instead of using passwd <username> (when "Reset Password" is used)? -
Resolution
WORKAROUND 1 - Wrapper scripts using PermitUserEnvironment
You could create a wrapper script to achieve this. For example:
1. Create an executable script in /home/funcacct called passwd, adding the customisation - in this case -r files. E.g.:
#!/bin/sh
#Unlock user account
/usr/bin/passwd –r files $*
NOTE: Ensure the script contains the hashtags and all commands within are fully pathed. Ensure the script is executable.
2. Set the functional account (funcacct) enviroment PATH variable to first look in the directory containing the passwd script.
Display the contents of the functional account .ssh/environment via 'cat' or similar:cat ~funcacct/.ssh/environment
It should return the contents, containing a relevant PATH for your configuration and requirements such as:
PATH=/home/funcacct:/bin
NOTE: As the commands are run non-interactively, changing the PATH variable in the shell files/login scripts will not have any effect.
3. Set PermitUserEnvironment (or AcceptEnv) in sshd_config to yes for the functional account, and ensure SSH is restarted.
WORKAROUND 2 - Wrapper scripts using Delegation prefix
As above, but instead of changing the PermitUserEnvironment, set the Delegation Prefix in TPAM | Details tab to a directory. E.g. /path/to/utils/.
Then place your passwd script in this directory. Ensure all commands run are available from this directory, such as echo and grep.
SOLUTIONA 'Custom Platform' feature was introduced in 2.5.911+ which could be used to allow customisation of the platform command. -
Change Request
4957