forced logout for a user based on certain condition

I want through shell programing, when the user login, if certain conditions are not true, then the user is not allowed to login and automatically logout

In dotprofile (.profile) of the particular login, I execute a small file
which contains shell commands.  when the user login, the file from .profile is executed but when the conditions are false, still the system comes to dollor($) prompt of the login, thereby allowing the user to continue his work.  

I have used EXIT command to automatic logout in my shell programming file.  But the EXIT command only exit from that program but does not logout the user.

How to logout the user automatically when he login and certain login conditions are fail.



lingamgrAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

glassdCommented:
You must do the tests in .profile. If you run the tests in a separate script, then return a value and get .profile to exit dependant on the return value.

If this still does not work, try putting the tests into /etc/profile (or similar, depends on OS version). This is read before the user's .profile. An exit command in here should log the user out again. I have used this method successfully on Irix.

0
rishiskCommented:
Though I agree that glassd's solution is an elegant one, it is possible to logout using the kill command like follows

--------------
File .profile
-------------
#Invoke your script preferably at the last line of the .profile. Here $$ stands for the current process id, which will be passed as an argument to the validate.sh
validate.sh $$

--------------------
File validate.sh
--------------------
#Store the parent process id in a variable as the first line
parent_id=$1

#Validate your condition here at the end and call the kill command if the condition fails, in the following order to ensure the parent gets killed before the current process.
kill -9 $parent_id $$
0
glassdCommented:
The method proposed by rishisk is, perhaps, quite a neat way of doing the same thing.

Yet another is to kill the login session itself. for example in Solaris:

   pkill dtsession

should kill the dtsession process, which is your current session, and put you back to the login screen.

Spoilt for choice.
0
Cloud Class® Course: Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

TintinCommented:
What Unix flavour are you using?

On Solaris, if the file /etc/nologin exists, only root can login.

On Redhat (and possibly other Linux distributions), you can use the file /etc/nologin.txt, which you can enter in some text to display before the user is logged off.

You'd be best to use a standard system way of implementing it, if available on your system, rather then inventing your own method.
0
yuzhCommented:
in the .profile, if you put

/path-to/you-little-script

it will not work, because exit only effect the shell of you-little-script

if you do
. /path-to/you-little-script

that's dot SPACE /path-to/you-little-script, will work for you.
0
elfieCommented:
The best way forwrda is that you replace the login shell by a script. So instead of starting up ksh, csh, bash, ... you start up a script.

in this script you do all your testing, and once access igranted you perfomr an
'exec your-shell'.

This way users can't sheat  and the admin has total control on which users can login.

This way you don't need an exit command, in case users may not logon, the initial script just stops.

If you put all the tests in the .profile, the users can modify these, because they -normally- have full control over the .profile
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
liddlerCommented:
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question is:

Answered by elfie

Please leave any comments here within the next seven days.

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

liddler
EE Cleanup Volunteer
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
System Programming

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.