How to Run a Command Before User Logs In

In many scenarios, you need to run specific commands or scripts automatically before a user logs into a system. This capability is especially useful for performing system checks, updating configurations, or setting up the environment consistently.

This article covers various methods to achieve this on a Linux system.

Understanding the Login Process

Before we delve into how to run commands pre-login, it’s crucial to understand the login process. When a user logs into a Linux system, the process typically involves the following steps:

• Authentication: The system verifies the user’s credentials.
• Session Creation: Upon successful authentication, the system initiates a user session.
• Execution of Login Scripts: Various scripts are executed that can be configured to run custom commands.

Let’s explore various methods for running a script before user login on a Linux system in detail.

Using /etc/rc.local for System-Wide Commands

The /etc/rc.local file is a traditional way to run system-wide commands before the login screen appears. While some modern Linux distributions no longer include it by default, it remains a viable option for initializing services at boot.

First, check if the /etc/rc.local file is present on your system:

ls /etc/rc.local

If the file doesn’t exist, create it and ensure it is executable:

touch /etc/rc.local
chmod +x /etc/rc.local

Open the file with a text editor, like nano:

nano /etc/rc.local

Add your script or command before the exit 0 line:

#!/bin/bash
echo "Running pre-login script" >> /var/log/prelogin.log
/path/to/your_command.sh
exit 0

Enable and start the rc-local service.

systemctl enable rc-local
systemctl start rc-local

Note: This method runs commands at boot, making it suitable for tasks that need to start before the login screen is visible, but it does not run every time a user logs in.

Configuring PAM (Pluggable Authentication Modules)

PAM modules provide a way to execute scripts when users authenticate, which can be useful for security policies or performing actions specific to the user before full access is granted.

The PAM configuration files are located in /etc/pam.d/. Depending on the type of login, choose the appropriate file.

For SSH logins, edit /etc/pam.d/sshd:

nano /etc/pam.d/sshd

For local logins, edit /etc/pam.d/login:

nano /etc/pam.d/login

To run your script before login, add the following line to the appropriate file:

auth required pam_exec.so /path/to/your_command.sh

You can also add logging within your script to track login attempts:

#!/bin/bash
echo "User $PAM_USER attempted login at $(date)" >> /var/log/prelogin_pam.log

Creating a Pre-Login Systemd Service

systemd offers precise control over when and how services are executed. You can create a systemd service that runs before the display manager starts, ensuring the command executes prior to any graphical login prompt.

Navigate to /etc/systemd/system/ and create a new service file:

nano /etc/systemd/system/prelogin.service

Add the following configuration to the service file:

[Unit]
Description=Run Pre-Login Script
Before=display-manager.service

[Service]
Type=oneshot
ExecStart=/path/to/your_command.sh

[Install]
WantedBy=multi-user.target

Enable the service to ensure it runs during every boot:

systemctl enable prelogin.service
systemctl start prelogin.service

Use the following command to verify that the service ran successfully:

systemctl status prelogin.service

Running Commands with /etc/profile and /etc/profile.d/

The /etc/profile file and the /etc/profile.d/ directory allows you to run commands when a user session starts. This is more suited for customizing the user environment and runs once the user logs in.

Edit /etc/profile and add commands directly to /etc/profile to make them run at every session start:

nano /etc/profile

Add the following line:

echo "Session started for user $USER at $(date)" >> /var/log/session_start.log

Alternatively, you can create a script in /etc/profile.d/ to achieve similar behavior:

nano /etc/profile.d/prelogin_script.sh

Add your commands to the script:

#!/bin/bash
echo "Running session initialization for $USER" >> /var/log/session_script.log

Note: This method is effective for running commands that configure user environments after login, rather than before authentication.

Using Cron Jobs for Boot-Time Execution

cron jobs can be used to execute commands at system boot. The @reboot cron keyword allows for simple boot-time scripts, though these run alongside other startup tasks and do not necessarily need to be done before login.

Open the crontab editor:

crontab -e

Add the following line to run a script at every system boot:

@reboot /path/to/your_command.sh

Log messages from your script can help you verify its execution:

echo "Boot script executed at $(date)" >> /var/log/boot_script.log

Conclusion

Running commands before user login can be essential for configuring the environment, initializing services, or setting up security measures. Each method offers unique benefits and is suitable for different scenarios, so select the approach that best matches your system’s requirements and the specific tasks you wish to perform. Ready to optimize your server environment? Explore Atlantic.Net’s dedicated server hosting options today!