I'm trying to write a bash script that will execute rsync when called by pam_exec
. I've tried a couple different ways, and I'm not sure what I'm doing wrong.
When I try to run the script at login by adding
session optional pam_exec.so /usr/bin/local/sync.sh
to my sshd
file, it gives me an exit code of 12.
If I log in and then manually run my script, it allows me to connect to the remote server, and it lists my files, but it doesn't actually sync anything.
I have tried the code below using buth $USER
and $PAM_USER
. $PAM_USER
doesn't work at all.
#!/bin/sh
rsync -azv -e ssh $USER@remote_server:/home/html/$USER/ /home/html/$USER
Best Answer
The man page for
pam_exec
explains that the module provides$PAM_USER
, not$USER
:On my Debian based system I added this line just before the entry for
pam_motd
I then created the test script, remembering to make it executable:
Finally, I opened a new login session to my test system, and saw that on session start I received information such as this in my log file
/tmp/pam_exec.log
:To implement your requirement you would need to use a script something like this:
Notice that all output from
rsync
is discarded. This is necessary to ensure that client/server applications usingssh
as a transport do not get hit by unexpected output before they can start their negotiation. If you really want to present it to the user, I would recommend you write it to a user-specific log file such as"$HOME/.pam_exec.log"
and then use a line like this in the user's.profile
to output it after the login process has completed:It's not immune to a race condition, but IME most users don't login simultaneously multiple times to the same server. If you find this scenario is common there are ways to deal with it.