To make sure that a script will be run by root only:
#!/bin/sh if [ `id -u` != 0 ]; then echo "Permission denied, must be root" exit fi # Do the thing...
This snippet could authenticate users using their /etc/passwd or /etc/shadow entry. May have to run this with higher than normal privilege:
#!/usr/bin/env perl print "Username: "; chomp($uname = <stdin>); $pwd = (getpwnam($uname))[1]; # get the user's pwd die "invalid usern" unless defined $pwd and length $pwd; $salt = substr($pwd, 0, 2); system "stty -echo"; print "Password: "; chomp($word = <stdin>); print "n"; system "stty echo"; if (crypt($word, $salt) ne $pwd) { die "Sorry...n"; } else { print "okn"; }
For accomplishing other tasks such as copying CDs, etc., try carefully reading the cdrecord manual page and, if necessary, consulting the canonical CD recording FAQ at http://www.cdrfaq.org/.
——————————————————
Creating a data CD:
Step 1: Make a directory to contain the files you want to place on the the CD. “mkdir /image/userdir/” is the standard method.
Step 2: Copy the files from wherever they are to the directory you just created.
Step 3: Create the ISO9660 image that will be burned on the CD. You do this using the mkisofs command. An example command is:
csh> cd /image/userdir/ csh> mkisofs -o /image/burn-image/.iso -l -R -L -V "" -P "" -p "" -A "" . -o: the name of the file that will contain the image -l: use long file names -R: use Rock Ridge extensions. This means that long filenames will be used, file uid/gids and permissions will be preserved, symbolic links will be included, etc. In other words, the CD will try hard to emulate a Unix file system. [-r: This is like the -R option, but file uid/gid are set to 0, files will be readable by anyone and all write permissions will be removed. Use this switch if you anticipate needing to read the CD in an environment where your uid/gid do not exist. E.g., if you are sending to CD to another institution.] -L: Allow file names beginning with '.'. -V, -P, -p, -A: See the mkisofs man page. The final argument (in the example '.') is the name of the top-level directory containing file data. See the mkisofs manual page for further details.
In your LILO configuration section, write something like:
image = /vmlinuz label = Linux root = /dev/hda1 password = wingedlizard restricted read-only
Then chmod this file 600 (so nobody but root can read it) and re-run /sbin/lilo.
The “restricted” keyword means that LILO will stop and ask for a password if you try to boot this kernel with _any_ keywords such as “1” or “single” or “init=/bin/bash”. A password won’t be required during normal (no-added-keywords) boots.
This command will show the number of KBs used for all non-hidden files and folders in the current directory:
du -sk * | sort -rn