User Open Only One Login session?
2007-12-25 11:33:00
Thanks Ericka
My Question was :
>
> Friends -
> Any idea How can we restrict the user to not open more then one session at
a
> time(User Level) ......
Best Regards,
Dr. Malahat Qureshi
Unix Solutions,
Allstate Insurance Co. IL
Ph: (847) 402-5535
Page: (800) sky-8888 Pin# 1875275
web: www.skytel.com
INFODOC ID: 17842
SYNOPSIS: How does one limit the number of logins?
DETAIL DESCRIPTION:
Users are logging in many times from the same system to my server and the
load is killing it.
How do I limit the number of times a user can log in?
Write a script to "wrap" the user's shell.
It has to be executable and readable by anyone but for security sake
writable only by root.
It should do whatever testing you'd like and if the login passes then do
an 'exec <shell>' at the end.
The user's passwd entry should point to the script's location.
Below is an example.
Example explained
---------------------
The example is written to allow any number of logins to a machine but not
more then one from a particular machine.
An easier script would just limit the number of logins regardless of their
origin.
I call the script below lcsh (limited C shell).
Place it any where on your system and make it executable.
A lcsh user's passwd entry might look like this:
dsweet:x:12345:10:David J. Sweet:/home/dsweet:/usr/local/bin/lcsh
Premissions on lcsh should look something like this:
# ls -l /usr/local/bin/lcsh
-rwxr-xr-x 1 root other 614 Sep 29 01:12 /usr/local/bin/lcsh*
Since some users may not like a given shell you'll have to create similar
scripts like lsh and lksh.
If some users need more logins then others then a lcsh5 might be necessary.
Just copy them over and change either the MAXLOGIN or THESHELL lines
appropriately.
Example
-------
#!/sbin/sh
#MODIFY THE FOLLOWING VARIABLES TO CUSTOMIZE LCSH
MAXLOGINS=1
THESHELL=/usr/bin/csh
#END
USR=`/usr/ucb/whoami`
WHO=/usr/bin/who
GREP=/usr/bin/grep
AWK=/usr/bin/awk
TTY=/usr/bin/tty
TTYDEV=`$TTY | $AWK -F\/ ' { print $3 "/" $4 } '`
export TTYDEV
RHOST=`$WHO | $GREP $TTYDEV | $AWK ' { print $6 } '`
export RHOST
NOLOGIN=0
for MACH in `$WHO|$GREP $USR|$GREP -v $TTYDEV|$AWK ' { print "\"" $6 "\"" }
'`
do
if [ "$MACH" = "\"$RHOST\"" ]
then
NOLOGIN=`echo "1 + $NOLOGIN" | /usr/bin/bc`
fi
done
if [ "$NOLOGIN" -ge "$MAXLOGINS" ]
then
echo "too many logins"
exit
else
exec $THESHELL
fi
Example is action
----------------
february:/home/dsweet 1 % telnet march
Trying 123.456.78.90...
Connected to march.
Escape character is '^]'.
UNIX(r) System V Release 4.0 (march)
login: dsweet
Password:
Last login: Tue Sep 29 04:28:45 from march
march:/home/dsweet 1 % echo $SHELL
/usr/local/bin/lcsh
march:/home/dsweet 2 % telnet march
Trying 123.456.78.90...
Connected to march.
Escape character is '^]'.
UNIX(r) System V Release 4.0 (march)
login: dsweet
Password:
Last login: Tue Sep 29 04:51:43 from march
too many logins
Connection closed by foreign host.
march:/home/dsweet 3 % exit
march:/home/dsweet 4 % Connection closed by foreign host.
february:/home/dsweet %
S
U BEFORE POSTING please READ the FAQ located at
N ftp://ftp.cs.toronto.edu/pub/jdd/sun-managers/faq
. and the list POLICY statement located at
M ftp://ftp.cs.toronto.edu/pub/jdd/sun-managers/policy
A To submit questions/summaries to this list send your email message to:
N sun-managers@codeprof.ececs.uc.edu
A To unsubscribe from this list please send an email message to:
G majordomo@codeprof.ececs.uc.edu
E and in the BODY type:
R unsubscribe sun-managers
S Or
. unsubscribe sun-managers original@subscription.address
L To view an archive of this list please visit:
I http://www.latech.edu/sunman.html
S
T
Comments
Got something to say?
You must be logged in to post a comment.
