Solved

forced logout for a user based on certain condition

Posted on 2003-10-31
8
414 Views
Last Modified: 2013-12-26
I want through shell programing, when the user login, if certain conditions are not true, then the user is not allowed to login and automatically logout

In dotprofile (.profile) of the particular login, I execute a small file
which contains shell commands.  when the user login, the file from .profile is executed but when the conditions are false, still the system comes to dollor($) prompt of the login, thereby allowing the user to continue his work.  

I have used EXIT command to automatic logout in my shell programming file.  But the EXIT command only exit from that program but does not logout the user.

How to logout the user automatically when he login and certain login conditions are fail.



0
Comment
Question by:lingamgr
8 Comments
 
LVL 7

Expert Comment

by:glassd
ID: 9657253
You must do the tests in .profile. If you run the tests in a separate script, then return a value and get .profile to exit dependant on the return value.

If this still does not work, try putting the tests into /etc/profile (or similar, depends on OS version). This is read before the user's .profile. An exit command in here should log the user out again. I have used this method successfully on Irix.

0
 

Expert Comment

by:rishisk
ID: 9660432
Though I agree that glassd's solution is an elegant one, it is possible to logout using the kill command like follows

--------------
File .profile
-------------
#Invoke your script preferably at the last line of the .profile. Here $$ stands for the current process id, which will be passed as an argument to the validate.sh
validate.sh $$

--------------------
File validate.sh
--------------------
#Store the parent process id in a variable as the first line
parent_id=$1

#Validate your condition here at the end and call the kill command if the condition fails, in the following order to ensure the parent gets killed before the current process.
kill -9 $parent_id $$
0
 
LVL 7

Expert Comment

by:glassd
ID: 9661458
The method proposed by rishisk is, perhaps, quite a neat way of doing the same thing.

Yet another is to kill the login session itself. for example in Solaris:

   pkill dtsession

should kill the dtsession process, which is your current session, and put you back to the login screen.

Spoilt for choice.
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 48

Expert Comment

by:Tintin
ID: 9661867
What Unix flavour are you using?

On Solaris, if the file /etc/nologin exists, only root can login.

On Redhat (and possibly other Linux distributions), you can use the file /etc/nologin.txt, which you can enter in some text to display before the user is logged off.

You'd be best to use a standard system way of implementing it, if available on your system, rather then inventing your own method.
0
 
LVL 38

Expert Comment

by:yuzh
ID: 9662895
in the .profile, if you put

/path-to/you-little-script

it will not work, because exit only effect the shell of you-little-script

if you do
. /path-to/you-little-script

that's dot SPACE /path-to/you-little-script, will work for you.
0
 
LVL 3

Accepted Solution

by:
elfie earned 50 total points
ID: 9685568
The best way forwrda is that you replace the login shell by a script. So instead of starting up ksh, csh, bash, ... you start up a script.

in this script you do all your testing, and once access igranted you perfomr an
'exec your-shell'.

This way users can't sheat  and the admin has total control on which users can login.

This way you don't need an exit command, in case users may not logon, the initial script just stops.

If you put all the tests in the .profile, the users can modify these, because they -normally- have full control over the .profile
0
 
LVL 18

Expert Comment

by:liddler
ID: 10191622
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question is:

Answered by elfie

Please leave any comments here within the next seven days.

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

liddler
EE Cleanup Volunteer
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
cat dog challenge 18 122
Process filename extension 3 156
no14 challenge 14 57
Path of Workbook 3 45
Here is how to use MFC's automatic Radio Button handling in your dialog boxes and forms.  Beginner programmers usually start with a OnClick handler for each radio button and that's just not the right way to go.  MFC has a very cool system for handli…
Introduction: Dialogs (1) modal - maintaining the database. Continuing from the ninth article about sudoku.   You might have heard of modal and modeless dialogs.  Here with this Sudoku application will we use one of each type: a modal dialog …
This video will show you how to get GIT to work in Eclipse.   It will walk you through how to install the EGit plugin in eclipse and how to checkout an existing repository.
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now