Solved

forced logout for a user based on certain condition

Posted on 2003-10-31
8
418 Views
Last Modified: 2013-12-26
I want through shell programing, when the user login, if certain conditions are not true, then the user is not allowed to login and automatically logout

In dotprofile (.profile) of the particular login, I execute a small file
which contains shell commands.  when the user login, the file from .profile is executed but when the conditions are false, still the system comes to dollor($) prompt of the login, thereby allowing the user to continue his work.  

I have used EXIT command to automatic logout in my shell programming file.  But the EXIT command only exit from that program but does not logout the user.

How to logout the user automatically when he login and certain login conditions are fail.



0
Comment
Question by:lingamgr
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 7

Expert Comment

by:glassd
ID: 9657253
You must do the tests in .profile. If you run the tests in a separate script, then return a value and get .profile to exit dependant on the return value.

If this still does not work, try putting the tests into /etc/profile (or similar, depends on OS version). This is read before the user's .profile. An exit command in here should log the user out again. I have used this method successfully on Irix.

0
 

Expert Comment

by:rishisk
ID: 9660432
Though I agree that glassd's solution is an elegant one, it is possible to logout using the kill command like follows

--------------
File .profile
-------------
#Invoke your script preferably at the last line of the .profile. Here $$ stands for the current process id, which will be passed as an argument to the validate.sh
validate.sh $$

--------------------
File validate.sh
--------------------
#Store the parent process id in a variable as the first line
parent_id=$1

#Validate your condition here at the end and call the kill command if the condition fails, in the following order to ensure the parent gets killed before the current process.
kill -9 $parent_id $$
0
 
LVL 7

Expert Comment

by:glassd
ID: 9661458
The method proposed by rishisk is, perhaps, quite a neat way of doing the same thing.

Yet another is to kill the login session itself. for example in Solaris:

   pkill dtsession

should kill the dtsession process, which is your current session, and put you back to the login screen.

Spoilt for choice.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 48

Expert Comment

by:Tintin
ID: 9661867
What Unix flavour are you using?

On Solaris, if the file /etc/nologin exists, only root can login.

On Redhat (and possibly other Linux distributions), you can use the file /etc/nologin.txt, which you can enter in some text to display before the user is logged off.

You'd be best to use a standard system way of implementing it, if available on your system, rather then inventing your own method.
0
 
LVL 38

Expert Comment

by:yuzh
ID: 9662895
in the .profile, if you put

/path-to/you-little-script

it will not work, because exit only effect the shell of you-little-script

if you do
. /path-to/you-little-script

that's dot SPACE /path-to/you-little-script, will work for you.
0
 
LVL 3

Accepted Solution

by:
elfie earned 50 total points
ID: 9685568
The best way forwrda is that you replace the login shell by a script. So instead of starting up ksh, csh, bash, ... you start up a script.

in this script you do all your testing, and once access igranted you perfomr an
'exec your-shell'.

This way users can't sheat  and the admin has total control on which users can login.

This way you don't need an exit command, in case users may not logon, the initial script just stops.

If you put all the tests in the .profile, the users can modify these, because they -normally- have full control over the .profile
0
 
LVL 18

Expert Comment

by:liddler
ID: 10191622
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question is:

Answered by elfie

Please leave any comments here within the next seven days.

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

liddler
EE Cleanup Volunteer
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
sameEnds challenge 3 187
JQuery serialize and unserialize 8 184
"Black Box" Testing of Control System Software 2 90
Increment column based of a FK 8 48
Here is how to use MFC's automatic Radio Button handling in your dialog boxes and forms.  Beginner programmers usually start with a OnClick handler for each radio button and that's just not the right way to go.  MFC has a very cool system for handli…
This is to be the first in a series of articles demonstrating the development of a complete windows based application using the MFC classes.  I’ll try to keep each article focused on one (or a couple) of the tasks that one may meet.   Introductio…
This video will show you how to get GIT to work in Eclipse.   It will walk you through how to install the EGit plugin in eclipse and how to checkout an existing repository.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question