RATS_LOCK
Rats_lock is a limited version of a shell change program. It is intended for placing people in well defined "shell" states. This is primarily used for locking accounts for disciplinary reasons, or password changes and for undoing these states.The main structure behind this tool is the %SHELL_LOCKS data structure in rats.conf. Here the different lock types can be defined. The way it works is that when a type of lock is applied to a user, the user's shell entry is reduced to the name of the shell itself and the appended to the path defined for that particular lock type.
For example, if we define
%SHELL_LOCKS = (
'kerbshell' => '/usr/local/accounts/slocks/kerbshell',
'normal' => '/bin',
);and user foo has his/her shell set to "/bin/tcsh" running:
rats_lock foo kerbshell
would set foo's shell to "/usr/local/accounts/slocks/kerbshell/tcsh'
and running:
rats_lock foo normalwould set it back to "/bin/tcsh".
The actual shells set should be programs that either print an appropriate message, or some other required function. There is currently no such shell is included in the RATS package, though a generic, multi-use, shell is being worked on (based on probsh). It will be distributed separately.Note that incorrect usage will print out a usage statement together with the current list of valid locks as defined in your rats.conf
Usage:
usage: rats_lock <username> <locktype>
current valid lock types are:This tool is not meant to be used by anyone but administrators. Please keep this out of reach of anyone else. A matching CGI tool, lock.cgi is also provided if you wish to allow other support staff access to this functionality. This cgi script should be tightly restricted by the use of htaccess if you decide to use it.