Setting user privileges
I have read all the basics about user privileges, but in my situation I am quite unsure how to apply my half knowledge.
The situation is as follows: Multiple users shall be able to execute a shell script on a central server in a LAN via rsh/ssh. This can also happen simultaneously. What I need in this case is one user account for all client users that is only used to execute the script on the server, but I don't know how to set the right privileges. Would it be sufficient to use a normal user account as "global server user" and give him execute privileges for the script and write and read privileges for some files that are used by this script? If I am wrong, please correct me.
I have two suggestions that might help.
First, disable "rsh" and only use "ssh" since it's more secure and has lots more functionality.
Second, you can setup ssh keys that are bound to a specific command. I do it do rarely that I need to look up the specific syntax each time, but let's leave that as a "tbd" for the moment. You could give each user their own ssh, with a password only they know, that allows them to use "ssh" to run the script in question on the central server. And since it's bound to that command only, they wouldn't have the ability to do anything else.
You could also just make one key and let everyone use it. The tradeoff is that one key is simpler, but it's harder to add/remove people since everyone need to switch to the new key (or at least get a new password).
Thanks. Well, in my case rsh might be a better choice, because it has less overhead than ssh. I want to use it to build some kind of primitive push service by calling a remote command via rsh/ssh which itself executes a kill command and thereby sends a signal to some other remote process that is running in the background. Of course, UDP would be much better in this case, but I don't know any shell command that makes use of UDP. The clients in the network just need to send a small "nudge" to the server. rsh/ssh are session based. Can I influence, how long this session will be kept alive after remote command execution? Maybe I need to configure that in some xinetd config file?