Nobody has mentioned it, but there's a real danger that you could wind up unable to administer your system. This is particularly true because the original question referred to the root user.
Suppose something goes wrong with the on allowed root connection. What then? You could even find yourself hitting RESET just to reclaim the ability to administer the system. Not the best result. ++ kevin On Fri, Jan 04, 2002 at 11:18:34AM -0800, Net Llama wrote: > A possibly far less complicated solution (although along the same lines) > is to just have the shell in /etc/passwd changed to /bin/false (or > something equally useless) each time a person logs in, and then changed > back to /bin/bash when they log out. The only problem with this is it > could all go badly if/when a person doesn't logout properly (like the > SSH connection is suddenly dropped etc). > > --- John Hiemenz <[EMAIL PROTECTED]> wrote: > > On Friday 04 January 2002 12:17 pm, Douglas J Hunley wrote : > > > anyone know of any hacks/methods/etc to limit a particular userid to > > only > > > one login at a time? > > > > > > i.e. admin #1 logs in as root to do something, meanwhile admin #2 > > sshes > > > into machine as root to do something, but is not allowed to log in. > > > > > > just trying to keep people from tripping over each other ;) > > > > > > and skip the 'give em seperate accounts' and the 'use su' .. > > > I'm looking for other solutions thanks > > > > I saw a kludge suggestion in the sco group regarding this. > > > > Involved adding some code the the login shell (.bashrc?) that tested > > if user > > was already logged in, and if so, would kick them with a message > > telling them > > root was already active on the system..this was written for SCO > > OpenServer, > > so not all may apply to linux, but anyway.. > > > > http://www.pcunix.com/SCOFAQ/scotec6.html#restrictlogin > > > > Or here it is: > > > > How do I restrict logins? > > > > For some reason, I often get requests to limit users to one login. I > > guess > > the people asking such questions have a reason for wanting to restrict > > logins > > this way. The only way to do it is to add a script to either > > /etc/profile or > > the particular user's .profile that tests to see if this user is > > logged in > > somewhere else. Something like this in /etc/profile will work: > > > > IAM=`who am i | cut -d" " -f1` > > COUNT=`w | cut -d" " -f1 | grep "^$IAM$" | wc -l` > > [ $COUNT -gt 1 ] && exit 0 > > > > > > Similar tricks can restrict a user to a particular tty: > > > > IAM=`who am i | cut -d" " -f1` > > TTY=`tty` > > [ $TTY != "/dev/tty07" ] && [ $IAM = "tony" ] && exit 0 > > > > And then there's always restricting login to root: put this in > > /etc/profile > > > > IAM=`who am i | cut -d" " -f1` > > [ -f /etc/nologin ] && [ $IAM != "root" ] && exit 0 > > > > When you need to restrict logins, just "touch /etc/nologin"; remove it > > when > > the need is over. > > > > You can restrict root to a particular device by adding a line like > > CONSOLE=/dev/tty01 > > > > > > to /etc/default/login (se "man M login"). > > ===== > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > Lonni J. Friedman [EMAIL PROTECTED] > > Linux Step-by-step help: http://netllama.ipfox.com > > . > > __________________________________________________ > Do You Yahoo!? > Send your FREE holiday greetings online! > http://greetings.yahoo.com > _______________________________________________ > Linux-users mailing list > Archives, Digests, etc at http://linux.nf/mailman/listinfo/linux-users -- Kevin O'Gorman (805) 650-6274 mailto:[EMAIL PROTECTED] Permanent e-mail forwarder: mailto:Kevin.O'[EMAIL PROTECTED] At school: mailto:[EMAIL PROTECTED] Web: http://www.cs.ucsb.edu/~kogorman/index.html Web: http://kosmanor.com/~kevin/index.html "Life is short; eat dessert first!" _______________________________________________ Linux-users mailing list Archives, Digests, etc at http://linux.nf/mailman/listinfo/linux-users
