HPE Community
Operating System - HP-UX
1834598 Members
4151 Online
110069 Solutions
New Discussion

block user

 
SOLVED
Go to solution
ashish_24
Occasional Advisor

‎04-15-2004 05:25 PM

‎04-15-2004 05:25 PM

block user

hey friends,

in my company there r some users who share login i want that at a time nomore than two users with same username can login..for eg:--username 'ashish' cannot be used more than two times... if any user does than a message is displayed...Please try after some time..

thanx in advance
0 Kudos
Reply
6 REPLIES 6
Trond Haugen
Honored Contributor

‎04-15-2004 05:39 PM

‎04-15-2004 05:39 PM

Re: block user

Don't know how to do that but I would definitely not encurrage having more than one person using a login. Or put another way; if you do, why limit it to two?
If you MUST I guess some scripting in the profile is the best I can come up with.

NUMBER=$(who | grep whoami | wc -l)
if [ $NUMBER -gt 2 ]
then
echo "Please try after some time.."
exit
fi

Regards,
Trond
Regards,
Trond Haugen
LinkedIn
0 Kudos
Reply
Elmar P. Kolkman
Honored Contributor

‎04-15-2004 05:47 PM

‎04-15-2004 05:47 PM

Solution

Re: block user

This question has been asked before, though in most cases with the request to be able to login only once...

The simplest solution is to use the .profile of the user (if using a normal posix shell, the default. If using csh, you need to use .login) to check and block multiple sessions of the user, in your case when two sessions are active.

The check would become something like this:
if [ $(who | grep ashish | wc -l) -gt 2 ]
then
echo "Too many sessions active already. Please try again later."
exit
fi

Mind that this shouldn't be editable by the users and non-interuptable! Non-interuptable can be done by ignoring all signals in the beginning of the profile:
trap "" 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
And at the end, before leaving:
trap - 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

To make in un-editable you would need to put it in /etc/profile, which is not editable for the normal users. But then you need to make sure the user trying to login is ashish too.
Every problem has at least one solution. Only some solutions are harder to find.
Reply
ashish_24
Occasional Advisor

‎04-15-2004 06:03 PM

‎04-15-2004 06:03 PM

Re: block user

hey mr haugen
ur reply is not working, as u are trying to grep whoami text in the output of who but if u write the username in place of whoami or $(loganame)...i used $(logname) and it worked...anyway thanx for ur help.. rest of ur code was ok..

ashish

0 Kudos
Reply
Trond Haugen
Honored Contributor

‎04-15-2004 06:06 PM

‎04-15-2004 06:06 PM

Re: block user

Yes ashish you are right.
Think I'll need another caffee. Here is the corrected script as you pointed out.

NUMBER=$(who | grep $(whoami) | wc -l)
if [ $NUMBER -gt 2 ]
then
echo "Please try after some time.."
exit
fi

Regards,
Trond
Regards,
Trond Haugen
LinkedIn
0 Kudos
Reply
ashish_24
Occasional Advisor

‎04-15-2004 06:18 PM

‎04-15-2004 06:18 PM

Re: block user

thank u mr kolkman,

ur solution was perfect especially the trap sequence and .profile moving to /etc dir...but i thenk we can do it one more way if we change ownership of .profile to that of root and make it readonly ....will that work...bye

thanx to all who helped me
0 Kudos
Reply
Elmar P. Kolkman
Honored Contributor

‎04-15-2004 06:33 PM

‎04-15-2004 06:33 PM

Re: block user

That might work, but then you also need to change the ownership of the home directory, otherwise the user might do a rename of .profile (he is by default the owner of his own homedirectory, so he may write it and move files around in it, even though he is not the owner of the file) and re-create a .profile, using the old .profile as starting point:

mv .profile .profile.root
cat .profile.root > .profile
chmod 755 .profile

Now he is owner and can change things in it as he wishes. That's why I suggested using /etc/profile.
Every problem has at least one solution. Only some solutions are harder to find.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.