If you run a server, you probably end up having to run commands that
require passwords. Some programs handle passwords a lot better than
others, such as MySQL. If you don’t specify a password in MySQL but
-p argument, your password won’t be visible. But if you
create a new user or change your password that’s a different story.
There are also some programs that may require sensitive information
directly from the command line or commands that you want to run once
the user exits of the shell.
This tutorial, if it can be called that since it’s so short, will teach
you how to run a bash script when you log out of your linux server.
This will only work with users who use the bash shell. This won’t work
if you have a GUI installed. Also, if you use
sudo, which you should,
this won’t work unless you initiate
sudo using the command of
-iu root instead of just
sudo su. The argument
-i specifies sudo
to simulate the initial login of that user and the
-u specifies the
user to login as. If you are logging in as root, you can just use the
Now we create the script we want to run when the user exits the shell
using one of the methods such as
exit or using the key
Control + D. Every user can have a different script
execute when they log out, but for my server I have all users running
the same script so I also added the script to
/etc/skel/ so new users
will get the script by default.
Create the Script
Visit a user directory, and check to see if their home directory
contains the file
.bash_logout. Most of the time this will file exist
with code that will clear the console. If you don’t have this file you
can create your own easily using the command
Edit the file by using your favorite text editor, I usually end up
vi since it comes with Debian, but
nano is also a good
alternative and is more user friendly.
Enter any commands you want into this file. The file is just a bash script which will allow you to add logic and more if required. Keep in mind the permissions the user will have when running these commands since the script will run using the current user’s permissions.
# ~/.bash_logout: executed by bash(1) when login shell exits. # when leaving the console clear the screen to increase privacy if [ "$SHLVL" = 1 ]; then [ -x /usr/bin/clear_console ] && /usr/bin/clear_console -q fi # delete history history -a cat /dev/null > $HOME/.mysql_history cat /dev/null > $HOME/.bash_history
I have the above code clear the console (the default .bash_logout
functions) but at the end I added the
delete history functions which
will clear out the files of
in case any passwords were in plain text in those two files. You can
add anything you like to this file as long as the user has permissions
to execute it.
To explain a little bit about the code I inserted at the end, the first
call is to
history -a which will append all the new history commands
to the file and flush it. This is required since the history file isn’t
flushed until after the connection is closed. If you don’t call this
command, the history file will only deleted commands from the previous
session and not the one that just occurred.
The next two lines are simply taking the contents of
inserting them into the two history files. This is a lot easier than
deleting the files and creating them again.
Create Script for All Users
To use the same logout script for all users, save it to the directory
/etc/skel which is used by Debian as the layout for new user’s home
folders. I am unsure if other operating systems use the same directory.
You will then have to copy the file
/etc/skel/.bash_logout to all
users that currently exist. Sadly since the function
cp doesn’t allow
multiple destinations you will have to write a bash script that will
perform this action for you, or you could just manually copy the files
if you only have a few users like I did. Below are a few links to
scripts that may help you on copying the file to all home directories.