Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

forced logout for a user based on certain condition

Posted on 2003-10-31
8
417 Views
Last Modified: 2013-12-26
I want through shell programing, when the user login, if certain conditions are not true, then the user is not allowed to login and automatically logout

In dotprofile (.profile) of the particular login, I execute a small file
which contains shell commands.  when the user login, the file from .profile is executed but when the conditions are false, still the system comes to dollor($) prompt of the login, thereby allowing the user to continue his work.  

I have used EXIT command to automatic logout in my shell programming file.  But the EXIT command only exit from that program but does not logout the user.

How to logout the user automatically when he login and certain login conditions are fail.



0
Comment
Question by:lingamgr
8 Comments
 
LVL 7

Expert Comment

by:glassd
ID: 9657253
You must do the tests in .profile. If you run the tests in a separate script, then return a value and get .profile to exit dependant on the return value.

If this still does not work, try putting the tests into /etc/profile (or similar, depends on OS version). This is read before the user's .profile. An exit command in here should log the user out again. I have used this method successfully on Irix.

0
 

Expert Comment

by:rishisk
ID: 9660432
Though I agree that glassd's solution is an elegant one, it is possible to logout using the kill command like follows

--------------
File .profile
-------------
#Invoke your script preferably at the last line of the .profile. Here $$ stands for the current process id, which will be passed as an argument to the validate.sh
validate.sh $$

--------------------
File validate.sh
--------------------
#Store the parent process id in a variable as the first line
parent_id=$1

#Validate your condition here at the end and call the kill command if the condition fails, in the following order to ensure the parent gets killed before the current process.
kill -9 $parent_id $$
0
 
LVL 7

Expert Comment

by:glassd
ID: 9661458
The method proposed by rishisk is, perhaps, quite a neat way of doing the same thing.

Yet another is to kill the login session itself. for example in Solaris:

   pkill dtsession

should kill the dtsession process, which is your current session, and put you back to the login screen.

Spoilt for choice.
0
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
LVL 48

Expert Comment

by:Tintin
ID: 9661867
What Unix flavour are you using?

On Solaris, if the file /etc/nologin exists, only root can login.

On Redhat (and possibly other Linux distributions), you can use the file /etc/nologin.txt, which you can enter in some text to display before the user is logged off.

You'd be best to use a standard system way of implementing it, if available on your system, rather then inventing your own method.
0
 
LVL 38

Expert Comment

by:yuzh
ID: 9662895
in the .profile, if you put

/path-to/you-little-script

it will not work, because exit only effect the shell of you-little-script

if you do
. /path-to/you-little-script

that's dot SPACE /path-to/you-little-script, will work for you.
0
 
LVL 3

Accepted Solution

by:
elfie earned 50 total points
ID: 9685568
The best way forwrda is that you replace the login shell by a script. So instead of starting up ksh, csh, bash, ... you start up a script.

in this script you do all your testing, and once access igranted you perfomr an
'exec your-shell'.

This way users can't sheat  and the admin has total control on which users can login.

This way you don't need an exit command, in case users may not logon, the initial script just stops.

If you put all the tests in the .profile, the users can modify these, because they -normally- have full control over the .profile
0
 
LVL 18

Expert Comment

by:liddler
ID: 10191622
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question is:

Answered by elfie

Please leave any comments here within the next seven days.

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

liddler
EE Cleanup Volunteer
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This is to be the first in a series of articles demonstrating the development of a complete windows based application using the MFC classes.  I’ll try to keep each article focused on one (or a couple) of the tasks that one may meet.   Introductio…
Introduction: Displaying information on the statusbar.   Continuing from the third article about sudoku.   Open the project in visual studio. Status bar – let’s display the timestamp there.  We need to get the timestamp from the document s…
This video will show you how to get GIT to work in Eclipse.   It will walk you through how to install the EGit plugin in eclipse and how to checkout an existing repository.

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question