HPE Community
Operating System - HP-UX
1833748 Members
2974 Online
110063 Solutions
New Discussion

How to allow user login only one time.

 
SOLVED
Go to solution
Kennethyap
Frequent Advisor

‎06-28-2005 08:53 PM

‎06-28-2005 08:53 PM

How to allow user login only one time.

Dear Expert,
I have many user login to server but how to dis-allow user login many time?
Any security require to setup ?
0 Kudos
Reply
8 REPLIES 8
Yogeeraj_1
Honored Contributor

‎06-28-2005 09:02 PM

‎06-28-2005 09:02 PM

Solution

Re: How to allow user login only one time.

hi,

this is possible! below a quote from "man login"


Refer to the /etc/default/security file in the security(4) man page for detailed information on configurable parameters that affect the behavior of this command. Currently supported parameters are:

ABORT_LOGIN_ON_MISSING_HOMEDIR

NOLOGIN

NUMBER_OF_LOGINS_ALLOWED


hope this helps!
regards
yogeeraj
No person was ever honoured for what he received. Honour has been the reward for what he gave (clavin coolidge)
Reply
Muthukumar_5
Honored Contributor

‎06-28-2005 09:16 PM

‎06-28-2005 09:16 PM

Re: How to allow user login only one time.

You can use /etc/default/security by configuring, NUMBER_OF_LOGINS_ALLOWED parameter.

Else, with /etc/profile file as,

if [[ $(users | grep $LOGNAME|wc -w) -gt 2 ]]
then
echo "User name $LOGNAME is having more sessions. Try later"
sleep 2
exit 1
fi
hth.
Easy to suggest when don't know about the problem!
Reply
Cem Tugrul
Esteemed Contributor

‎06-28-2005 10:45 PM

‎06-28-2005 10:45 PM

Re: How to allow user login only one time.

Kennethyap,

i sometimes use Muthukumar's way and
believe me it always works...

Good Luck,
Our greatest duty in this life is to help others. And please, if you can't
Reply
doug hosking
Esteemed Contributor

‎07-11-2005 06:41 AM

‎07-11-2005 06:41 AM

Re: How to allow user login only one time.

Patch PHCO_27694 or equivalent may be required for correct behavior if you use the /etc/default/security method.
Reply
Vibhor Kumar Agarwal
Esteemed Contributor

‎07-11-2005 03:03 PM

‎07-11-2005 03:03 PM

Re: How to allow user login only one time.

Just write a small script and initiate it in the .profile of users you don't want to log in again.

In this script you initiate a small command after 1 min of login which writes a "exit" at the end of .profile

So once they have logged in, they won't be able to log in again.

Something like:
echo exit >> $HOME/.profile
Vibhor Kumar Agarwal
Reply
Borislav Perkov
Respected Contributor

‎07-11-2005 08:35 PM

‎07-11-2005 08:35 PM

Re: How to allow user login only one time.

Hi,
You can put this line at the end of .profile in home directory.

[[ `who | grep | wc -l ` -gt 1 ]] && exit

for the you want to restrict
Regards
Reply
doug hosking
Esteemed Contributor

‎07-12-2005 09:22 AM

‎07-12-2005 09:22 AM

Re: How to allow user login only one time.

[[ `who | grep | wc -l ` -gt 1 ]] && exit

is unlikely to be reliable. Suppose I'm grepping for root and there are users named shroot, root37, etc. logged in. How would this affect the results of the grep and wc commands?

This is perhaps a relatively harmless example of some potentially deadly problems with unanchored greps.

I remember years ago a junior operator tried to impress his boss by writing a shell script that tried to be equivalent to the HP-UX 'userdel' command. It took the argument (a user name) as the name of the account to delete, looked for the home directory of that user, and clobbered the home directory before removing the relevant line from /etc/passwd. At least that was the way the script was supposed to work.

The operator carefully tested the script under all of the conditions he could think of. He worked very hard on it whenever he had a few minutes before changing backup tapes.

Weeks passed. He was almost ready to show the boss to try to impress him, but decided to do one more test to make sure his code was perfect... The final test:

# rmuser hi

OK, what's in /etc/passwd that matches 'hi' ?

root::0:3:The devil himself:/:/sbin/sh
hi::12:35:A test user:/home/hi:/usr/bin/ksh

Oh, 'hi' matches the first part of 'himself' so I'll just cd to / and rm -rf it. Oops! That's not what I meant!!!

Needless to say, the operator did not get the promotion he was hoping for, and learned a very valuable lesson about anchored searches in grep!
Reply
Biswajit Tripathy
Honored Contributor

‎07-12-2005 04:57 PM

‎07-12-2005 04:57 PM

Re: How to allow user login only one time.

Kennethyap,
I would fully agree with Doug Hosking's
suggestion. While using grep, be very
careful.

Note also that the $HOME/.profile is owned by
the user, so nothing stops him/her from
deleting the lines you just added. Putting
the script in /etc/profile is also open to
abuse as the user can use "Ctrl+|" to stop
execution of /etc/profile (as one of the
above post suggests "sleep 2" in the script
before exit, it would be even easier to
terminate /etc/profile and negate what you
are trying to achieve.

The correct way is to use /etc/default/security file as suggested by
many above.

- Biswajit
:-)
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.