Re: Limit user access to 3 sessions only

MMcNamara · ‎01-14-2003

HP-UX 11.0
I wish to limit user access to a maximum of 3 login sessions each and also allow a small group of user unlimited login access.

I have changed the Number_of_logins_allowed to 3 in /etc/default/security

What else do I need to do ?

eran maor · ‎01-14-2003

Hi

there isnt any param that you can use but i found this metod to do the job .

To restrict multiple logins:

You can prevent a user from logging in multiple times by
placing the following lines in the user's .profile:

# Limit number of logins allowed
Times_allowed=3
Time_in=`who | grep $LOGNAME | wc -l`
if [ $Time_in -gt "$Times_allowed" ]
then
echo "$LOGNAME is already logged in $Times_allowed times!"
exit
exec /bin/login
fi

chmod 444 and chown root .profile

If the user attempts to login while that login name is already in
use, the user will get logged out again. A limited number of multiple
logins can be allowed by changing the times_allowed to the acceptable
number of logins.

love computers

Ken Hubnik_2 · ‎01-14-2003

There is a built-in Terminal Session Manager.TSM

man tsm

Nick Wickens · ‎01-14-2003

The way I did this was to add an entry into the 5th "comment" field of /etc/passwd to indicate the number of logins. In our case we store title, name department and number of logins in this field - for example -
Alan Titchmarch,Mr,IT_TEAM,2

I then have some scripting in a global profile which looks at this field and limits additional logins beyond this figure.

This way you can specify different levels.

The scripting in my global profile is -

#############################################
# Step to limit Shell Logins if fourth field of /etc/passwd
# description field is set to a numeric limit.
# ie fred flintstone,Mr,ROCK_TEAM,2 sets limit to 2 sessions
# NXW - 29/10/01
#############################################
USER=$(whoami)
echo $USER|egrep -q '(informix|dba)'
if [ ! $? -eq 0 ]
then
trap "exec exit" INT
TMPLOG=/tmp/login_limit.tmp
DATE=$(date)
LIMIT=$(grep ^$USER: /etc/passwd|cut -d":" -f5|cut -d"," -f4)
COUNT=$(ps -fu"$USER"|grep "$USER"|grep "\-ksh"|grep -v grep|wc -l)
if [ $LIMIT -o $LIMIT -ne 0 ]
then
if [ $COUNT -gt $LIMIT ]
then
echo "Sorry you are only allowed $LIMIT session(s) - Press Enter \c"
read NOTHING
echo "$DATE - $USER with $COUNT shells active tried to exceed $LIMIT ses
sions" >> $TMPLOG
ps -fu"$USER"|grep "$USER"|grep -v grep >> $TMPLOG
ps -fu"$USER"|grep "$USER"|grep -v grep >> $TMPLOG
exit
fi
fi
fi

Hats ? We don't need no stinkin' hats !!

Sridhar Bhaskarla · ‎01-14-2003

Hi,

I don't think there is any configuration file that can help you with achieving both of them.

I would suggest you create a file with the following configuration

cat /etc/myuser.conf
user1:3
user2:3
user3:2
user4:x

Now append this small check after the "trap" line your /etc/profile

ME=$(whoami)
LOGINS_ALLOWED=$(grep ^$ME /etc/myuser.conf |awk '{FS=":";print $2}')
CURRENT_LOGINS=$(w|grep $ME|wc -l)

if [ "${CURRENT_LOGINS}" -gt "${LOGINS_ALLOWED}" ]
then
clear
echo "You exceeded number of logins"
exit
fi

Write a corresponding c-shell script and put it in /etc/csh.login

You can alter your /etc/myuser.conf for any user for any number of logins.

-Sri

You may be disappointed if you fail, but you are doomed if you don't try

MMcNamara · ‎01-14-2003

Sorry, I may have lead you astray.. I should have said -> I wish to limit users access - not just one user....
What I want is the default login sessions to be 3 for almost all users and a small number of users with unlimited access.

Thanks,

Sridhar Bhaskarla · ‎01-14-2003

Corrections ..

ME=$(whoami)

grep "^$ME" /etc/myuser.conf > /dev/null 2>&1

if [ $? = 0 ]
then
LOGINS_ALLOWED=$(grep ^$ME /etc/myuser.conf |awk '{FS=":";print $2}')

CURRENT_LOGINS=$(w|grep $ME|wc -l)

if [ "${CURRENT_LOGINS}" -gt "${LOGINS_ALLOWED}" ]
then
clear
echo "You exceeded number of logins"
exit
fi

-Sri

You may be disappointed if you fail, but you are doomed if you don't try

Ken Hubnik_2 · ‎01-14-2003

In the config file for TSM you can specify the number of session a user can have when they login.

Jose Mosquera · ‎01-14-2003

Hi,

Definition in /etc/default/security file must be in caps, i.e:

NUMBER_OF_LOGINS_ALLOWED=3

This apply forn no-root users (su excluded)

Rgds.

Jose Mosquera · ‎01-14-2003

Hi Again,

Have you installed PHCO_26089 patch (or replacement if superceeded) in your box?

Rgds.

Nick Wickens · ‎01-15-2003

My answer above will let you specify different number of login sessions on a user by user basis but you will need to amend to according to what shell you use etc.

Hats ? We don't need no stinkin' hats !!

Pete Randall · ‎01-15-2003

Nick's got the answer for you - the only thing I would suggest is to use pwget to access the password info - see man pwget(1).

Pete

Pete

Dietmar Konermann · ‎01-15-2003

... and the suid bit should be removed from /usr/bin/chfn.

:-) Dietmar.

"Logic is the beginning of wisdom; not the end." -- Spock (Star Trek VI: The Undiscovered Country)

MMcNamara · ‎01-15-2003

Hi all,

Thanks for all the replies..
I have decided to go with Nick's advice and change the password file to include a user limit against each user and add the script to
our common login profile.

On a side issue - does anyone think this will
slow down a user login process and lead to greater password file administration ?

Original issue closed.

Dietmar Konermann · ‎01-15-2003

BTW, I was not joking... a user can use chfn(1) to change his comment field in /etc/passwd. Its no problem to modify the addtl. 5th field with it.

"Logic is the beginning of wisdom; not the end." -- Spock (Star Trek VI: The Undiscovered Country)

Sridhar Bhaskarla · ‎01-15-2003

Hi,

I would not suggest using /etc/passwd as the GECOS field is modifiable by the user.

Use your own configuration file as I indicated. You can configure it only for the users that you want to put restrictions on.

-Sri

You may be disappointed if you fail, but you are doomed if you don't try

Jose Mosquera · ‎01-15-2003

Hi again,

I think that this is due to the deficiency of a patch, on 11.0 you must install PHCO_27721

Look a symtom solved by this patch:

When the maximum number of logins to the system allowed for each user is specified by the NUMBER_OF_LOGINS_ALLOWED field in the /etc/default/security file, users whose names are longer than 4 bytes are treated as the same user if the first 4 bytes of the user names are identical.

Rgds.

M.sureshkumar · ‎02-09-2004

I work on hp-ux 10.20.

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: Limit user access to 3 sessions only

Limit user access to 3 sessions only