Operating System - HP-UX
1833883 Members
1572 Online
110063 Solutions
New Discussion

Re: how to prevent users logging in more than once?

 
inventsekar_1
Respected Contributor

how to prevent users logging in more than once?

i like to know how to prevent users from logging in thru telnet more than once in a hpux(any version) system.
i like to know the same thing for sun solaris.
thanks in advance.
Be Tomorrow, Today.
10 REPLIES 10
Enrico P.
Honored Contributor

Re: how to prevent users logging in more than once?

Hi,
in the user .profile you can add a line that start a script like this:

number_conn=who|grep -c username

if [ $number_conn > num_conn_you_want ]; then
exit
fi

The script should not have write permission for user

Enrico
Enrico P.
Honored Contributor

Re: how to prevent users logging in more than once?

Sorry the user can modify him .profile ...

Enrico
rariasn
Honored Contributor

Re: how to prevent users logging in more than once?

Hi sekar,

HPUX:

Modify file /etc/security/defaults

NUMBER_OF_LOGINS_ALLOWED
This parameter controls the number of simultaneous
logins allowed per user. This is applicable only for
non-root users.

NUMBER_OF_LOGINS_ALLOWED=0 Any number of logins are
allowed per user.

NUMBER_OF_LOGINS_ALLOWED=N N number of logins are
allowed per user.

Default value: NUMBER_OF_LOGINS_ALLOWED=0

man security

rgs,

ran


Steven E. Protter
Exalted Contributor

Re: how to prevent users logging in more than once?

Shalom

in /etc/profile

LOGINS=$(who | grep $LOGNAME |wc -l)
if [ $LOGINS -ge 1 ]
echo "Multiple logins not permitted. bad little boys and girls.... Shame on you."
exit 1
else
"Logging in a well behaved user"
fi

Don't use my text, I'm trying to be funny.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Steven E. Protter
Exalted Contributor

Re: how to prevent users logging in more than once?

Shalom

in /etc/profile

LOGINS=$(who | grep $LOGNAME |wc -l)
if [ $LOGINS -ge 1 ]
echo "Multiple logins not permitted. bad little boys and girls.... Shame on you."
exit 1
else
echo "Logging in a well behaved user"
fi

Don't use my text, I'm trying to be funny.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
inventsekar_1
Respected Contributor

Re: how to prevent users logging in more than once?

1.) /etc/profile files permission is -r--r--r--. if i write the scripte in this file, user cannot edit it. ie user only can read that. no write permission to users. right?

2.) is this same for sun solaris also?
Be Tomorrow, Today.
TKeller
Frequent Advisor

Re: how to prevent users logging in more than once?

Since I've always been one to make everything as redundant as possible, I'd do the following:

1: put a logon script inside /etc/skel/.profile that does what above scripts do with logon checks. Make sure it's owned by a user like bin and group-owned by bin (or root/bin), and chmod'd 444.

2: for existing users, do something like this:

for i in `cat /etc/passwd | awk -F: '{ if ( $3 >= 100 ) { print $1 } }'`
do
cp /etc/skel/.profile /home/$i/.profile
chmod 444 /home/$i/.profile
done

This way you secure the .profile against typical modifications and everyone's covered with step #2. The only problem would be specific users who have sudo access that allows them to vi, pico, whatever.
It is said you should treat your body like a temple. I treat mine like an amusement park.
Bill Hassell
Honored Contributor

Re: how to prevent users logging in more than once?

The file to control logins is /etc/profile (unless you have some csh users) and no user can change this file except root. The /etc/defaults/security is meaningless for early versions of HP-UX and some options don't work (and do not produce any error messages) if all the security patches are not installed. There is no way to protect .profile because users (normally) have write access to their $HOME directory. So even if you replace all the .profile files every day, users will just remove or rename the file no matter what permissions and ownership you give to .profile (and users will get angry if you blow away their customizations in .profile).

/etc/profile is executed by all POSIX shells including ksh, bash and HP's POSIX shell, and also by the Bourne shell (/usr/old/bin/sh in HP-UX). The man page for each shell gives the details about startup (login).


Bill Hassell, sysadmin
TKeller
Frequent Advisor

Re: how to prevent users logging in more than once?

Yeah, it's rather interesting how a 444 file not owned or group-owned by the user or their group can be overwritten. Kinda defeats the purpose of setting an initial /etc/skel/.profile that gets moved in on a user creation.
It is said you should treat your body like a temple. I treat mine like an amusement park.
Bill Hassell
Honored Contributor

Re: how to prevent users logging in more than once?

Actually, it is basic permission rules for all Unix flavors. A file's contents (only) are protected by the file's permission. But the file's existence (mv or rm) have nothing to do with file permissions. The directory permissions control the existence of the files inside. For a complete answer, you can set the 'sticky' bit for a directory so that only the owner of a file or the owner of the directory can remove or rename a file. But the user's HOME directory needs to owned by the user so that option doesn't work. You'll find the sticky bit often set on /tmp and /var/tmp.


Bill Hassell, sysadmin