6

I have a Ubuntu 14.04 Server which, during boot, should sync some stuff over the network before any normal user can log in (over ssh).

I was wondering whether calling the script from /etc/rc.local is the right place?

Looking at the comment of this script:

This script is executed at the end of each multiuser runlevel.

It looks like it is called after the system is ready to accept logins from users.

This is how I understand the "at the end of each multiuser runlevel".

I have seen the answer here: Purpose and Typical Usage of /etc/rc.local, I still found it a little ambiguous.

UPDATE

A little more context is appropriated: It is an automated process, where user are actually many machines polling the server to log in....

Community
  • 1
cecemel
  • 163
  • In a parallel boot process (innserv, systemd, or upstart), no, the login manager will not depend on rc.local. – jordanm May 08 '15 at 13:16
  • Can you explain how your edit refines what you are asking? I can't spot the difference, to be honest. Does one of the answers below answer your question? If so, please accept one of them. If not, please elaborate so we can help you solve your problem. – Benjamin B. May 09 '15 at 12:50

4 Answers4

4

Usually /etc/rc.local is the valid option, but it also depends on the amount of work that is involved in "syncing some stuff" and how important it is that users cannot login before this action has completed.

If you want to make sure that the syncing has completed before users login, you can consider one of two "nologin" options.

  1. Write a script that sets the login shell (of a particular group of users) to /usr/sbin/nologin before syncing and restores it after syncing.

  2. Create an empty /etc/nologin file before syncing using touch /etc/nologin and remove it after syncing. Note that this option may easily lock you out if you disabled logging in as root over SSH, since it prevents all non-root accounts from logging in.

Benjamin B.
  • 768
  • 1
    "Note that this option may easily lock you out, since it prevents anyone from logging in." No, it prevents only non-root users to log in. – dr_ May 08 '15 at 12:24
  • 1
    You are right. I automatically assumed everyone has remote root login disabled, but this might not be the cause of course. I've updated the answer. – Benjamin B. May 08 '15 at 12:26
  • 1
    @dr01 that's true, but on Ubuntu isn't the root user disabled by default? – Chris Davies May 08 '15 at 12:36
  • @ Benjamin and roaima: Good points. I assumed the OP logs in as root from console. If the root account is not enabled or if she's accessing via SSH then it's another matter (remote root login via password should not be allowed, as a good security practice). – dr_ May 08 '15 at 12:42
3

For the case you describe, calling your sync script from /etc/rc.local is a valid solution. It's the one I would probably go with as well, though there are undoubtedly other solutions that other people would come up with.

It's executed after all the "built-in" rc startup scripts, but before the login prompt is presented at the console. Do keep in mind, though, users will be able to log in to the system via SSH before rc.local is run. If this is a concern, you can put your script in the startup sequence after the network has started but before SSH is started. The reason I would still use rc.local and not worry about moving it's location is that the time between the SSH daemon starting and users realizing the system is available is in all likelihood far longer than it takes the system to get to and execute the rc.local script.

John
  • 17,011
2

It looks like it is called after the system is ready to accepting logins from users. This is how I understand the "at the end of each multiuser runlevel".

No, /etc/rc.local get execute when system boot. ( When user login using ssh it will set environment and run scripts from /etc/profile ~/.bashrc, Read this page for more information. )

I was wondering whether calling the script from /etc/rc.local is the right place?

Yes, you can

Community
  • 1
Rahul Patil
  • 24,711
1

I would personally go with @John's solution, but you can also set the startup sequence so that at the very beginning (near the S01 symlinks) it runs this command: 

echo "Please try to log in later" > /etc/nologin

And then put in /etc/rc.local: 

/root/yourscript.sh
rm -f /etc/nologin

The presence of the /etc/nologin file prevents non-root users to log in, either from SSH or from console. This will guarantee that users do not log in before your script has finished.

dr_
  • 29,602