How to prevent a user from logging in multiple times

atorex
atorex used Ask the Experts™
on
I have a SLES 9 system deployed in over 700 machines with a default user account that auto starts an application, the issue we are having is that this application locks some files and we have found that users are starting a new session with the default user account and causing issues with the application as it auto starts.
I need to disable the default user from starting multiple sessions, how can I do this, what file holds this configuration?
I need to be able to change this file and deploy to all 700 and so machines.

Thanks for any help provided.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
This sounds like something that needs to be fixed inside the application, itself.
There should be something in the session management that checks if it is being started by the default user and is not the startup script of the application. If the session management is a different process from the start-up, it should just fail to start a session if the user is the default user.

Commented:
If you have no control on fixing the application, perhaps the script that starts this application automatically (presumably in the .login or .bashrc or somewhere there) can be modified to check whether the application was started already by that user, and if so, send a warning message and then log out.

To give more detail, we'd need to know more about your setup.
Hugh FraserConsultant

Commented:
You can limit the number of concurrent logins for the particular user if that's what you're asking. The file is /etc/security/limits.conf, and it can be used to limit several things. This file is used by the pam_limits.so module when the user logs in.
Should you be charging more for IT Services?

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Author

Commented:
I have made such change to the application however the users don't understand what is going on and assume its the default session causing dozens of support desk calls when the app doesn't start.

hfraser- you are correct this is what I'm looking for, I will get this tested in the morning, thanks.

Author

Commented:
below is the line I have added to the file however I can still log in twice simultaneously what am I missing?

postal              hard    maxlogins       1
is the application using pam to login?

Author

Commented:
I don't really know is there a way to validate if it is or not?
Hugh FraserConsultant

Commented:
Is the application automatically launched when the user logs in using the default account (that's the way I read your question)? If so, we're heading down the correct path, since PAM is used for most forms of system authentication. If, on the other hand, users log in and then launch the application manually, the PAM step has already happened.

If PAM is a workable solution, you might also need to include the pam_limits.so module in the pam configuration, or it won't have any effect. In the /etc/pam.d/system-auth file, you should see a line like:

session     required      pam_limits.so

The limit is enforced in the creation of the session.

Author

Commented:
ok, you are correct, the system auto log in the default user and auto starts the application, I do think your suggestion is the correct course of action however I;m not familiar with such configuration. now in the /etc/pam.d/ directory I don't have a system-auth file I do have a login file that contains the below
the line exists in this file, do I need to create a system-auth file???


#%PAM-1.0
auth requisite  pam_unix2.so    nullok         #set_secrpc
auth required   pam_securetty.so
auth required   pam_nologin.so
#auth    required       pam_homecheck.so
auth required   pam_env.so
auth required   pam_mail.so
account required        pam_unix2.so
password required       pam_pwcheck.so  nullok
password required       pam_unix2.so    nullok use_first_pass use_authtok
session required        pam_unix2.so    none         # debug or trace
session required        pam_limits.so
Most Valuable Expert 2013
Top Expert 2013

Commented:
Why log in the default user at all?
Wouldn't it be better to create a startup script in /etc/init.d (or whatever place/method your system uses) containing something like
su - defaultuser -c "/path/to/application/startup/script"
This way the application will be started under the credentials of defaultuser without the need for a login, thus you can now either disable login for that user at all, or take the startup code out of the user's initialization profile (.profile, .cshrc or whatever).
wmp

Author

Commented:
Clarification, the user is a user created for the auto-login this system is a register system POS, where the application that loads is a POS (cash Register application) the system is set-up this way so it logs in and loads the register application  and all that is used is this application and web-browser which is launched by the register application. So I cant change this process all I need to do is stop the POS user from logging in multiple times simultaneously I need it to be limited to one log in on that system at one time. What hfraser presented is exactly the concept I need  but I have not been able to have it work as indicated.
Hugh FraserConsultant

Commented:
Different versions of Linux group the pam config files differently. Yours should be OK. But realize that it's not going to return a "Too many logins" or some similar message to the users. It will simply fail to start.

If you want something a bit more user-friendly, you could include in the login script a simple script like the following:

if [ `who | grep default | wc -l` -gt 3 ]; then
   dialog --textbox too_many_users.txt 5 30
   logout
fi

The file too_man_users.txt contains the text you want to display to the user, such as:

   Sorry. There are too many users logged on now

Change the argument passed to "wc" to the number of concurrent users the app can support. As it stands, this will allow 3 "default" users at the same time.
Commented:
OK, I have the solution using DCOPserver, what I need is help creating a script that will execute each time the user tries a log in to a session this is what I have.
From a KDE standpoint, you can look at a few things with dcop.          
If more than one user is logged into KDE, you could see it via the  
dcop --list-sessions --user user                                    
  Active sessions for user /home/user :                              
    .DCOPserver_x345-2__1                                              
    .DCOPserver_x345-2__2                                              
.                                                                      
In the above case, you can see that I have 2 users logged into KDE.    
If I want the first session for the user logged out, I can run      
dcop --user user --session .DCOPserver_x345-2__1 ksmserver default lo
gout 0 0 -1                                                            
.                                                                      
Now, if I put this in a script inside /home/user/.kde/Autostart/    
and make it excutible, and if there are more than one sessions for the  
user, I call the above command to force the logout of the __2 session
This check is performed at every login of the user and when a second
login is performed, the user is prevented to do so, what I need is help with a basic script that could run dcop --list-sessions --user user then if more then one exists I actually would rather echo a message to the user like "User is already logged in"  is this something I can get help with here or do I need a new post?

Author

Commented:
closing

Author

Commented:
No other impute has been provided

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial