This section discusses wholesome practices in setting up a GT.M based application on UNIX/Linux such that, when "captive" users log in to the system, they are taken directly into the application, and when they exit the application, they are logged off the system. Unless part of the application design, a captive user should not get to a shell or GT.M prompt.
The example in “Sample .profile” is for /bin/sh on GNU/Linux, and may need to be adapted for use with other shells on other platforms.
At a high level, preventing a captive user from getting to a shell or GT.M prompt involves:
trapping signals that may cause the login shell to give the user interactive access, for example, by pressing <CTRL-Z> to suspend the mumps application;
preventing a GT.M process from responding to a <CTRL-C> until the application code sets up a handler; and
preventing an error in the application, or a bug in an error handler, from putting a captive user into direct mode.
Note that other users on the system who have appropriate privileges as managed by the operating system can still interfere with captive users. In order to secure a system for captive applications, you must protect it from untrusted other users. Users should only have credentials that permit them the level of access appropriate to their level of trustworthiness, thus: untrusted users should not have credentials to access a system with captive applications.
Defensive configuration implies setting up layers of defenses, so that an error in one layer does not compromise the system.
After initialization common to all users of a system, a login shell sources the .profile file in the user's home directory. A captive user's .profile might look something like this, where "..." denotes a value to be provided.
trap "" int quit # terminate on SIGINT and SIGQUIT stty susp \000 # prevent <CTRL-Z> from sending SIGSUSP # set environment variables needed by GT.M and by application, for example export gtm_dist=... export gtmgbldir=... export gtmroutines=... export gtm_repl_instance=... export gtm_tmp=... # disable mumps ^C until application code sets up handler export gtm_nocenable=1 # override default of $ZTRAP="B" export gtm_etrap='I 0=$ST W "Process terminated by: ",$ZS,! ZHALT 1' # set other environment variables as appropriate, for example export EDITOR=... # a preferred editor for ZEDIT export TZ=... # a timezone different from system default export HUGETLB_SHM=yes # example of a potential performance setting export PATH=/usr/bin:/bin # only the minimum needed by application export SHELL=/bin/false # disable ZSYSTEM from command prompt # execute captive application starting with entryref ABC^DEF then exit exec $gtm_dist/mumps -run ABC^DEF
Note the use of exec to run the application - this terminates the shell and disconnects users from the system when they exit the GT.M application.
If an incoming connection is via an Internet superserver such as xinetd, some of these are not applicable, such as disabling <CTRL-C> and <CTRL-Z>.
