Solved

forced logout for a user based on certain condition

Posted on 2003-10-31
8
416 Views
Last Modified: 2013-12-26
I want through shell programing, when the user login, if certain conditions are not true, then the user is not allowed to login and automatically logout

In dotprofile (.profile) of the particular login, I execute a small file
which contains shell commands.  when the user login, the file from .profile is executed but when the conditions are false, still the system comes to dollor($) prompt of the login, thereby allowing the user to continue his work.  

I have used EXIT command to automatic logout in my shell programming file.  But the EXIT command only exit from that program but does not logout the user.

How to logout the user automatically when he login and certain login conditions are fail.



0
Comment
Question by:lingamgr
8 Comments
 
LVL 7

Expert Comment

by:glassd
ID: 9657253
You must do the tests in .profile. If you run the tests in a separate script, then return a value and get .profile to exit dependant on the return value.

If this still does not work, try putting the tests into /etc/profile (or similar, depends on OS version). This is read before the user's .profile. An exit command in here should log the user out again. I have used this method successfully on Irix.

0
 

Expert Comment

by:rishisk
ID: 9660432
Though I agree that glassd's solution is an elegant one, it is possible to logout using the kill command like follows

--------------
File .profile
-------------
#Invoke your script preferably at the last line of the .profile. Here $$ stands for the current process id, which will be passed as an argument to the validate.sh
validate.sh $$

--------------------
File validate.sh
--------------------
#Store the parent process id in a variable as the first line
parent_id=$1

#Validate your condition here at the end and call the kill command if the condition fails, in the following order to ensure the parent gets killed before the current process.
kill -9 $parent_id $$
0
 
LVL 7

Expert Comment

by:glassd
ID: 9661458
The method proposed by rishisk is, perhaps, quite a neat way of doing the same thing.

Yet another is to kill the login session itself. for example in Solaris:

   pkill dtsession

should kill the dtsession process, which is your current session, and put you back to the login screen.

Spoilt for choice.
0
Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

 
LVL 48

Expert Comment

by:Tintin
ID: 9661867
What Unix flavour are you using?

On Solaris, if the file /etc/nologin exists, only root can login.

On Redhat (and possibly other Linux distributions), you can use the file /etc/nologin.txt, which you can enter in some text to display before the user is logged off.

You'd be best to use a standard system way of implementing it, if available on your system, rather then inventing your own method.
0
 
LVL 38

Expert Comment

by:yuzh
ID: 9662895
in the .profile, if you put

/path-to/you-little-script

it will not work, because exit only effect the shell of you-little-script

if you do
. /path-to/you-little-script

that's dot SPACE /path-to/you-little-script, will work for you.
0
 
LVL 3

Accepted Solution

by:
elfie earned 50 total points
ID: 9685568
The best way forwrda is that you replace the login shell by a script. So instead of starting up ksh, csh, bash, ... you start up a script.

in this script you do all your testing, and once access igranted you perfomr an
'exec your-shell'.

This way users can't sheat  and the admin has total control on which users can login.

This way you don't need an exit command, in case users may not logon, the initial script just stops.

If you put all the tests in the .profile, the users can modify these, because they -normally- have full control over the .profile
0
 
LVL 18

Expert Comment

by:liddler
ID: 10191622
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question is:

Answered by elfie

Please leave any comments here within the next seven days.

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

liddler
EE Cleanup Volunteer
0

Featured Post

ScreenConnect 6.0 Free Trial

At ScreenConnect, partner feedback doesn't fall on deaf ears. We collected partner suggestions off of their virtual wish list and transformed them into one game-changing release: ScreenConnect 6.0. Explore all of the extras and enhancements for yourself!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
not able to insert into temp table 68 162
modThree challenge 4 90
tripleUp challenge 7 78
ShiftLeft challenge 21 80
Introduction: Displaying information on the statusbar.   Continuing from the third article about sudoku.   Open the project in visual studio. Status bar – let’s display the timestamp there.  We need to get the timestamp from the document s…
Introduction: Ownerdraw of the grid button.  A singleton class implentation and usage. Continuing from the fifth article about sudoku.   Open the project in visual studio. Go to the class view – CGridButton should be visible as a class.  R…
This video will show you how to get GIT to work in Eclipse.   It will walk you through how to install the EGit plugin in eclipse and how to checkout an existing repository.
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question