Question : securing a ksh script

I have a ksh script running on AIX6.1, which will be run as a normal user (not root). My script invokes other shell scripts. Here's my script:

# cat menu2.ksh
#!/usr/bin/ksh

clear
echo
print "CSIA RBAC -- CONFIGURACION --"
echo

function settrap {
    trap 'print "You hit control-C!"' INT
}

settrap

print "1) Configurar comandos privados"
print "2) Configurar usuarios en RBAC"
print "3) Salir"

echo
echo "Seleccione la opcion:"
echo

while true; do
  read SELECT
  case $SELECT in
    1)    print "a) Listar los comandos privilegiados activos"
          print "b) Anadir comando a RBAC"
          print "c) Eliminar comando a RBAC"
          while read SELECT2;do
            case $SELECT2 in
              "a") echo "Comandos activos:" && lssecattr -c ALL|grep csia|awk '{print $1}';;
              "b") ./addcmdrbac.ksh;;
              "c") ./delcmdrbac.ksh;;
            esac
            break 2
          done;;
    2)   print "a) option a"
          print "b) option b"
          while read SELECT2;do
            case $SELECT2 in
              "a") print "A selected";;
              "b") print "B selected";;
            esac
            break 2
          done;;

    3) break;;
  esac
  ./menu2.ksh
  # break
done

Question:
How can I prevent a any user to abort my script with Ctrol+C or Ctrol+Z, or other kill or aborting signal?
Can I protect this from the main (menu2.ksh) script?

Answer : securing a ksh script

Hi again and sorry!

I overlooked that you're obviously using the legacy version of ksh, which is standard for AIX.

As opposed to the newer ksh93 (which I use for homemade scripts), putting the trap command into a function is not really supported with ksh! It will only work inside the function and not in the calling script!

So you could either switch to ksh93 (by replacing #!/bin/ksh with #!/bin/ksh93, but please check thoroughly for compatibility)), or you must relinquish using a function.

Anyway (ksh or ksh93) you could put the "trap" command" into an autonomous file and "source" it where needed.

1) Create a file containing just  trap "" INT HUP QUIT TERM and call this file e.g. /etc/ignoretrap.

2) Add .  /etc/ignoretrap as the second line to whichever script desired. Note the ". " (dot space) preceeding settrap! It's important!

And please take care to really ignore the traps using a null string as the command! Printing out a string will in many cases not yield the desired result (continuing the script as if nothing had happened).

wmp